source: branches/5.0.x/docs/contents/changelog.rst @ 926

Last change on this file since 926 was 926, checked in by cito, 21 months ago

Use-after-free bug in query function implementation

  • Property svn:keywords set to Author Date Id Revision
File size: 27.3 KB
4Version 5.0.5 (to be released)
6- The memory for the string with the number of rows affected by a classic pg
7  module query() was already freed (bug report and fix by Peifeng Qiu).
9Version 5.0.4 (2017-07-23)
11- This version officially supports the new Python 3.6 and PostgreSQL 9.6.
12- query_formatted() can now be used without parameters.
13- The automatic renaming of columns that are invalid as field names of
14  named tuples now works more accurately in Python 2.6 and 3.0.
15- Fixed error checks for unlink() and export() methods of large objects
16  (bug report by Justin Pryzby).
17- Fixed a compilation issue under OS X (bug report by Josh Johnston).
19Version 5.0.3 (2016-12-10)
21- It is now possible to use a custom array cast function by changing
22  the type caster for the 'anyarray' type.  For instance, by calling
23  set_typecast('anyarray', lambda v, c: v) you can have arrays returned
24  as strings instead of lists.  Note that in the pg module, you can also
25  call set_array(False) in order to return arrays as strings.
26- The namedtuple classes used for the rows of query results are now cached
27  and reused internally, since creating namedtuples classes in Python is a
28  somewhat expensive operation.  By default the cache has a size of 1024
29  entries, but this can be changed with the set_row_factory_size() function.
30  In certain cases this change can notably improve the performance.
31- The namedresult() method in the classic API now also tries to rename
32  columns that would result in invalid field names.
34Version 5.0.2 (2016-09-13)
36- Fixed an infinite recursion problem in the DB wrapper class of the classic
37  module that could occur when the underlying connection could not be properly
38  opened (bug report by Justin Pryzby).
40Version 5.0.1 (2016-08-18)
42- The update() and delete() methods of the DB wrapper now use the OID instead
43  of the primary key if both are provided. This restores backward compatibility
44  with PyGreSQL 4.x and allows updating the primary key itself if an OID exists.
45- The connect() function of the DB API 2.0 module now accepts additional keyword
46  parameters such as "application_name" which will be passed on to PostgreSQL.
47- PyGreSQL now adapts some queries to be able to access older PostgreSQL 8.x
48  databases (as suggested on the mailing list by Andres Mejia). However, these
49  old versions of PostgreSQL are not officially supported and tested any more.
50- Fixed an issue with Postgres types that have an OID >= 0x80000000 (reported
51  on the mailing list by Justin Pryzby).
52- Allow extra values that are not used in the command in the parameter dict
53  passed to the query_formatted() method (as suggested by Justin Pryzby).
54- Improved handling of empty arrays in the classic module.
55- Unused classic connections were not properly garbage collected which could
56  cause memory leaks (reported by Justin Pryzby).
57- Made C extension compatible with MSVC 9 again (this was needed to compile for
58  Python 2 on Windows).
60Version 5.0 (2016-03-20)
62- This version now runs on both Python 2 and Python 3.
63- The supported versions are Python 2.6 to 2.7, and 3.3 to 3.5.
64- PostgreSQL is supported in all versions from 9.0 to 9.5.
65- Changes in the classic PyGreSQL module (pg):
66    - The classic interface got two new methods get_as_list() and get_as_dict()
67      returning a database table as a Python list or dict. The amount of data
68      returned can be controlled with various parameters.
69    - A method upsert() has been added to the DB wrapper class that utilizes
70      the "upsert" feature that is new in PostgreSQL 9.5. The new method nicely
71      complements the existing get/insert/update/delete() methods.
72    - When using insert/update/upsert(), you can now pass PostgreSQL arrays as
73      lists and PostgreSQL records as tuples in the classic module.
74    - Conversely, when the query method returns a PostgreSQL array, it is passed
75      to Python as a list. PostgreSQL records are converted to named tuples as
76      well, but only if you use one of the get/insert/update/delete() methods.
77      PyGreSQL uses a new fast built-in parser to achieve this.  The automatic
78      conversion of arrays to lists can be disabled with set_array(False).
79    - The pkey() method of the classic interface now returns tuples instead
80      of frozenset. The order of the tuples is like in the primary key index.
81    - Like the DB-API 2 module, the classic module now also returns bool values
82      from the database as Python bool objects instead of strings.  You can
83      still restore the old behavior by calling set_bool(False).
84    - Like the DB-API 2 module, the classic module now also returns bytea
85      data fetched from the database as byte strings, so you don't need to
86      call unescape_bytea() any more.  This has been made configurable though,
87      and you can restore the old behavior by calling set_bytea_escaped(True).
88    - A method set_jsondecode() has been added for changing or removing the
89      function that automatically decodes JSON data coming from the database.
90      By default, decoding JSON is now enabled and uses the decoder function
91      in the standard library with its default parameters.
92    - The table name that is affixed to the name of the OID column returned
93      by the get() method of the classic interface will not automatically
94      be fully qualified any more. This reduces overhead from the interface,
95      but it means you must always write the table name in the same way when
96      you call the methods using it and you are using tables with OIDs.
97      Also, OIDs are now only used when access via primary key is not possible.
98      Note that OIDs are considered deprecated anyway, and they are not created
99      by default any more in PostgreSQL 8.1 and later.
100    - The internal caching and automatic quoting of class names in the classic
101      interface has been simplified and improved, it should now perform better
102      and use less memory. Also, overhead for quoting values in the DB wrapper
103      methods has been reduced and security has been improved by passing the
104      values to libpq separately as parameters instead of inline.
105    - It is now possible to use regular type names instead of the simpler
106      type names that are used by default in PyGreSQL, without breaking any
107      of the mechanisms for quoting and typecasting, which rely on the type
108      information. This is achieved while maintaining simplicity and backward
109      compatibility by augmenting the type name string objects with all the
110      necessary information under the cover. To switch regular type names on
111      or off (this is the default), call the DB wrapper method use_regtypes().
112    - A new method query_formatted() has been added to the DB wrapper class
113      that allows using the format specifications from Python.  A flag "inline"
114      can be set to specify whether parameters should be sent to the database
115      separately or formatted into the SQL.
116    - A new type helper Bytea() has been added.
117- Changes in the DB-API 2 module (pgdb):
118    - The DB-API 2 module now always returns result rows as named tuples
119      instead of simply lists as before. The documentation explains how
120      you can restore the old behavior or use custom row objects instead.
121    - The names of the various classes used by the classic and DB-API 2
122      modules have been renamed to become simpler, more intuitive and in
123      line with the names used in the DB-API 2 documentation.
124      Since the API provides only objects of these types through constructor
125      functions, this should not cause any incompatibilities.
126    - The DB-API 2 module now supports the callproc() cursor method. Note
127      that output parameters are currently not replaced in the return value.
128    - The DB-API 2 module now supports copy operations between data streams
129      on the client and database tables via the COPY command of PostgreSQL.
130      The cursor method copy_from() can be used to copy data from the database
131      to the client, and the cursor method copy_to() can be used to copy data
132      from the client to the database.
133    - The 7-tuples returned by the description attribute of a pgdb cursor
134      are now named tuples, i.e. their elements can be also accessed by name.
135      The column names and types can now also be requested through the
136      colnames and coltypes attributes, which are not part of DB-API 2 though.
137      The type_code provided by the description attribute is still equal to
138      the PostgreSQL internal type name, but now carries some more information
139      in additional attributes. The size, precision and scale information that
140      is part of the description is now properly set for numeric types.
141    - If you pass a Python list as one of the parameters to a DB-API 2 cursor,
142      it is now automatically bound using an ARRAY constructor. If you pass a
143      Python tuple, it is bound using a ROW constructor. This is useful for
144      passing records as well as making use of the IN syntax.
145    - Inversely, when a fetch method of a DB-API 2 cursor returns a PostgreSQL
146      array, it is passed to Python as a list, and when it returns a PostgreSQL
147      composite type, it is passed to Python as a named tuple. PyGreSQL uses
148      a new fast built-in parser to achieve this. Anonymous composite types are
149      also supported, but yield only an ordinary tuple containing text strings.
150    - New type helpers Interval() and Uuid() have been added.
151    - The connection has a new attribute "closed" that can be used to check
152      whether the connection is closed or broken.
153    - SQL commands are always handled as if they include parameters, i.e.
154      literal percent signs must always be doubled. This consistent behavior
155      is necessary for using pgdb with wrappers like SQLAlchemy.
156    - PyGreSQL 5.0 will be supported as a database driver by SQLAlchemy 1.1.
157- Changes concerning both modules:
158    - PyGreSQL now tries to raise more specific and appropriate subclasses of
159      DatabaseError than just ProgrammingError. Particularly, when database
160      constraints are violated, it raises an IntegrityError now.
161    - The modules now provide get_typecast() and set_typecast() methods
162      allowing to control the typecasting on the global level.  The connection
163      objects have got type caches with the same methods which give control
164      over the typecasting on the level of the current connection.
165      See the documentation on details about the type cache and the typecast
166      mechanisms provided by PyGreSQL.
167    - Dates, times, timestamps and time intervals are now returned as the
168      corresponding Python objects from the datetime module of the standard
169      library.  In earlier versions of PyGreSQL they had been returned as
170      strings.  You can restore the old behavior by deactivating the respective
171      typecast functions, e.g. set_typecast('date', str).
172    - PyGreSQL now support the "uuid" data type, converting such columns
173      automatically to and from Python uuid.UUID objects.
174    - PyGreSQL now supports the "hstore" data type, converting such columns
175      automatically to and from Python dictionaries.  If you want to insert
176      Python objects as JSON data using DB-API 2, you should wrap them in the
177      new HStore() type constructor as a hint to PyGreSQL.
178    - PyGreSQL now supports the "json" and "jsonb" data types, converting such
179      columns automatically to and from Python objects. If you want to insert
180      Python objects as JSON data using DB-API 2, you should wrap them in the
181      new Json() type constructor as a hint to PyGreSQL.
182    - A new type helper Literal() for inserting parameters literally as SQL
183      has been added.  This is useful for table names, for instance.
184    - Fast parsers cast_array(), cast_record() and cast_hstore for the input
185      and output syntax for PostgreSQL arrays, composite types and the hstore
186      type have been added to the C extension module. The array parser also
187      allows using multi-dimensional arrays with PyGreSQL.
188    - The tty parameter and attribute of database connections has been
189      removed since it is not supported any more since PostgreSQL 7.4.
191Version 4.2.2 (2016-03-18)
193- The get_relations() and get_tables() methods now also return system views
194  and tables if you set the optional "system" parameter to True.
195- Fixed a regression when using temporary tables with DB wrapper methods
196  (thanks to Patrick TJ McPhee for reporting).
198Version 4.2.1 (2016-02-18)
200- Fixed a small bug when setting the notice receiver.
201- Some more minor fixes and re-packaging with proper permissions.
203Version 4.2 (2016-01-21)
205- The supported Python versions are 2.4 to 2.7.
206- PostgreSQL is supported in all versions from 8.3 to 9.5.
207- Set a better default for the user option "escaping-funcs".
208- Force build to compile with no errors.
209- New methods get_parameters() and set_parameters() in the classic interface
210  which can be used to get or set run-time parameters.
211- New method truncate() in the classic interface that can be used to quickly
212  empty a table or a set of tables.
213- Fix decimal point handling.
214- Add option to return boolean values as bool objects.
215- Add option to return money values as string.
216- get_tables() does not list information schema tables any more.
217- Fix notification handler (Thanks Patrick TJ McPhee).
218- Fix a small issue with large objects.
219- Minor improvements of the NotificationHandler.
220- Converted documentation to Sphinx and added many missing parts.
221- The tutorial files have become a chapter in the documentation.
222- Greatly improved unit testing, tests run with Python 2.4 to 2.7 again.
224Version 4.1.1 (2013-01-08)
226- Add NotificationHandler class and method.  Replaces need for pgnotify.
227- Sharpen test for inserting current_timestamp.
228- Add more quote tests.  False and 0 should evaluate to NULL.
229- More tests - Any number other than 0 is True.
230- Do not use positional parameters internally.
231  This restores backward compatibility with version 4.0.
232- Add methods for changing the decimal point.
234Version 4.1 (2013-01-01)
236- Dropped support for Python below 2.5 and PostgreSQL below 8.3.
237- Added support for Python up to 2.7 and PostgreSQL up to 9.2.
238- Particularly, support PQescapeLiteral() and PQescapeIdentifier().
239- The query method of the classic API now supports positional parameters.
240  This an effective way to pass arbitrary or unknown data without worrying
241  about SQL injection or syntax errors (contribution by Patrick TJ McPhee).
242- The classic API now supports a method namedresult() in addition to
243  getresult() and dictresult(), which returns the rows of the result
244  as named tuples if these are supported (Python 2.6 or higher).
245- The classic API has got the new methods begin(), commit(), rollback(),
246  savepoint() and release() for handling transactions.
247- Both classic and DBAPI 2 connections can now be used as context
248  managers for encapsulating transactions.
249- The execute() and executemany() methods now return the cursor object,
250  so you can now write statements like "for row in cursor.execute(...)"
251  (as suggested by Adam Frederick).
252- Binary objects are now automatically escaped and unescaped.
253- Bug in money quoting fixed.  Amounts of $0.00 handled correctly.
254- Proper handling of date and time objects as input.
255- Proper handling of floats with 'nan' or 'inf' values as input.
256- Fixed the set_decimal() function.
257- All DatabaseError instances now have a sqlstate attribute.
258- The getnotify() method can now also return payload strings (#15).
259- Better support for notice processing with the new methods
260  set_notice_receiver() and get_notice_receiver()
261  (as suggested by Michael Filonenko, see #37).
262- Open transactions are rolled back when pgdb connections are closed
263  (as suggested by Peter Harris, see #46).
264- Connections and cursors can now be used with the "with" statement
265  (as suggested by Peter Harris, see #46).
266- New method use_regtypes() that can be called to let getattnames()
267  return regular type names instead of the simplified classic types (#44).
269Version 4.0 (2009-01-01)
271- Dropped support for Python below 2.3 and PostgreSQL below 7.4.
272- Improved performance of fetchall() for large result sets
273  by speeding up the type casts (as suggested by Peter Schuller).
274- Exposed exceptions as attributes of the connection object.
275- Exposed connection as attribute of the cursor object.
276- Cursors now support the iteration protocol.
277- Added new method to get parameter settings.
278- Added customizable row_factory as suggested by Simon Pamies.
279- Separated between mandatory and additional type objects.
280- Added keyword args to insert, update and delete methods.
281- Added exception handling for direct copy.
282- Start transactions only when necessary, not after every commit().
283- Release the GIL while making a connection
284  (as suggested by Peter Schuller).
285- If available, use decimal.Decimal for numeric types.
286- Allow DB wrapper to be used with DB-API 2 connections
287  (as suggested by Chris Hilton).
288- Made private attributes of DB wrapper accessible.
289- Dropped dependence on mx.DateTime module.
290- Support for PQescapeStringConn() and PQescapeByteaConn();
291  these are now also used by the internal _quote() functions.
292- Added 'int8' to INTEGER types. New SMALLINT type.
293- Added a way to find the number of rows affected by a query()
294  with the classic pg module by returning it as a string.
295  For single inserts, query() still returns the oid as an integer.
296  The pgdb module already provides the "rowcount" cursor attribute
297  for the same purpose.
298- Improved getnotify() by calling PQconsumeInput() instead of
299  submitting an empty command.
300- Removed compatibility code for old OID munging style.
301- The insert() and update() methods now use the "returning" clause
302  if possible to get all changed values, and they also check in advance
303  whether a subsequent select is possible, so that ongoing transactions
304  won't break if there is no select privilege.
305- Added "protocol_version" and "server_version" attributes.
306- Revived the "user" attribute.
307- The pg module now works correctly with composite primary keys;
308  these are represented as frozensets.
309- Removed the undocumented and actually unnecessary "view" parameter
310  from the get() method.
311- get() raises a nicer ProgrammingError instead of a KeyError
312  if no primary key was found.
313- delete() now also works based on the primary key if no oid available
314  and returns whether the row existed or not.
316Version 3.8.1 (2006-06-05)
318- Use string methods instead of deprecated string functions.
319- Only use SQL-standard way of escaping quotes.
320- Added the functions escape_string() and escape/unescape_bytea()
321  (as suggested by Charlie Dyson and Kavous Bojnourdi a long time ago).
322- Reverted code in clear() method that set date to current.
323- Added code for backwards compatibility in OID munging code.
324- Reorder attnames tests so that "interval" is checked for before "int."
325- If caller supplies key dictionary, make sure that all has a namespace.
327Version 3.8 (2006-02-17)
329- Installed new favicon.ico from Matthew Sporleder <>
330- Replaced snprintf by PyOS_snprintf.
331- Removed NO_SNPRINTF switch which is not needed any longer
332- Clean up some variable names and namespace
333- Add get_relations() method to get any type of relation
334- Rewrite get_tables() to use get_relations()
335- Use new method in get_attnames method to get attributes of views as well
336- Add Binary type
337- Number of rows is now -1 after executing no-result statements
338- Fix some number handling
339- Non-simple types do not raise an error any more
340- Improvements to documentation framework
341- Take into account that nowadays not every table must have an oid column
342- Simplification and improvement of the inserttable() function
343- Fix up unit tests
344- The usual assortment of minor fixes and enhancements
346Version 3.7 (2005-09-07)
348Improvement of pgdb module:
350- Use Python standard `datetime` if `mxDateTime` is not available
352Major improvements and clean-up in classic pg module:
354- All members of the underlying connection directly available in `DB`
355- Fixes to quoting function
356- Add checks for valid database connection to methods
357- Improved namespace support, handle `search_path` correctly
358- Removed old dust and unnecessary imports, added docstrings
359- Internal sql statements as one-liners, smoothed out ugly code
361Version 3.6.2 (2005-02-23)
363- Further fixes to namespace handling
365Version 3.6.1 (2005-01-11)
367- Fixes to namespace handling
369Version 3.6 (2004-12-17)
371- Better DB-API 2.0 compliance
372- Exception hierarchy moved into C module and made available to both APIs
373- Fix error in update method that caused false exceptions
374- Moved to standard exception hierarchy in classic API
375- Added new method to get transaction state
376- Use proper Python constants where appropriate
377- Use Python versions of strtol, etc. Allows Win32 build.
378- Bug fixes and cleanups
380Version 3.5 (2004-08-29)
382Fixes and enhancements:
384- Add interval to list of data types
385- fix up method wrapping especially close()
386- retry pkeys once if table missing in case it was just added
387- wrap query method separately to handle debug better
388- use isinstance instead of type
389- fix free/PQfreemem issue - finally
390- miscellaneous cleanups and formatting
392Version 3.4 (2004-06-02)
394Some cleanups and fixes.
395This is the first version where PyGreSQL is moved back out of the
396PostgreSQL tree. A lot of the changes mentioned below were actually
397made while in the PostgreSQL tree since their last release.
399- Allow for larger integer returns
400- Return proper strings for true and false
401- Cleanup convenience method creation
402- Enhance debugging method
403- Add reopen method
404- Allow programs to preload field names for speedup
405- Move OID handling so that it returns long instead of int
406- Miscellaneous cleanups and formatting
408Version 3.3 (2001-12-03)
410A few cleanups.  Mostly there was some confusion about the latest version
411and so I am bumping the number to keep it straight.
413- Added NUMERICOID to list of returned types. This fixes a bug when
414  returning aggregates in the latest version of PostgreSQL.
416Version 3.2 (2001-06-20)
418Note that there are very few changes to PyGreSQL between 3.1 and 3.2.
419The main reason for the release is the move into the PostgreSQL
420development tree.  Even the WIN32 changes are pretty minor.
422- Add Win32 support (
423- Fix some DB-API quoting problems (
424- Moved development into PostgreSQL development tree.
426Version 3.1 (2000-11-06)
428- Fix some quoting functions.  In particular handle NULLs better.
429- Use a method to add primary key information rather than direct
430  manipulation of the class structures
431- Break decimal out in `_quote` (in and treat it as float
432- Treat timestamp like date for quoting purposes
433- Remove a redundant SELECT from the `get` method speeding it,
434  and `insert` (since it calls `get`) up a little.
435- Add test for BOOL type in typecast method to `pgdbTypeCache` class
436  (
437- Fix to send port as integer to lower level function
438  (
439- Change to speed up some operations
440- Allow updates on tables with no primary keys
442Version 3.0 (2000-05-30)
444- Remove strlen() call from pglarge_write() and get size from object
445  (
446- Add a little more error checking to the quote function in the wrapper
447- Add extra checking in `_quote` function
448- Wrap query in for debugging
449- Add DB-API 2.0 support to pgmodule.c (
450- Add DB-API 2.0 wrapper (
451- Correct keyword clash (temp) in tutorial
452- Clean up layout of tutorial
453- Return NULL values as None (
454  (WARNING: This will cause backwards compatibility issues)
455- Change None to NULL in insert and update
456- Change hash-bang lines to use /usr/bin/env
457- Clearing date should be blank (NULL) not TODAY
458- Quote backslashes in strings in `_quote` (brian@CSUA.Berkeley.EDU)
459- Expanded and clarified build instructions (
460- Make code thread safe (
461- Add README.distutils ( &
462- Many fixes and increased DB-API compliance by,
463, and others to get the final
464  version ready to release.
466Version 2.4 (1999-06-15)
468- Insert returns None if the user doesn't have select permissions
469  on the table.  It can (and does) happen that one has insert but
470  not select permissions on a table.
471- Added ntuples() method to query object (
472- Corrected a bug related to getresult() and the money type
473- Corrected a bug related to negative money amounts
474- Allow update based on primary key if munged oid not available and
475  table has a primary key
476- Add many __doc__ strings (
477- Get method works with views if key specified
479Version 2.3 (1999-04-17)
481- returns "localhost" when connected to Unix socket
482  (
483- Use `PyArg_ParseTupleAndKeywords` in connect() (
484- fixes and cleanups (
485- Fixed memory leak in dictresult() (
486- Deprecated - functionality now in
487- More cleanups to the tutorial
488- Added fileno() method - (Mikhail Terekhov)
489- added money type to quoting function
490- Compiles cleanly with more warnings turned on
491- Returns PostgreSQL error message on error
492- Init accepts keywords (Jarkko Torppa)
493- Convenience functions can be overridden (Jarkko Torppa)
494- added close() method
496Version 2.2 (1998-12-21)
498- Added user and password support thanks to Ng Pheng Siong (
499- Insert queries return the inserted oid
500- Add new `pg` wrapper (C module renamed to _pg)
501- Wrapped database connection in a class
502- Cleaned up some of the tutorial.  (More work needed.)
503- Added `version` and `__version__`.
504  Thanks to for the suggestion.
506Version 2.1 (1998-03-07)
508- return fields as proper Python objects for field type
509- Cleaned up
510- Added dictresult method
512Version 2.0  (1997-12-23)
514- Updated code for PostgreSQL 6.2.1 and Python 1.5
515- Reformatted code and converted to use full ANSI style prototypes
516- Changed name to PyGreSQL (from PyGres95)
517- Changed order of arguments to connect function
518- Created new type `pgqueryobject` and moved certain methods to it
519- Added a print function for pgqueryobject
520- Various code changes - mostly stylistic
522Version 1.0b (1995-11-04)
524- Keyword support for connect function moved from library file to C code
525  and taken away from library
526- Rewrote documentation
527- Bug fix in connect function
528- Enhancements in large objects interface methods
530Version 1.0a (1995-10-30)
532A limited release.
534- Module adapted to standard Python syntax
535- Keyword support for connect function in library file
536- Rewrote default parameters interface (internal use of strings)
537- Fixed minor bugs in module interface
538- Redefinition of error messages
540Version 0.9b (1995-10-10)
542The first public release.
544- Large objects implementation
545- Many bug fixes, enhancements, ...
547Version 0.1a (1995-10-07)
549- Basic libpq functions (SQL access)
Note: See TracBrowser for help on using the repository browser.