REL1_6_1

Fix superuser whitelist bug.

REL1_6_0

Version 1.6.0 adds one major feature:

• superuser Audit Tag

Additionally, version 1.6.0 significantly updates the documentation for readability and maintainability.

Here is an abbreviated git history since the last release:

• e661c61 2018-05-17 | Bump version to 1.6 to tag [Mike Palmiotto]
• 56a136a 2018-05-17 | Fix const warning and log formatting [Mike Palmiotto]
• 4dbe435 2018-05-17 | Change period to colon for consistency [Mike Palmiotto]
• 9d0c798 2018-05-17 | Move TODO to bottom of README [Mike Palmiotto]
• 4614e6d 2018-05-17 | Fix clumsy wording [Mike Palmiotto]
• e3adc76 2018-05-17 | Update README formatting to be more maintainable [Mike Palmiotto]
• bb96d79 2018-05-17 | Use single backtick for code tags [Mike Palmiotto]
• e911f62 2018-05-17 | Update README structure for readability [Mike Palmiotto]
• 9337606 2018-05-01 | Add superuser audit tag GUC [Mike Palmiotto]
• 77942df 2018-04-19 | Bump version to 1.5 to tag [Mike Palmiotto]
• ee9e8f1 2018-04-19 | Bump Copyright date to 2018 [Mike Palmiotto]

REL1_5_0

Version 1.5.0 adds three major features:

• set_user/reset_user post-execution hooks
• group role whitelisting in set_user.superuser_whitelist
• pdf doc generation

Here is the abbreviated git history:

• f727c3b 2018-04-19 | Bump version to 1.5 to tag [Mike Palmiotto]
• 28aabc9 2018-04-19 | Bump Copyright date to 2018 [Mike Palmiotto]
• 3dd4764 2018-04-19 | Add some documentation for set_user hooks [Mike Palmiotto]
• fe454c4 2018-04-19 | Get rid of some trailing whitespace in README.md Examples section [Mike Palmiotto]
• 4dd7ba1 2018-04-19 | Fix typo in Requirements for group roles [Mike Palmiotto]
• f284b03 2018-02-08 | Fix regression test failure for set_user_u [Mike Palmiotto]
• 11788c7 2017-09-15 | Add group role support to superuser whitelist [Mike Palmiotto]
• e673604 2018-03-20 | Add post-set_user hooks [Mike Palmiotto]
• bb5e0ce 2017-07-19 | Add some more verbose notes [John K. Harvey]
• 07ef6bf 2017-07-19 | Some gitignores and some cleanup [John K. Harvey]
• dc25d1f 2017-07-18 | Docbuilder - generates pdf from Readme.md [John K. Harvey]

REL_1_4_0

Add untrusted set_user and superuser whitelist
This patch adds two new functionalities:

• Distinguish between superuser escalation and normal set_user through use of
  the 'set_user_u' function.
• Add granular control over which PostgreSQL roles can escalate to
  superuser.

Previously, we relied on only the Block_SU GUC to toggle all superuser
escalation privileges.

Update set_user to be pg10-compatible

6bf59fd Add pg10 compatibility for ProcessUtilityHook
set_user.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 46 insertions(+), 3 deletions(-)

Reset_user feature and bugfixes

Joe Conway (2):
Add new variants of set_user and reset_user which allow a token to be set initially and if so required to be present and match at reset time.
In previous commit, two new versions of the existing functions were created, but I neglected to provide the permissions matching the originals. Fix that.

REL1_1_0

Add new custom GUC set_user.block_superuser

Add new custom GUC set_user.block_superuser defaulting to off. When
on, will prevent switching to a role which has superuser privs.