set_session_auth/obj access hook/xact handler/CI
This major version of set_user includes the following features:
- set_session_auth() function for changing the Authorized User
irrevocably. - Compatibility updates for PostgreSQL versions 9.4 - 14
- Introduction of object_access_hook for blocking GUC modification via
set_config()[1] - Introduction of transaction handler to properly handle bailed
set_user() transactions. - Introduction of GitHub Actions to provide testing of PostgreSQL
version 9.4 -14. - Regression test updates.
[1] This Release addresses CVE-2021-41558:
Potential bypass of ProcessUtility_hook using the
set_config()function. This is now blocked using the object access hook.