postgresql-pljava (1.6.2-2) unstable; urgency=medium

  Prior to 1.6.0, PL/Java hard-coded the permissions that were available to
  functions declared in the ‘trusted’ language java or the ‘untrusted’
  language javaU. With 1.6.0, the exact permissions available for both cases
  can be configured in the pljava.policy file (found in the directory reported
  by pg_config --sysconfdir) as described in the new policy documentation.

  Java’s policy language can conditionally grant permissions but not deny them
  if another clause grants them. Therefore, the default policy must be
  somewhat restrictive, so a desired policy can be built from it with grant
  clauses.

  In the 1.6.0 default policy, ‘trusted’ (java) code has minimal permissions,
  suitable for general computation and interacting with the database, and
  ‘untrusted’ (javaU) code has only the additional permission to access the
  file system. Existing user functions that worked in PL/Java 1.5.x and
  performed other actions, such as making network connections, will need the
  appropriate permissions (such as java.net.URLPermission or
  java.net.SocketPermission) granted via the policy file.

  The policy can grant permissions more selectively than just to java or
  javaU. The new documentation covers the details, and also how to log, for
  troubleshooting purposes, the permissions being requested.

  Whatever the reason, all down the years, a favorite “is PL/Java working?”
  check found online has been to read a Java system property with
  System.getProperty. Not all of those examples pick properties that can be
  read under the default policy. So, even some familiar habits like that may
  need revision, at least to use a property like java.version that is readable
  by default.

  The former hard-coded permissions were by turns too lax or too strict,
  depending on what was needed, and interfered in some cases with the
  operation of the Java runtime itself, breaking (at least) its XSLT
  implementation and the profiling functions of visualvm. This release fixes
  those issues.

  http://tada.github.io/pljava/releasenotes.html

 -- Christoph Berg <myon@debian.org>  Fri, 26 Feb 2021 23:17:23 +0100
