doc: adjust PG 11 release notes

Fixes for channel binding, SQL procedures, and pg_trgm. Backpatch-through: 11

doc: adjust PG 11 release notes
Fixes for channel binding, SQL procedures, and pg_trgm. Backpatch-through: 11
0d45cd96 · Bruce Momjian · fedc97cd · 0d45cd96
Commit 0d45cd96 authored Sep 11, 2018 by Bruce Momjian
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 10 deletions

doc/src/sgml/release-11.sgml doc/src/sgml/release-11.sgml +5 -10

No files found.
--- a/doc/src/sgml/release-11.sgml
+++ b/doc/src/sgml/release-11.sgml
@@ -1942,7 +1942,7 @@ same commits as above
 -->
       <para>
-        Add SQL procedures, which can start and commit their own
+        Add SQL-level procedures, which can start and commit their own
        transactions (Peter Eisentraut)
       </para>
@@ -2685,15 +2685,10 @@ same commits as above
       </para>
       <para>
-        While <acronym>SCRAM</acronym> always prevents the
+        <acronym>SCRAM</acronym> cannot prevent man-in-the-middle attacks
-        replay of transmitted hashed passwords in a later session,
+        unless it can be forced.  Unfortunately, there is no way to do
-        <acronym>SCRAM</acronym> with channel binding can also prevent
+        this in libpq.  This is expected in future versions of libpq
-        man-in-the-middle attacks.  However, since there is no way
+        and in interfaces not built using libpq, e.g. JDBC.
-        to <emphasis>force</emphasis> channel binding in libpq,
-        the feature currently does not prevent man-in-the-middle
-        attacks when using libpq and interfaces built using it.  It is
-        expected that future versions of libpq and interfaces not built
-        using libpq, e.g. JDBC, will allow this capability.
       </para>
      </listitem>