1.5.2

This release contains bug fixes since the 1.5.0 release.
This release is high priority for upgrade. We strongly recommend that you
upgrade as soon as possible.

Bug Fixes

• PR #351 - Make serialize functions strict
• There's a vulnerability in Toolkit 1.5 and earlier due to the fact that it creates a PLPGSQL function using CREATE OR REPLACE and without properly locking down the search path. This means that a user could pre-create the trigger function to run arbitrary code. To fix this we remove the trigger entirely; it no longer pulls its weight. This fix locks down our update scripts to only use CREATE OR REPLACE when actually necessary; while we don't yet have an exploit for the other functions, it would be unsurprising if one exists.