From 9cbcdfafebd895ea05ef11f77edef3253dc1c8a0 Mon Sep 17 00:00:00 2001
From: Bo Peng <pengbo@sraoss.co.jp>
Date: Sun, 22 Jan 2023 00:46:32 +0900
Subject: [PATCH] Doc: Add release notes.

---
 doc.ja/src/sgml/release-4.0.sgml | 165 ++++++++++++++++++++++++++
 doc/src/sgml/release-4.0.sgml    | 194 +++++++++++++++++++++++++++++++
 2 files changed, 359 insertions(+)
diff --git a/doc.ja/src/sgml/release-4.0.sgml b/doc.ja/src/sgml/release-4.0.sgml
index 1cf1f9da6..10fa9b23a 100644
--- a/doc.ja/src/sgml/release-4.0.sgml
+++ b/doc.ja/src/sgml/release-4.0.sgml
@@ -1,6 +1,171 @@
 <!-- doc/src/sgml/release-4.0.sgml -->
 <!-- See header comment in release.sgml about typical markup -->
 
+<sect1 id="release-4-0-22">
+ <title>ãªãªã¼ã¹ 4.0.22</title>
+  <note>
+   <title>ãªãªã¼ã¹æ¥</title>
+   <simpara>2023-01-23</simpara>
+  </note>
+
+ <sect2>
+  <title>æ¦è¦</title>
+  <para>
+   ãã®ãªãªã¼ã¹ã«ã¯ãã»ã­ã¥ãªãã£ä¿®æ­£ãå«ã¾ãã¦ãã¾ãã
+  </para>
+  <para>
+   ä»¥ä¸ã®æ¡ä»¶ããã¹ã¦æºããå ´åã<xref linkend="SQL-SHOW-POOL-STATUS">ã³ãã³ãã«ãã<xref linkend="guc-wd-lifecheck-user">ã®ãã¹ã¯ã¼ããå¬éããã¾ãããã®ã³ãã³ãã¯ã<productname>Pgpool-II</productname>ã«æ¥ç¶ã§ãããã¹ã¦ã®ã¦ã¼ã¶ã¼ãå®è¡ã§ãã¾ãã(CVE-2023-22332)
+  </para>
+
+  <itemizedlist>
+   <listitem>
+    <para>
+     ãã¼ã¸ã§ã³3.3ä»¥é
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+     <xref linkend="guc-use-watchdog">ã<literal>on</literal>ã«è¨­å®ããã¦ãã
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+     <xref linkend="guc-wd-lifecheck-method">ã«<literal>query</literal>ãè¨­å®ããã¦ãã
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+     <xref linkend="guc-wd-lifecheck-password">ã«ãã¬ã¼ã³ãã­ã¹ãã®ãã¹ã¯ã¼ããè¨­å®ããã¦ãã
+    </para>
+   </listitem>
+  </itemizedlist>
+
+  <para>
+   ä¸è¨æ¡ä»¶ã®ãã¹ã¦ã«è©²å½ããã¦ã¼ã¶ã¯ããã®ãã¼ã¸ã§ã³ã«ã¢ããã°ã¬ã¼ãããã (show pool_statusã³ãã³ãã§<xref linkend="guc-wd-lifecheck-password">ãè¡¨ç¤ºãããªããªã)ãæ¬¡ã®åé¿ç­ã®ãããããä½¿ç¨ãããã¨ãå¼·ããå§ããã¾ãã
+  </para>
+
+  <para>
+   4.0.xï½4.4.xã¦ã¼ã¶åãã®åé¿ç­:
+  </para>
+
+  <itemizedlist>
+   <listitem>
+    <para>
+     Watchdogãç¡å¹ã«ããã(<xref linkend="guc-use-watchdog">ã<literal>off</literal>ã«è¨­å®ãã)
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+     <xref linkend="guc-wd-lifecheck-method">ã«<literal>heartbeat</literal>ãè¨­å®ããã
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+     <xref linkend="guc-wd-lifecheck-password">ã«ã¯ç©ºæå­ãè¨­å®ãããã¹ã¯ã¼ãã¯pool_passwdãã¡ã¤ã«ã«è¨­å®ããã
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+     <xref linkend="guc-wd-lifecheck-password">ã«AESã§æå·åãããã¹ã¯ã¼ããè¨­å®ããã
+    </para>
+   </listitem>
+  </itemizedlist>
+
+  <para>
+   ãããã«ãããPostgreSQLã§<xref linkend="guc-wd-lifecheck-password">ãå¤æ´ãããã¨ããå§ããã¾ãã
+  </para>
+
+  <para>
+   3.3.xï½3.7.xã¦ã¼ã¶åãã®åé¿ç­:
+  </para>
+
+  <itemizedlist>
+   <listitem>
+    <para>
+     Watchdogãç¡å¹ã«ããã(<xref linkend="guc-use-watchdog">ã<literal>off</literal>ã«è¨­å®ãã)
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+     <xref linkend="guc-wd-lifecheck-method">ã«<literal>heartbeat</literal>ãè¨­å®ããã
+    </para>
+   </listitem>
+  </itemizedlist>
+
+  <para>
+   ãããã«ããã<productname>PostgreSQL</productname>ã§<xref linkend="guc-wd-lifecheck-password">ãå¤æ´ãããã¨ããå§ããã¾ãã
+  </para>
+
+  <para>
+   <productname>Pgpool-II</productname> 3.7.xããã³ä»¥åã®ãã¼ã¸ã§ã³ã¯ãµãã¼ããçµäºãã¦ããããããããã®ãã¼ã¸ã§ã³ã®ãã¤ãã¼ã¢ãããã¼ãã¯ãªãªã¼ã¹ããã¾ããã
+  </para>
+ </sect2>
+
+ <sect2>
+  <title>å¤æ´ç¹</title>
+  <itemizedlist>
+
+   <listitem>
+    <!--
+	2023-01-22 [9af68dd8]
+      -->
+    <para>
+     <xref linkend="SQL-SHOW-POOL-STATUS">ã<xref linkend="PCP-POOL-STATUS">ããã³<xref linkend="PGPOOL-ADM-PCP-POOL-STATUS">ã³ãã³ãã§wd_lifecheck_passwordãè¡¨ç¤ºããªãããã«ä¿®æ­£ãã¾ããã(CVE-2023-22332) (Bo Peng)
+    </para>
+   </listitem>
+
+   <listitem>
+    <!--
+	2023-01-22 [53d1375a]
+      -->
+    <para>
+     ãã­ã¥ã¡ã³ãã«è¨è¼ããã¦ããããã«ã<xref linkend="guc-wd-lifecheck-password">ã®ããã©ã«ãå¤ãç©ºã®æå­åã«å¤æ´ãã¾ããã(Bo Peng)
+    </para>
+   </listitem>
+
+  </itemizedlist>
+ </sect2>
+
+ <sect2>
+  <title>ä¸å·åä¿®æ­£</title>
+  <itemizedlist>
+
+   <listitem>
+    <!--
+    2022-12-24 [6013de9]
+      -->
+    <para>
+     pgpool-regclass.cã®ã³ã³ãã¤ã©è­¦åãä¿®æ­£ãã¾ããã(Florian Weimer, Tatsuo Ishii)
+    </para>
+   </listitem>
+
+  </itemizedlist>
+ </sect2>
+
+ <sect2>
+  <title>ãã­ã¥ã¡ã³ãä¿®æ­£</title>
+  <itemizedlist>
+
+   <listitem>
+    <!--
+    2023-01-06 [a6d1a65]
+      -->
+    <para>
+     <link linkend="runtime-in-memory-query-cache-shmem-config">å±æã¡ã¢ãªä½¿ç¨æã®è¨­å®</link>ã®ç« ã®ããã¤ãã®èª¤ããä¿®æ­£ããèª¬æãå¼·åãã¾ããã(Tatsuo Ishii)
+    </para>
+   </listitem>
+
+  </itemizedlist>
+ </sect2>
+</sect1>
+
 <sect1 id="release-4-0-21">
  <title>ãªãªã¼ã¹ 4.0.21</title>
   <note>
diff --git a/doc/src/sgml/release-4.0.sgml b/doc/src/sgml/release-4.0.sgml
index cc1715910..6f4bcd9f9 100644
--- a/doc/src/sgml/release-4.0.sgml
+++ b/doc/src/sgml/release-4.0.sgml
@@ -1,6 +1,200 @@
 <!-- doc/src/sgml/release-4.0.sgml -->
 <!-- See header comment in release.sgml about typical markup -->
 
+<sect1 id="release-4-0-22">
+ <title>Release 4.0.22</title>
+  <note>
+   <title>Release Date</title>
+   <simpara>2023-01-23</simpara>
+  </note>
+
+ <sect2>
+  <title>Overview</title>
+  <para>
+   This release contains a security fix.
+  </para>
+  <para>
+   If following conditions are all met, the password of <xref linkend="guc-wd-lifecheck-user"> is
+   exposed by <xref linkend="SQL-SHOW-POOL-STATUS"> command.
+   The command can be executed by any user who can
+   connect to <productname>Pgpool-II</productname>. (CVE-2023-22332)
+  </para>
+
+  <itemizedlist>
+   <listitem>
+    <para>
+     Version 3.3 or later.
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+    <xref linkend="guc-use-watchdog"> is <literal>on</literal>.
+     </para>
+   </listitem>
+
+   <listitem>
+    <para>
+    <xref linkend="guc-wd-lifecheck-method"> is <literal>query</literal>.
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+    A plain text password is set
+    to <xref linkend="guc-wd-lifecheck-password">.
+    </para>
+   </listitem>
+  </itemizedlist>
+
+  <para>
+   In this case it is strongly recommended to upgrade to this version
+   (we do not expose <xref linkend="guc-wd-lifecheck-password"> in
+   show pool_status command any more), or use one of following
+   workarounds.
+  </para>
+
+  <para>
+   Workarounds for 4.0.x to 4.4.x users:
+  </para>
+
+  <itemizedlist>
+   <listitem>
+    <para>
+    Disable watchdog. Set <xref linkend="guc-use-watchdog">
+    to <literal>off</literal>.
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+    Change <xref linkend="guc-wd-lifecheck-method">
+    to <literal>heartbeat</literal>.
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+    Set an empty string
+    to <xref linkend="guc-wd-lifecheck-password">. This will use
+    password in the <filename>pool_passwd</filename> file.
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+    Set an AES encrypted password
+    to <xref linkend="guc-wd-lifecheck-password">.
+    </para>
+   </listitem>
+  </itemizedlist>
+
+  <para>
+   In any case we recommend to
+   change <xref linkend="guc-wd-lifecheck-password">
+   in <productname>PostgreSQL</productname>.
+  </para>
+
+  <para>
+   Workarounds for 3.0.x to 3.7.x users:
+  </para>
+
+  <itemizedlist>
+   <listitem>
+    <para>
+    Disable watchdog. Set <xref linkend="guc-use-watchdog">
+    to <literal>off</literal>.
+    </para>
+   </listitem>
+
+   <listitem>
+    <para>
+     Change <xref linkend="guc-wd-lifecheck-method">
+     to <literal>heartbeat</literal>.
+    </para>
+   </listitem>
+  </itemizedlist>
+
+  <para>
+   In any case we recommend to
+   change <xref linkend="guc-wd-lifecheck-password">
+   in <productname>PostgreSQL</productname>.
+  </para>
+
+  <para>
+   Please note that <productname>Pgpool-II</productname> 3.7.x or
+   before are end of life and no minor updates are provided for those
+   versions.
+  </para>
+ </sect2>
+
+ <sect2>
+  <title>Changes</title>
+  <itemizedlist>
+
+   <listitem>
+    <!--
+	2023-01-22 [9af68dd8]
+      -->
+    <para>
+     Do not expose <xref linkend="guc-wd-lifecheck-password"> in
+     <xref linkend="SQL-SHOW-POOL-STATUS">,
+     <xref linkend="PCP-POOL-STATUS"> and
+     <xref linkend="PGPOOL-ADM-PCP-POOL-STATUS"> commands. (CVE-2023-22332) (Bo Peng)
+    </para>
+   </listitem>
+
+   <listitem>
+    <!--
+	2023-01-22 [53d1375a]
+      -->
+    <para>
+     Change the default value
+     for <xref linkend="guc-wd-lifecheck-password"> to empty string as
+     documented. (Bo Peng)
+    </para>
+   </listitem>
+
+  </itemizedlist>
+ </sect2>
+
+ <sect2>
+  <title>Bug fixes</title>
+  <itemizedlist>
+
+   <listitem>
+    <!--
+    2022-12-24 [6013de9]
+      -->
+    <para>
+     Fix compiler warning
+     in <filename>pgpool-regclass.c</filename>. (Florian Weimer,
+     Tatsuo Ishii)
+    </para>
+   </listitem>
+
+  </itemizedlist>
+ </sect2>
+
+ <sect2>
+  <title>Documents</title>
+  <itemizedlist>
+
+   <listitem>
+    <!--
+    2023-01-06 [a6d1a65]
+      -->
+    <para>
+     Doc: Enhance and fix some mistakes
+     in <link linkend="runtime-in-memory-query-cache-shmem-config">Configurations
+     to use shared memory</link> chapter. (Tatsuo Ishii)
+    </para>
+   </listitem>
+
+  </itemizedlist>
+ </sect2>
+</sect1>
+
 <sect1 id="release-4-0-21">
  <title>Release 4.0.21</title>
   <note>
-- 
2.39.5

