Adding SQL file for PG15. Initial version is a replica of PG14 SQL file.
Changes will be required in this file to fully support newly introduced columns
in PG15.
This currently fixes compilation and make install targets.
Also, updated the first line comments where the SQL version was mentioend as
1.1. The version remains at 1.0 for the time being.
While analyzing the pg_stat_monitor installation scripts I found several
vulnerabilities. pg_stat_monitor uses CREATE OR REPLACE to install its
functions which is a security hazard. An attacker can precreate the functions
have a superuser install the extension and after installation the attacker
can switch out the function with a malicious version since he would still
be the owner of the function. Instead of CREATE OR REPLACE the installation
script should use plain CREATE to prevent this attack.
For reference
https://www.postgresql.org/docs/current/extend-extensions.html#EXTEND-EXTENSIONS-SECURITYhttps://github.com/timescale/pgspot
Hamid Akhtar
Ibrar Ahmed
Ibrar Ahmed