From 53b8f9308aa3717c4aa6e23ecf9f5b0081931176 Mon Sep 17 00:00:00 2001
From: Don Sizemore <don.sizemore@github.com>
Date: Tue, 5 Sep 2023 09:15:30 -0400
Subject: [PATCH 1/5] #9717 support Postgres versions 14 and 15

---
 pom.xml                      |  2 +-
 scripts/installer/install.py | 23 +++++++++++++++++++----
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3ff313743d5..028b1744596 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,7 +26,7 @@
         <packaging.type>war</packaging.type>
         
         <reload4j.version>1.2.18.4</reload4j.version>
-        <flyway.version>8.5.10</flyway.version>
+        <flyway.version>9.21.2</flyway.version>
         <jhove.version>1.20.1</jhove.version>
         <jacoco.version>0.8.7</jacoco.version>
         <poi.version>5.2.1</poi.version>
diff --git a/scripts/installer/install.py b/scripts/installer/install.py
index 700c70dbc28..df8d7eba4f6 100644
--- a/scripts/installer/install.py
+++ b/scripts/installer/install.py
@@ -380,12 +380,13 @@
       print("Can't connect to PostgresQL as the admin user.\n")
       sys.exit("Is the server running, have you adjusted pg_hba.conf, etc?")
 
-   # 3b. get the Postgres version (do we need it still?)
+   # 3b. get the Postgres version for new permissions model in versions 15+
    try:
-      pg_full_version = conn.server_version
-      print("PostgresQL version: "+str(pg_full_version))
+      pg_full_version = str(conn.server_version)
+      pg_major_version = pg_full_version[0:2]
+      print("PostgreSQL version: "+pg_major_version)
    except:
-      print("Warning: Couldn't determine PostgresQL version.")
+      print("Warning: Couldn't determine PostgreSQL version.")
    conn.close()
 
    # 3c. create role:
@@ -410,6 +411,8 @@
       else:
          sys.exit("Couldn't create database or database already exists.\n")
 
+   # 3e. set permissions:
+
    conn_cmd = "GRANT ALL PRIVILEGES on DATABASE "+pgDb+" to "+pgUser+";"
    try:
       cur.execute(conn_cmd)
@@ -418,6 +421,18 @@
    cur.close()
    conn.close()
 
+   if int(pg_major_version) >= 15:
+      conn_cmd = "GRANT ALL ON SCHEMA public TO "+pgUser+";"
+   try:
+      cur.execute(conn_cmd)
+   except:
+      if force:
+         print("WARNING: failed to grant permissions on schema public - continuing, since the --force option was specified")
+      else:
+         sys.exit("Couldn't grant privileges on schema public to "+pgUser)
+   cur.close()
+   conn.close()
+
    print("Database and role created!")
    if pgOnly:
       print("postgres-only setup complete.")

From 983f77349dda1afb1df75641060e3469729db86e Mon Sep 17 00:00:00 2001
From: Don Sizemore <don.sizemore@github.com>
Date: Wed, 6 Sep 2023 10:46:28 -0400
Subject: [PATCH 2/5] bump PG JDBC version per kcondon, correct installer 3e
 condition indentation

---
 modules/dataverse-parent/pom.xml |  2 +-
 scripts/installer/install.py     | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index 289abdde625..656dcc93863 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -149,7 +149,7 @@
     
         <!-- Major system components and dependencies -->
         <payara.version>6.2023.8</payara.version>
-        <postgresql.version>42.5.1</postgresql.version>
+        <postgresql.version>42.6.0</postgresql.version>
         <solr.version>9.3.0</solr.version>
         <aws.version>1.12.290</aws.version>
         <google.cloud.version>0.177.0</google.cloud.version>
diff --git a/scripts/installer/install.py b/scripts/installer/install.py
index df8d7eba4f6..6fa313e2884 100644
--- a/scripts/installer/install.py
+++ b/scripts/installer/install.py
@@ -423,15 +423,15 @@
 
    if int(pg_major_version) >= 15:
       conn_cmd = "GRANT ALL ON SCHEMA public TO "+pgUser+";"
-   try:
-      cur.execute(conn_cmd)
-   except:
-      if force:
-         print("WARNING: failed to grant permissions on schema public - continuing, since the --force option was specified")
-      else:
-         sys.exit("Couldn't grant privileges on schema public to "+pgUser)
-   cur.close()
-   conn.close()
+      try:
+         cur.execute(conn_cmd)
+      except:
+         if force:
+            print("WARNING: failed to grant permissions on schema public - continuing, since the --force option was specified")
+         else:
+            sys.exit("Couldn't grant privileges on schema public to "+pgUser)
+      cur.close()
+      conn.close()
 
    print("Database and role created!")
    if pgOnly:

From 8bb38c4d3bd082fe19d4a53644fb6a16f284cfbc Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 7 Sep 2023 12:17:41 -0400
Subject: [PATCH 3/5] add print about PostgreSQL 15 or higher GRANT #9717

---
 scripts/installer/install.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/installer/install.py b/scripts/installer/install.py
index 6fa313e2884..9da64bff32e 100644
--- a/scripts/installer/install.py
+++ b/scripts/installer/install.py
@@ -423,6 +423,7 @@
 
    if int(pg_major_version) >= 15:
       conn_cmd = "GRANT ALL ON SCHEMA public TO "+pgUser+";"
+      print("PostgreSQL 15 or higher detected. Running " + conn_cmd)
       try:
          cur.execute(conn_cmd)
       except:

From 19c62ab328b8b366994dfb05adbea1905dc3c34f Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 7 Sep 2023 14:37:44 -0400
Subject: [PATCH 4/5] document Postgres 15 public schema change #9717

---
 doc/sphinx-guides/source/installation/prerequisites.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/installation/prerequisites.rst b/doc/sphinx-guides/source/installation/prerequisites.rst
index d94ef9fed9d..1847f1b8f63 100644
--- a/doc/sphinx-guides/source/installation/prerequisites.rst
+++ b/doc/sphinx-guides/source/installation/prerequisites.rst
@@ -97,10 +97,14 @@ Also note that Payara may utilize more than the default number of file descripto
 PostgreSQL
 ----------
 
+PostgreSQL 13 is recommended because it's the version we test against. Version 10 or higher is required because that's what's `supported by Flyway <https://documentation.red-gate.com/fd/postgresql-184127604.html>`_, which we use for database migrations.
+
+You are welcome to experiment with newer versions of PostgreSQL, but please note that as of PostgreSQL 15, permissions have been restricted on the ``public`` schema (`release notes <https://www.postgresql.org/docs/release/15.0/>`_, `EDB blog post <https://www.enterprisedb.com/blog/new-public-schema-permissions-postgresql-15>`_, `Crunchy Data blog post <https://www.crunchydata.com/blog/be-ready-public-schema-changes-in-postgres-15>`_). The Dataverse installer has been updated to restore the old permissions, but this may not be a long term solution.
+
 Installing PostgreSQL
 =====================
 
-The application has been tested with PostgreSQL versions up to 13 and version 10+ is required. We recommend installing the latest version that is available for your OS distribution. *For example*, to install PostgreSQL 13 under RHEL7/derivative::
+*For example*, to install PostgreSQL 13 under RHEL7/derivative::
 
 	# yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
 	# yum makecache fast

From f71274e7c7a4d47ab7fb973320bcfdb7e6822fbd Mon Sep 17 00:00:00 2001
From: Don Sizemore <don.sizemore@github.com>
Date: Thu, 7 Sep 2023 15:27:15 -0400
Subject: [PATCH 5/5] #9717 grant CREATE instead of ALL per pdurbin

---
 scripts/installer/install.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/installer/install.py b/scripts/installer/install.py
index 9da64bff32e..3aedbd8c6ad 100644
--- a/scripts/installer/install.py
+++ b/scripts/installer/install.py
@@ -413,7 +413,7 @@
 
    # 3e. set permissions:
 
-   conn_cmd = "GRANT ALL PRIVILEGES on DATABASE "+pgDb+" to "+pgUser+";"
+   conn_cmd = "GRANT CREATE PRIVILEGES on DATABASE "+pgDb+" to "+pgUser+";"
    try:
       cur.execute(conn_cmd)
    except: