schema security

The schema security tag covers discussions about PostgreSQL authorization and privilege enforcement within database schemas, particularly around the CREATE STATISTICS command. A recent thread addresses CVE-2025-12817, a low-severity but operationally relevant bug where table owners could create statistics objects in schemas without the required schema-level CREATE privilege, potentially leading to denial-of-service conditions. This tag is relevant for database administrators and security professionals managing PostgreSQL deployments, focusing on privilege gaps, patch management, and securing schema-level operations against unauthorized use.