Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
Adrian Klaver <adrian.klaver@aklaver.com>
From: Adrian Klaver <adrian.klaver@aklaver.com>
To: Bruce Momjian <bruce@momjian.us>, Greg Sabino Mullane <htamfids@gmail.com>
Cc: Matthias Apitz <guru@unixarea.de>, Laurenz Albe <laurenz.albe@cybertec.at>, Subhash Udata <subhashudata@gmail.com>, "David G. Johnston" <david.g.johnston@gmail.com>, 김주연 <mysylph@gmail.com>, "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2024-11-23T19:19:09Z
Lists: pgsql-general
On 11/23/24 10:57, Bruce Momjian wrote: > On Sat, Nov 23, 2024 at 01:30:13PM -0500, Greg Sabino Mullane wrote: >> On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <bruce@momjian.us> wrote: >> >> and say bounce the database server and install the binaries. What I >> have never considered before, and I should have, is the complexity of >> doing this for many remote servers. Can we improve our guidance for >> these cases? >> >> >> Hmm I'm not sure what else we can say. Our upgrade process is already >> drop-dead-simple, especially compared to many (most?) other products out there. >> People painting themselves into corners is not something we can really help >> with. > > I am wondering if we can highlight which upgrades are most important for > users who have complex upgrade processes. Maybe CVEs and corruption > fixes? Personally I would point then at: https://www.postgresql.org/list/pgsql-announce/ and/or: https://www.postgresql.org/docs/release/ I would think that informs users and let's them determine what is important to their situation. -- Adrian Klaver adrian.klaver@aklaver.com