Re: PostgreSQL and OpenSSL 4.0.0
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Tom Lane <tgl@sss.pgh.pa.us>,
PostgreSQL-development <pgsql-hackers@lists.postgresql.org>
Date: 2026-05-08T07:21:25Z
Lists: pgsql-hackers
> On 8 May 2026, at 09:17, Michael Paquier <michael@paquier.xyz> wrote: > > On Fri, May 08, 2026 at 09:07:41AM +0200, Daniel Gustafsson wrote: >> Not sure I follow, anyone still building with a X years out of support OpenSSL >> will most likely keep doing so regardless of what CVE's are published. It >> could of course make backpatching trickier if thats what you mean? > > Argh. I've misread you here, reading a "lowest" rather than > "highest". Documenting that 3.6 is the highest version support on > 14-stable would also work here. My apologies for the confusion. Ah, now it makes more sense =) > If the patches for REL_14_STABLE to add support for 4.0 prove to be > low-risk while messing with 1.0.1, that would the best course of > action, of course. I think the changes are straightforward enough that we can go ahead with them. I'll re-test and re-post a new patchset for all branches once the minors ship. -- Daniel Gustafsson