Thread

  1. Re: PostgreSQL and OpenSSL 4.0.0

    Daniel Gustafsson <daniel@yesql.se> — 2026-05-08T07:21:25Z

    > On 8 May 2026, at 09:17, Michael Paquier <michael@paquier.xyz> wrote:
    > 
    > On Fri, May 08, 2026 at 09:07:41AM +0200, Daniel Gustafsson wrote:
    >> Not sure I follow, anyone still building with a X years out of support OpenSSL
    >> will most likely keep doing so regardless of what CVE's are published.  It
    >> could of course make backpatching trickier if thats what you mean?
    > 
    > Argh.  I've misread you here, reading a "lowest" rather than
    > "highest".   Documenting that 3.6 is the highest version support on 
    > 14-stable would also work here.  My apologies for the confusion.
    
    Ah, now it makes more sense =)
    
    > If the patches for REL_14_STABLE to add support for 4.0 prove to be
    > low-risk while messing with 1.0.1, that would the best course of
    > action, of course.
    
    I think the changes are straightforward enough that we can go ahead with them.
    I'll re-test and re-post a new patchset for all branches once the minors ship.
    
    --
    Daniel Gustafsson