Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Thomas Munro <thomas.munro@gmail.com>
Cc: Michael Paquier <michael@paquier.xyz>,
Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-09-07T11:44:11Z
Lists: pgsql-hackers
> On 7 Sep 2023, at 13:30, Thomas Munro <thomas.munro@gmail.com> wrote: > I don't like the idea that our *next* release's library version > horizon is controlled by Red Hat's "ELS" phase. Agreed. If we instead fence it by "only non-EOL version" then 1.1.1 is also on the chopping block for v17 as it goes EOL in 4 days from now with 1.1.1w (which contains a CVE, going out with a bang). Not sure what the best strategy is, but whichever we opt for I think the most important point is to document it clearly. > These hypothetical users that want to run > an OS even older than that and don't know how to get modern crypto > libraries on it but insist on a shiny new PostgreSQL release and build > it from source because there are no packages available... don't exist? Sadly I wouldn't be the least bit surprised if there are 1.0.2 users on modern operating systems, especially given its LTS status (which OpenSSL hasn't even capped but sells by "for as long as it remains commercially viable to do so" basis). That being said, my gut feeling is that 3.x has gotten pretty good market penetration. -- Daniel Gustafsson
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove obsolete unconstify()
- 1fb2308e698e 18.0 landed
-
Only perform pg_strong_random init when required
- c3333dbc0c0f 18.0 landed
-
Remove support for OpenSSL older than 1.1.0
- a70e01d4306f 18.0 landed
-
Support SSL_R_VERSION_TOO_LOW when using LibreSSL
- d80f2ce29465 17.0 landed
-
Support disallowing SSL renegotiation when using LibreSSL
- 44e27f0a6d07 17.0 landed
-
Doc: Use past tense for things which happened in the past
- 91d6429fad55 17.0 landed
-
Remove support for OpenSSL 1.0.1
- 8e278b657664 17.0 landed
-
Remove support for OpenSSL 0.9.8 and 1.0.0
- 7b283d0e1d1d 13.0 cited