Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

Bruce Momjian <bruce@momjian.us>

From: Bruce Momjian <bruce@momjian.us>
To: Greg Sabino Mullane <htamfids@gmail.com>
Cc: Matthias Apitz <guru@unixarea.de>, Laurenz Albe <laurenz.albe@cybertec.at>, Subhash Udata <subhashudata@gmail.com>, "David G. Johnston" <david.g.johnston@gmail.com>, Adrian Klaver <adrian.klaver@aklaver.com>, 김주연 <mysylph@gmail.com>, "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2024-11-23T18:57:16Z
Lists: pgsql-general
On Sat, Nov 23, 2024 at 01:30:13PM -0500, Greg Sabino Mullane wrote:
> On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <bruce@momjian.us> wrote:
> 
>     and say bounce the database server and install the binaries.  What I
>     have never considered before, and I should have, is the complexity of
>     doing this for many remote servers.  Can we improve our guidance for
>     these cases?
> 
> 
> Hmm I'm not sure what else we can say. Our upgrade process is already
> drop-dead-simple, especially compared to many (most?) other products out there.
> People painting themselves into corners is not something we can really help
> with.

I am wondering if we can highlight which upgrades are most important for
users who have complex upgrade processes.  Maybe CVEs and corruption
fixes?

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  When a patient asks the doctor, "Am I going to die?", he means 
  "Am I going to die soon?"