libxml2 author overwhelmed with security requests
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: PostgreSQL-development <pgsql-hackers@lists.postgresql.org>
Date: 2025-06-19T01:41:40Z
Lists: pgsql-hackers
This blog post explains the serious problems the single libxml2 author is having in maintaining the library: https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports There are few learnings from this: * libxml2 is even less production-ready than we thought * many projects don't have the resources we do -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.