On Tue, 26 Oct 2004 13:30:49 +0200
Ian Barwick <barwick@gmail.com> wrote
> On Tue, 26 Oct 2004 18:22:55 +0900, Joel <rees@ddcom.co.jp> wrote:
> > I seem to remember reading a post on this, but searching marc does not
> > seem to bring it up immediately.
> >
> > Company BBS is on postgresql, but it's still at 7.1. The guy in charge
> > of it wants some ballpark estimates and warnings about upgrading to 7.4
> > so he doesn't have to worry about the recent vulnerabilities.
> >
> > War stories? Things to watch out for?
>
> Off the top of my head: over-length data inserted into varchar fields
> will no longer be silently truncated, raising an error instead ( a big
> source of problems with web-based apps); also, the LIMIT x,y syntax
> will no longer work.
>
> Your best bet is fro someone who knows your system to go through the
> PostgreSQL release notes.
Thanks.
The guy in charge of this bbs is, of course, looking to avoid work
(don't we all), so he was wondering about whether 7.1 was subject to
this vulnerability and the possible data loss bug.
I did a little research, and it looks like 7.1.3 is the last of the 7.1
line. Security Focus reports a boundary condition vulnerability for
7.1.3 from 2003. So it doesn't look wise to leave it at 7.1 forever, I
suppose.
I'm looking at the release notes for 7.2 and thinking that, when we make
the jump, jumping to 7.4 will probably be the best bet.
Any other suggestions? Any thoughts on the urgency of the move?
--
Joel <rees@ddcom.co.jp>