Tom Lane wrote:
>Andrew Dunstan <andrew@dunslane.net> writes:
>
>
>>Currently we have this in plperl.c:
>> "require Safe;"
>>I am thinking of submitting a patch to replace this with "use Safe
>>2.09;" to enforce use of a version without the known vulnerability.
>>
>>
>
>This would break both plperl and plperlu on older Perls. Please see
>if you can avoid breaking plperlu.
>
>For that matter, does plperl.c really cope properly with a failure in
>this code at all? I sure don't see anything that looks like error
>handling in plperl_init_interp().
>
>
>
>
I will look at it. It will probably require some non-trivial rework.
I do agree that we should not break more old stuff than is necessary.
cheers
andrew
