Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10 - Mailing list pgsql-general

From Adrian Klaver
Subject Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
Date
Msg-id 906cc022-e33e-4693-ae58-7ecd9f414192@aklaver.com
Whole thread Raw
In response to Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10  (Bruce Momjian <bruce@momjian.us>)
List pgsql-general
On 11/23/24 10:57, Bruce Momjian wrote:
> On Sat, Nov 23, 2024 at 01:30:13PM -0500, Greg Sabino Mullane wrote:
>> On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <bruce@momjian.us> wrote:
>>
>>      and say bounce the database server and install the binaries.  What I
>>      have never considered before, and I should have, is the complexity of
>>      doing this for many remote servers.  Can we improve our guidance for
>>      these cases?
>>
>>
>> Hmm I'm not sure what else we can say. Our upgrade process is already
>> drop-dead-simple, especially compared to many (most?) other products out there.
>> People painting themselves into corners is not something we can really help
>> with.
> 
> I am wondering if we can highlight which upgrades are most important for
> users who have complex upgrade processes.  Maybe CVEs and corruption
> fixes?

Personally I would point then at:

https://www.postgresql.org/list/pgsql-announce/

and/or:

https://www.postgresql.org/docs/release/

I would think that informs users and let's them determine what is 
important to their situation.



-- 
Adrian Klaver
adrian.klaver@aklaver.com




pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Question About Native Support for SQL:2011 Temporal Tables in PostgreSQL
Next
From: Gianni Ceccarelli
Date:
Subject: Version upgrades and replication