Please note the EDB windows installer updates carrying the OpenSSL 1.1.1n are already available for download through website and stackbuilder. The latest PG installer versions for all the branches are:
"David G. Johnston" <david.g.johnston@gmail.com> writes: > I do find it sad that this question about when a CVE has been patched is > being asked where the active version is 10 months old and missing 3 > PostgreSQL CVE fixes, including an SSL related one in 13.5
In the OP's defense, this OpenSSL CVE does look a lot scarier than any of ours ... if I'm reading it right, anyone who can reach your postmaster port can arrange to chew 100% CPU on your server. OTOH, they can't do anything more than that, and you probably shouldn't have your DB server accessible from the open internet anyway.
