Thread: Security patch older releases

Security patch older releases

From
Erika Knihti-Van Driessche
Date:
Hi,

I think I've seen this question pass by earlier, but don't immediately find it back..

So, I have postgres 9.6.9 and customer wants it to be updated to 9.6.11, because that is their current testing "sandbox" version, which was not installed by me and is also another linux distro. 

Now, the newest security update is 9.6.15.. If I download that RHEL repository, I will automatically get that version, and won't be able to choose the exact patch.. 

So my question is, is there a way to get the 9.6.11 update?

Thanks in advance!
Erika

Re: Security patch older releases

From
Magnus Hagander
Date:
 Thu, Aug 29, 2019 at 2:05 PM Erika Knihti-Van Driessche <erika.knihti@gmail.com> wrote:
Hi,

I think I've seen this question pass by earlier, but don't immediately find it back..

So, I have postgres 9.6.9 and customer wants it to be updated to 9.6.11, because that is their current testing "sandbox" version, which was not installed by me and is also another linux distro. 

Now, the newest security update is 9.6.15.. If I download that RHEL repository, I will automatically get that version, and won't be able to choose the exact patch.. 

So my question is, is there a way to get the 9.6.11 update?


PostgreSQL does not release individual security patches. The way to get the security patch is to install the latest minor version, see  https://www.postgresql.org/support/security/.

If you want to get an individual security patch you will have to cherry pick it from git and build your own server from source. But per the above link, it is really recommended that you don't do that. Instead, do it the way it's intended to, which means install the latest minor release.

Why would you not want the other security patches, or other important bugfixes?

--

Re: Security patch older releases

From
Luca Ferrari
Date:
On Thu, Aug 29, 2019 at 2:05 PM Erika Knihti-Van Driessche
<erika.knihti@gmail.com> wrote:
> So, I have postgres 9.6.9 and customer wants it to be updated to 9.6.11, because that is their current testing
"sandbox"version, which was not installed by me and is also another linux distro.
 

Binary packages are always at the latest minor version, so you have to
either force your client to test against latest version or install it
by your own downloading the tarball or using tools like pgenv and
alike.

Luca



Re: Security patch older releases

From
Erika Knihti-Van Driessche
Date:
Hi,

I was a bit afraid of this.. And of course I want all the latest security improvements, it's not about that.. it was about  the other release sandbox. Maybe they can then first patch their sandbox, issue solved ;-)

Thanks for all the replies & have a nice end of week!
Erika

On Thu, 29 Aug 2019 at 14:25, Luca Ferrari <fluca1978@gmail.com> wrote:
On Thu, Aug 29, 2019 at 2:05 PM Erika Knihti-Van Driessche
<erika.knihti@gmail.com> wrote:
> So, I have postgres 9.6.9 and customer wants it to be updated to 9.6.11, because that is their current testing "sandbox" version, which was not installed by me and is also another linux distro.

Binary packages are always at the latest minor version, so you have to
either force your client to test against latest version or install it
by your own downloading the tarball or using tools like pgenv and
alike.

Luca