Thread: Security question
Hello,
I would like to know what’s the best way to track PostgreSQL security patches / CVE notifications.
Should I subscribe to any particular mailing list(s)? RSS feed(s)?
I just want to make sure I get notified as soon as possible whenever a security vulnerability is identified with PostgreSQL.
Thanks,
Jérémi
=?iso-8859-1?Q?Potvin=2C_J=E9r=E9mi?= <Jeremi.Potvin@cra-arc.gc.ca> writes: > I would like to know what's the best way to track PostgreSQL security patches / CVE notifications. > Should I subscribe to any particular mailing list(s)? RSS feed(s)? pgsql-announce is what to read for release notices. > I just want to make sure I get notified as soon as possible whenever a security vulnerability is identified with PostgreSQL. Our release notices generally mention any new CVEs fixed in a release set. For historical data see https://www.postgresql.org/support/security/ regards, tom lane
Thank you very much for your prompt response. Jérémi -----Original Message----- From: Tom Lane <tgl@sss.pgh.pa.us> Sent: September 26, 2019 12:34 PM To: Potvin, Jérémi <Jeremi.Potvin@cra-arc.gc.ca> Cc: pgsql-novice@lists.postgresql.org Subject: Re: Security question =?iso-8859-1?Q?Potvin=2C_J=E9r=E9mi?= <Jeremi.Potvin@cra-arc.gc.ca> writes: > I would like to know what's the best way to track PostgreSQL security patches / CVE notifications. > Should I subscribe to any particular mailing list(s)? RSS feed(s)? pgsql-announce is what to read for release notices. > I just want to make sure I get notified as soon as possible whenever a security vulnerability is identified with PostgreSQL. Our release notices generally mention any new CVEs fixed in a release set. For historical data see https://www.postgresql.org/support/security/ regards, tom lane