Andrew Dunstan <andrew@dunslane.net> writes:
> Currently we have this in plperl.c:
> "require Safe;"
> I am thinking of submitting a patch to replace this with "use Safe
> 2.09;" to enforce use of a version without the known vulnerability.
This would break both plperl and plperlu on older Perls. Please see
if you can avoid breaking plperlu.
For that matter, does plperl.c really cope properly with a failure in
this code at all? I sure don't see anything that looks like error
handling in plperl_init_interp().
regards, tom lane