Christopher Kings-Lynne said:
> There have been HEAPS of security fixes between 7.2 and 7.3.
That's only the case if your definition of a "security fix" is pretty fast
and loose -- as yours seems to be.
> Depending
> on your definition of security. eg. Going 'select cash_out(2);' on any
> 7.2 server and below will crash the backend.
If you consider that a security flaw, there are still innumerable problems
of a very similar nature in 7.3 or 7.4-devel (*any* situation in which an
untrusted client can execute arbitrary SQL will allow for resource
exhaustion, at the very least).
By a more reasonable definition of "security flaw", I'm not aware of any
significant outstanding problems in 7.2.3 -- there are a bunch of buffer
handling fixes in 7.3, but they were made for the sake of correctness
(a.k.a. paranoia), not necessarily to fix an actual vulnerability.
Cheers,
Neil