Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On 11/23/24 10:57, Bruce Momjian wrote:
> On Sat, Nov 23, 2024 at 01:30:13PM -0500, Greg Sabino Mullane wrote:
>> On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <bruce@momjian.us> wrote:
>>
>>      and say bounce the database server and install the binaries.  What I
>>      have never considered before, and I should have, is the complexity of
>>      doing this for many remote servers.  Can we improve our guidance for
>>      these cases?
>>
>>
>> Hmm I'm not sure what else we can say. Our upgrade process is already
>> drop-dead-simple, especially compared to many (most?) other products out there.
>> People painting themselves into corners is not something we can really help
>> with.
> 
> I am wondering if we can highlight which upgrades are most important for
> users who have complex upgrade processes.  Maybe CVEs and corruption
> fixes?

Personally I would point then at:

https://www.postgresql.org/list/pgsql-announce/

and/or:

https://www.postgresql.org/docs/release/

I would think that informs users and let's them determine what is 
important to their situation.



-- 
Adrian Klaver
adrian.klaver@aklaver.com