On Thursday, November 11, 2021, Bruce Momjian <
bruce@momjian.us> wrote:
On Thu, Nov 11, 2021 at 03:49:29PM +0000, Kishore Isaac wrote:
>
>
> We were informed by a customer using Tenable reports that we needed to upgrade
> Postgres from 12.2 to 12.7 due to vulnerability issues. We have since upgraded
> to the requested version of Postgres (12.7) but the Tenable report scans still
> show that the version is 12.2. After reaching out the Tenable, we found that
> the version information is not updated in the system registry where Tenable is
> pulling the information from. Is there any resolution for this?
>
>
>
> Below is the registry information:
Uh, I have no idea what Tenable is, which I think means we don't control
that way of distributing Postgres.
IIUC Tenable is just a system scanner. Apparently whomever built the Windows installer/upgrade binary for this customer (likely EDB) puts version info, during initial install, into the Window’s Registry but doesn’t update that information upon performing a minor release patch. This seems like a bug, though not of the core project but the distributor.
David J.