Re: Tenable Report Issue even after upgrading to correct Postgres version

On Thursday, November 11, 2021, Bruce Momjian <bruce@momjian.us> wrote:

On Thu, Nov 11, 2021 at 03:49:29PM +0000, Kishore Isaac wrote:
>
>
> We were informed by a customer using Tenable reports that we needed to upgrade
> Postgres from 12.2 to 12.7 due to vulnerability issues. We have since upgraded
> to the requested version of Postgres (12.7) but the Tenable report scans still
> show that the version is 12.2. After reaching out the Tenable, we found that
> the version information is not updated in the system registry where Tenable is
> pulling the information from. Is there any resolution for this?
>
> 
>
> Below is the registry information:

Uh, I have no idea what Tenable is, which I think means we don't control
that way of distributing Postgres.

IIUC Tenable is just a system scanner.  Apparently whomever built the Windows installer/upgrade binary for this customer (likely EDB) puts version info, during initial install, into the Window’s Registry but doesn’t update that information upon performing a minor release patch.  This seems like a bug, though not of the core project but the distributor.

David J.