Steve Klabnik changelog.com/posts

Postgres preps for a big security release

UPDATE: Reminder: Upgrade your Postgres today!

Yesterday, I became aware of this email to the PostgresSQL-hackers email list. The email states that there is a very serious security release coming up next week – so bad that they’re taking extra precautions.

Here’s my summary of the email:

The core committee has decided that one of the security issues due to be fixed next week is sufficiently bad that we need to take extra measures to prevent it from becoming public before packages containing the fix are available.

What we intend to do is shut off updates from the master git repo to
the anonymous-git mirror, and to github, from Monday afternoon until
Thursday morning.

We do not intend to start doing this
as a routine thing, and apologize in advance for any disruption.

Every project has security flaws, and it’s great to see the Postgres team take this so seriously. If your team relies heavily on Postgres, consider scheduling a maintenance window sometime shortly after the patch is due to be released, so that you can get your servers fixed up. This one looks to be anomalously big.

Share your thoughts and vote this up on Hacker News.


Discussion

Sign in or Join to comment or subscribe

Player art
  0:00 / 0:00