On Sun, Feb 16, 2025 at 06:22:30PM +0000, James Addison wrote: > On Sun, Feb 16, 2025 at 4:22???PM Solar Designer <so...@openwall.com> wrote: > > As announced on February 13 in: > > > > https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/ > > https://www.postgresql.org/message-id/173945575457.197393.6175786842655230205%40wrigleys.postgresql.org > > > > > The PostgreSQL Global Development Group has released an update to all > > > supported > > > versions of PostgreSQL, including 17.3, 16.7, 15.11, 14.16, and 13.19. > > > This release fixes 1 security vulnerability and over 70 bugs reported > > > over the > > > last several months. > > > [ ... snip ... ] > > For anyone considering upgrading: please note also that the fix for > this vulnerability introduced a regression[1] that should be addressed > by subsequent upcoming releases of PostgreSQL on Thursday 2025-02-20 > (a few days from now). > > [1] - > https://www.postgresql.org/message-id/272abbd9-d24c-49f1-8b61-83721906a...@postgresql.org
This has in fact happened: https://www.postgresql.org/about/news/postgresql-174-168-1512-1417-and-1320-released-3018/ https://www.postgresql.org/message-id/174006113082.664.12166915817407398396%40wrigleys.postgresql.org > The PostgreSQL Global Development Group has released an update to all > supported > versions of PostgreSQL, including 17.4, 16.8, 15.12, 14.17, and 13.20. > > For the full list of changes, please review the > [release notes](https://www.postgresql.org/docs/release/). > > Bug Fixes and Improvements > -------------------------- > > The issues listed below affect PostgreSQL 17. Some of these issues may also > affect other supported versions of PostgreSQL. > > * Improve behavior of quoting functions in > [`libpq`](https://www.postgresql.org/docs/current/libpq.html). > The fix for > [CVE-2025-1094](https://www.postgresql.org/support/security/CVE-2025-1094/) > caused the quoting functions to not honor their string length parameters and, > in > some cases, cause crashes. This problem could be noticeable from a PostgreSQL > client library, based on how it is integrated with `libpq`. > * Fix small memory leak in > [`pg_createsubscriber`](https://www.postgresql.org/docs/current/app-pgcreatesubscriber.html). Alexander
