On Friday, October 29, 2021, Joel Mariadasan (jomariad) <jomar...@cisco.com> wrote:
> Detected by Automated Scanning tool: > > *libxml 2.9.10* > > > > Can you confirm if this is the same version of libxml used in Postgres? > > We want to confirm if the detection is a false positive or a vulnerability. > > > IIUC (though I’m more familiar with Linux) the core project has now control over which versions of external libraries get installed onto ones machine. In particular the core project only supports compiled from source installation. David J.
