> On 29 Aug 2024, at 14:54, James Watt <crispy.james.w...@gmail.com> wrote: > > Our tool have detected that postgre in the version of REL9_6_18~ REL9_6_24 > may also affected by the vulnerability CVE-2022-2625. The vulnerability > database does not include these versions and you may not fix it in the REL9_6 > branch. Is there a need to backport the patch of CVE-2022-2625?
9.6 was EOL at the time of 2022-2625 being announced and thus wasn't considered for a backport of the fix, the project only applies fixes to supported versions. Anyone still running 9.6 in production is highly recommended to upgrade to a supported version. -- Daniel Gustafsson
