Quick Links

Re: libxml2 author overwhelmed with security requests

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Bruce Momjian <bruce(at)momjian(dot)us>
Cc:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, Jim Jones <jim(dot)jones(at)uni-muenster(dot)de>, PostgreSQL-development <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: libxml2 author overwhelmed with security requests
Date:	2025-07-28 14:15:17
Message-ID:	415951.1753712117@sss.pgh.pa.us
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Bruce Momjian <bruce(at)momjian(dot)us> writes:
> Where do we think our use of libxml2 is heading? Do you suspect
> security scanners will start negative reporting the use of libxml2?

There's at least one distro that's already stopped building with
--with-libxml out of security concerns. (I forget who exactly,
but it's been mentioned on the PG lists.)

regards, tom lane

In response to

Re: libxml2 author overwhelmed with security requests at 2025-07-28 14:13:12 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tomas Vondra	2025-07-28 14:19:07	Re: Adding basic NUMA awareness
Previous Message	Bruce Momjian	2025-07-28 14:13:12	Re: libxml2 author overwhelmed with security requests