Re: a vulnerability in PostgreSQL

I hope you won't make this standard practice. Because there are quite
significant differences that make upgrading from 7.1.x to 7.2 troublesome.
I can't name them offhand but they've appeared on the list from time to time.

For 6.5.x to 7.1.x I believe there are smaller differences, even so there
might be people who would patch for security/bug issues but not upgrade.
I'm still on Windows 95 for instance (Microsoft has stopped supporting it
tho :( ). I think there are still lots of people on Oracle 7.

Yes support of older software is a pain. But the silver lining is: it's
open source they can feasibly patch it themselves if they are really hard
pressed. If the bug report is descriptive enough DIY might not be so bad.
And just think of it as people really liking your work :).

Any idea which versions of Postgresql have been bundled with O/S CDs?

Regards,
Link.

At 10:23 AM 5/2/02 -0400, Tom Lane wrote:
>Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp> writes:
> > Here are the precise conditions to trigger the scenario:
>
> > (1) the backend is PostgreSQL 6.5.x
> > (2) multibyte support is enabled (--enable-multibyte)
> > (3) the database encoding is SQL_ASCII (other encodings are not
> > affected by the bug).
> > (4) the client encoding is set to other than SQL_ASCII
>
> > I think I am responsible for this since I originally wrote the
> > code. Sorry for this. I'm going to make back port patches to fix the
> > problem for pre 7.2 versions.
>
>It doesn't really seem worth the trouble to make patches for 6.5.x.
>If someone hasn't upgraded yet, they aren't likely to install patches
>either. (ISTR there are other known security risks in 6.5, anyway.)
>If the problem is fixed in 7.0 and later, why not just tell people to
>upgrade?
>
> regards, tom lane
>
>---------------------------(end of broadcast)---------------------------
>TIP 4: Don't 'kill -9' the postmaster