libxml2 author overwhelmed with security requests

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: PostgreSQL-development <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: libxml2 author overwhelmed with security requests
Date: 2025-06-19 01:41:40
Message-ID: aFNq1HR6rA5rrFij@momjian.us
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

This blog post explains the serious problems the single libxml2 author
is having in maintaining the library:

https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports

There are few learnings from this:

* libxml2 is even less production-ready than we thought
* many projects don't have the resources we do

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

Do not let urgent matters crowd out time for investment in the future.

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message jian he 2025-06-19 02:38:28 Re: pg_dump misses comments on NOT NULL constraints
Previous Message Peter Geoghegan 2025-06-19 00:41:22 Making Row Comparison NULL row member handling more robust during skip scans