Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wUj8r-001Og4-08 for pgadmin-support@arkaria.postgresql.org; Wed, 03 Jun 2026 10:48:09 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wUj8p-0016dY-1t for pgadmin-support@arkaria.postgresql.org; Wed, 03 Jun 2026 10:48:07 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wUj8p-0016dQ-1B for pgadmin-support@lists.postgresql.org; Wed, 03 Jun 2026 10:48:07 +0000 Received: from four.baremetal.ca ([67.223.102.125]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wUj8m-00000000tgf-1uv6 for pgadmin-support@lists.postgresql.org; Wed, 03 Jun 2026 10:48:05 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=darrenduncan.net; h= message-id:date:mime-version:subject:to:references:from :in-reply-to:content-type:content-transfer-encoding; s= 2024062918; bh=mfM7E1WRC/J7Fhtlnn0AyislqE0=; b=W6Ihn040YMS6YlaPG L7l/v17MnuwuWQOWIyixfZGjm26yc1qOOs408knPaERPxy2BW3Wpv1aJ+toKFPkl nRGZYCWnns2JFrRfF3l6xSbLRW25Oi2jjMC0b/XutmftXbIUBZP0f7cvHtm/IPcf fEjdp4zA2wugeF5Dd/Vpzkvwrc= Received: from [192.168.1.66] (d162-156-53-206.bchsia.telus.net [162.156.53.206]) by four.baremetal.ca (Postfix) with ESMTP id A316240BDC30 for ; Wed, 3 Jun 2026 03:48:01 -0700 (PDT) Message-ID: <3cfc7da6-5c30-442d-8083-f171c8e5ef25@darrenduncan.net> Date: Wed, 3 Jun 2026 03:48:01 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Help with remediation for vulnerabilities for pgadmin4 version 9.x in RH8 To: pgadmin-support@lists.postgresql.org References: Content-Language: en-CA From: Darren Duncan In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 2026-06-01 1:00 p.m., Kristen Delack wrote: > I am the Operations & Maintenance software development team lead on the National > Weather Service's (NWS) Advanced Weather Interactive Processing System (AWIPS) > program. We use pgadmin4 on RHEL8. We just recently upgraded to version 9.12 > before a new vulnerability in > versions up through 9.14 was announced. We see that version 9.15 mitigates this > vulnerability, but according to your page pgadmin-4-rpm/>, 9.14 is the last supported release for RH8. Does this mean that > no further versions of 9.x for RH8 will be released when vulnerabilities areĀ found? That is usually what this means, yes. But this should not be too big of a challenge for you to overcome. Since PgAdmin4 is a database client program and not a server, it should be fairly low risk for you to just use a machine with a newer operating system than RH8 and run the latest most secure PgAdmin4 on it instead. Being a client, nothing else has to talk to or be compatible with the new machine. So you can upgrade to the latest PgAdmin4 without having to update anything else really at the same time. The new machine can be just for running PgAdmin4 initially. Darren Duncan