public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Ron Johnson <[email protected]>
Cc: pgsql-general <[email protected]>
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
Date: Sat, 23 Nov 2024 16:39:07 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <CANzqJaCph4bT6MQEiDCVROiCQf+jqKKWJowEBqKme-qg83Jzfw@mail.gmail.com>
References: <CAONZJQkaLtHeNz3P5wO8-EWPjOJ1M5fgyp8x4Mc4bb_U9n9_6g@mail.gmail.com>
<[email protected]>
<CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com>
<CAKFQuwbW-5yyVPCjyTJ0uwZZvn9J94s1XzuFnoBbMXp3BC3XyQ@mail.gmail.com>
<CAD=40Z2+84YNSM7oMb4QBpuAaadk=9XRw3PGEu5Ui_YsWpmtFA@mail.gmail.com>
<[email protected]>
<Z0A6Eg2FH2Nb5sWO@pureos>
<[email protected]>
<CANzqJaCph4bT6MQEiDCVROiCQf+jqKKWJowEBqKme-qg83Jzfw@mail.gmail.com>
On Sat, Nov 23, 2024 at 03:24:47PM -0500, Ron Johnson wrote:
> On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <[email protected]> wrote:
> [snip]
>
> I have to admit, for this question, we just point people to:
>
> https://www.postgresql.org/support/versioning/
>
> and say bounce the database server and install the binaries. What I
> have never considered before, and I should have, is the complexity of
> doing this for many remote servers. Can we improve our guidance for
> these cases?
>
>
> What guidance is needed? Even for us, where firewalls block our servers from
> https://download.postgresql.org, it's as simple as downloading the relevant RPM
> files once (and that done with a PowerShell script), then patching thusly:
>
> WinScp PG16.4_RHEL8 dir to each server, and on each server
> $ sudo -iu postgres pg_ctl stop -mfast -wt9999 -D /path/to/data
> $ sudo yum install PG16.4_RHEL8/*rpm
> $ sudo -iu postgres pg_ctl start -wt9999 -D /path/to/data
>
> Those three sudo commands take, at most, three minutes.
I am thinking more of cases where you have 100+ customers, and you need
to coordinate/connect to each company to perform the upgrade. Doing
that every quarter might be a lot of work, and it might be hard to
justify for every minor release.
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
When a patient asks the doctor, "Am I going to die?", he means
"Am I going to die soon?"
view thread (25+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox