Message-ID: From: "cbourner (@cbourner)" To: "postgresql-interfaces/psqlodbc" Date: Mon, 09 Mar 2026 23:56:07 +0000 Subject: [postgresql-interfaces/psqlodbc] issue #158: Request: New MSI release with updated OpenSSL (fix for CVE‑2025‑15467) List-Id: X-GitHub-Author-Id: 36651718 X-GitHub-Author-Login: cbourner X-GitHub-Issue: 158 X-GitHub-Repo: postgresql-interfaces/psqlodbc X-GitHub-State: closed X-GitHub-Type: issue X-GitHub-Url: https://github.com/postgresql-interfaces/psqlodbc/issues/158 Content-Type: text/plain; charset=utf-8 Hello maintainers, Could you please publish a new psqlODBC Windows build (MSI) that includes an updated OpenSSL version? The current latest release 7.00.0007 (Nov 2025) uses an OpenSSL which is vulnerable to CVE-2025-15467. This vulnerability has been fixed in OpenSSL versions 3.3.6 / 3.4.4 / 3.5.5 / 3.6.1 / 3.0.19. We are using psqlODBC in production (via SQL Server Reporting Services), and the bundled OpenSSL version is now affected by the above CVE. A new MSI release would allow me to deploy a patched driver without building from source. Thank you — happy to help test if needed.