BUG #18696: Compatibility Query for Updating zlib1.dll in PostgreSQL 10.2 to Address Security Vulnerabilities

The following bug has been logged on the website:

Bug reference: 18696
Logged by: Minaketan Sabar
Email address: minaketan(dot)sabar(at)gmail(dot)com
PostgreSQL version: Unsupported/Unknown
Operating system: Windows Server 2019 Standard
Description:

Hello Team,

I’d like to share the details of an issue and seek guidance:

Issue/Query: To address the security vulnerabilities “CVE-2022-37434,
CVE-2023-45853,” we are planning to replace the zlib1.dll (currently version
1.2.8, default in PostgreSQL 10.2) with the latest zlib1.dll version 1.3.1.
This version is included in PostgreSQL 16, and we intend to update by
copying the file from the PostgreSQL 16 installation (PostgreSQL\16\bin
folder).

Since the latest version of zlib1.dll (1.3.1) isn’t available for download
as a standalone file, we are considering this approach

I would appreciate your input on the following points:

1. Is zlib1.dll version 1.3.1 compatible with PostgreSQL 10.2, given that
it’s a newer version?
2. If we obtain zlib1.dll from PostgreSQL 16.0 and replace the current file
in PostgreSQL 10.2, will it work seamlessly without introducing any
issues?
3. Is there a URL or source where we could download the zlib1.dll 1.3.1
directly, rather than compiling from source?

Your insights on this would be immensely helpful. Thank you in advance!

Best regards,
Ketan