Re: Tenable Report Issue even after upgrading to correct Postgres version

On Thursday, November 11, 2021, Bruce Momjian <bruce(at)momjian(dot)us> wrote:

> On Thu, Nov 11, 2021 at 03:49:29PM +0000, Kishore Isaac wrote:
> >
> >
> > We were informed by a customer using Tenable reports that we needed to
> upgrade
> > Postgres from 12.2 to 12.7 due to vulnerability issues. We have since
> upgraded
> > to the requested version of Postgres (12.7) but the Tenable report scans
> still
> > show that the version is 12.2. After reaching out the Tenable, we found
> that
> > the version information is not updated in the system registry where
> Tenable is
> > pulling the information from. Is there any resolution for this?
> >
> >
> >
> > Below is the registry information:
>
> Uh, I have no idea what Tenable is, which I think means we don't control
> that way of distributing Postgres.
>

IIUC Tenable is just a system scanner. Apparently whomever built the
Windows installer/upgrade binary for this customer (likely EDB) puts
version info, during initial install, into the Window’s Registry but
doesn’t update that information upon performing a minor release patch.
This seems like a bug, though not of the core project but the distributor.

David J.