Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i

On Thu, Mar 6, 2025 at 3:12 AM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
wrote:

> [redirecting to pgsql-general]
>
> On Thu, 2025-03-06 at 07:39 +0000, Abraham, Danny wrote:
> > I have many customers using PG 15.3 happily, and I cannot just snap
> upgrade them all to 15.12.
>
> Why do you think you cannot do that?
> In the long run, you'll be sorry if you don't.
> It is just a matter of replacing the software and restarting the database
> server.
>

It really is that simple. On Linux, at least, it takes me less than two
minutes to:
1. Pause streaming replication between 2 nodes.
2. Stop PG on both nodes.
3. Install the new software.
4. Start PG on both nodes.
5. Resume streaming replication.

That's using PowerShell to do everything; a noticeable part of that 110
seconds is the ssh overhead of logging in and out of servers over our
network, and even more is taken up by me scanning for errors between each
step, and then pasting the next set of commands.

If all your database servers are Windows, then the PS to stop, install and
start on a remote node *should* be even faster (especially if you don't
have replication).

--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!