Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i

Hi,

I have many customers using PG 15.3 happily, and I cannot just snap upgrade them all to 15.12.

I have tested a nasty trick of replacing PSQL,LIBPQ and several other DLL's so that I have a PG client 15.12 within the folders of Server 15.3.

All working just fine.

I plan to ship it as a patch - but would like to hear you opinion on this "merge".

(Of course, the next version will use PG 17.4, so this is just an SOS action).

Thanks

Danny
BMC Software

Directory of C:\Users\dbauser\Desktop\15.12

02/20/2025 11:48 AM 4,696,576 libcrypto-3-x64.dll
02/20/2025 11:48 AM 1,850,401 libiconv-2.dll
02/20/2025 11:48 AM 475,769 libintl-9.dll
02/20/2025 11:48 AM 323,584 libpq.dll
02/20/2025 11:48 AM 779,776 libssl-3-x64.dll
02/20/2025 11:48 AM 52,736 libwinpthread-1.dll
02/20/2025 11:48 AM 604,160 psql.exe

==
C:\Program Files\BMC Software\Control-M Server\pgsql\bin>postgres -V
postgres (PostgreSQL) 15.3

C:\Program Files\BMC Software\Control-M Server\pgsql\bin>psql -V
psql (PostgreSQL) 15.12