Re: Backport of CVE-2024-10978 fix to older pgsql versions (11, 9.6, and 9.4)

On Mon, Dec 30, 2024 at 10:02:18PM -0500, Roberto C. Sánchez wrote:
> Do you mean that branches for releases which are EOL are not looked at?
> I understand that completely. What I was hoping for here was that
> someone who was familiar with the old code might be able to look at my
> analysis and either confirm that my conclusion is correct (the behavior
> affected by the regression in the first commit was only introduced after
> 9.4) or not.
>
> I did my best to structure my request in such a way that it would only
> entail minimal effort to answer, assuming that it was viewed by someone
> who had worked on those parts of the code that far back in the past.

Agreed.

> As far as the five year support timeframe, that is amazing and much
> more robust than many (most?) projects. Especially considering the size
> and pace of development here. We do have a small (paid) team that tries
> to support a specific subset of packages going back longer than 5 years.
>
> If my request is not reasonable or somehow inappropriate, then please
> consider it withdrawn.

I think it is good you are asking --- I just don't know if anyone can
help.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

Do not let urgent matters crowd out time for investment in the future.