| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: IMPORTANT: Out-of-cycle release scheduled for November 21, 2024 |
| Date: | 2024-11-21 03:09:38 |
| Message-ID: | Zz6kcv0qxfHCSTpv@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Nov 20, 2024 at 09:49:27PM -0500, Jonathan Katz wrote:
> That said, while it's certainly advisable to upgrade based on having CVEs in
> a release, many upgrade patterns are determined by the CVE score[2]. For
> example, a HIGH score (7.0 - 8.9 - our highest for this release was 8.8; 3
> of them were less than 5.0) often dictates upgrading within 14-30 days of
> announcing the CVE, and lower scores having more time. This could be why
> people didn't complain, particularly because we got the announcement out 36
> hours after the release, and stated the updates would be available within
> the next week.
Makes sense. This is the discussion I wanted to have. Thanks.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
When a patient asks the doctor, "Am I going to die?", he means
"Am I going to die soon?"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan S. Katz | 2024-11-21 03:12:55 | Re: IMPORTANT: Out-of-cycle release scheduled for November 21, 2024 |
| Previous Message | Bruce Momjian | 2024-11-21 03:08:30 | Re: IMPORTANT: Out-of-cycle release scheduled for November 21, 2024 |