Closed teimyBr closed 4 months ago
Reinhard-F
commented
4 months ago I think Spilo version 3.0-p1 is affected. This version was built on 10.03.2023. At that time, version 14.7 of postgresql was available for major version 14. See also: https://www.postgresql.org/docs/release/14.7/ If you determine the version in the Spilo container (select version();), this version is displayed there. A new Spilo image is required to fix this CVE.
hughcapet
commented
4 months ago We are not publishing releases now. Any new image you build from master branch now will include the fix
teimyBr
commented
4 months ago is is not possible that zalando is building a new release ?
hughcapet
commented
4 months ago releases in Spilo make no sense now as nothing is pinned, thus we can not preliminarily test the exact same image state internally. That is why we build ghcr images from time to time but they are not called "release". But you can always build your image from maser branch using the Dockerfile
CVE-2024-0985
https://www.postgresql.org/support/security/CVE-2024-0985/
is Spilo effected from this CVE?
And in which version this is fixed?