Heads-up: PostgreSQL security release coming on April 4, 2013


As Evergreen is built with PostgreSQL at the core, the following PostgreSQL news announcement should be of concern to Evergreen administrators:

Upcoming PostgreSQL Security Release: April 4, 2013
Posted on 2013-03-28

The PostgreSQL Global Development Group will be releasing a security update for all supported versions on Thursday April 4th, 2013. This release will include a fix for a high-exposure security vulnerability. All users are strongly urged to apply the update as soon as it is available.

We are providing this advance notice so that users may schedule an update of their production systems on or shortly after April 4th.

As always, update releases only require installation of packages and a database system restart. You do not need to dump/restore or use pg_upgrade for this update release.

Please be prepared to update to the security release. While a typical Evergreen configuration does not expose PostgreSQL to public access, the nature of this announcement is unusual for PostgreSQL and suggests that the vulnerability may be particularly concerning.


About Dan Scott

I'm the systems librarian for Laurentian University, with a background in information architecture, database software development, and project planning from spending 8 years with IBM.