summaryrefslogtreecommitdiff
path: root/databases/postgresql15-server/files/pkg-message-server.in
diff options
context:
space:
mode:
Diffstat (limited to 'databases/postgresql15-server/files/pkg-message-server.in')
-rw-r--r--databases/postgresql15-server/files/pkg-message-server.in14
1 files changed, 13 insertions, 1 deletions
diff --git a/databases/postgresql15-server/files/pkg-message-server.in b/databases/postgresql15-server/files/pkg-message-server.in
index 6370d4a017cc..946ff1d75b6d 100644
--- a/databases/postgresql15-server/files/pkg-message-server.in
+++ b/databases/postgresql15-server/files/pkg-message-server.in
@@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might
wish to enable data checksumming. It can be enabled during
the initdb phase, by adding the "--data-checksums" flag to
the postgresql_initdb_flags rcvar. Otherwise you can enable it later by
- pg_checksums. Check the initdb(1) manpage for more info
+ using pg_checksums. Check the initdb(1) manpage for more info
and make sure you understand the performance implications.
======================================================================
+
+SECURITY ADVICE
+
+If upgradring from a version 15.x < 15.7:
+A security vulnerability was found in the system views pg_stats_ext
+and pg_stats_ext_exprs, potentially allowing authenticated database
+users to see data they shouldn't. If this is of concern in your
+installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql
+for each of your databases. For details, see
+https://www.postgresql.org/support/security/CVE-2024-4317/
+
+
EOM
}
]
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-07 19:35:46 +0000