On 05/15/2015 06:53 PM, Josh Berkus wrote:
> On 05/13/2015 06:33 PM, Josh Berkus wrote:
>> WWW,
>>
>> Attached is a patch which splits the security.html page into two pages:
>> security.html, which contains information about vulnerabilities in
>> supported versions, and security_archive.html, which contains
>> information about vulnerabilities which appear only in unsupported versions.
>>
>> If the patch doesn't suit you, can you view this on github:
>> https://github.com/jberkus/pgweb/tree/split_security
>
> Accept/reject/modify? Anyone?
I was not aware we had a 24h SLA or such on reacting to patches yet -
somebody should have told me :)
Anyway I have now pushed this one with one though I took the liberty to
add the "may" to "Users still running on unsupported PostgreSQL versions
are strongly urged to upgrade as soon as possible, as those versions may
contain unpatched security vulnerabilities."
I found the old wording too hard because I dont think it is a given that
just because a version is unsupported it will automatically have
security vulnerabilities.
Stefan