We are being told by our vulnerability scanning group at our version of PostgreSQL are at risk. As per this advisory - https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ , they are stating we should be moving to 14.22. Are there plans to update the NTM package to include the newer version of PostgreSQL? We are currently being given a deadline of May of this year to comply.
Thanks!
Hey Art! We’ll be updating the version of PGSQL shipped with Threat Manager to 14.22 well before May. Keep an eye out for release notes so you know when that becomes available.
Also, I forgot to mention in my last post, you can go to the EDB website and grab the latest version of PG14 and install it to replace what we shipped in the last hotfix.
A note to others that may come across this later, you must install the same major version of PGSQL, in this case 14, and you must have already installed PGSQL with our installer that we ship so it sets up the database and schema.
Haven’t seen or had this reported yet. I’m curious if you reboot the NTM server if PGSQL is going to automatically start. Based on the error, I imagine that is worth checking.
I did reboot and it did start so I guess I’m good to go. It does show 14.22 as the version as well.
Hey Kevin,
We may have unearthed a unintended consequence of installing that 14.22 patch from EDB. I was working with Mike Candon on a ticket and we tried to upgrade NTM to 3.1.528 and it failed with some generic database error and rolled back. I’m not sure where that log might be but we’re wondering if having that 14.22 patch in place screwed up the install for some reason? Thoughts? We’re back on 514 FYI.
Hey Art, the team shared that updating to a more recent version PGSQL as long as it was the same major version should cause no issues. That is definitely an unexpected scenario. Can you please work with support to get this escalated to the development team so they can review your specific scenario?
