Hi On Fri, Mar 27, 2020 at 11:02 AM Joel Mariadasan (jomariad) < jomar...@cisco.com> wrote:
> Hi, > > > > We are using pgAdmin 4(version 4.18) that is bundled along with Postgres > 12. > > > > We notice that version 4.18 of pgAdmin packages the following components > that has some open vulnerabilities. > > > > Read component, version, vulnerabilities: > > python 3.7.4 > https://www.cvedetails.com/vulnerability-list/vendor_id-10210/Python.html > > sqlite 3.28.0 > https://www.cvedetails.com/vulnerability-list/vendor_id-9237/Sqlite.html > > zlib 1.2.8 > https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/GNU-Zlib.html > > curl 7.65.3 https://curl.haxx.se/docs/vuln-7.65.3.html > > expat 2.2.7 > https://www.cvedetails.com/vulnerability-list/vendor_id-12037/product_id-22545/Libexpat-Expat.html > > openssl 1.1.1c > https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html > > openssl 1.1.1d > https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html > > > > > > We are using pgAdmin to administer our Database in a customer environment. > > We have the following queries: > > > > 1. Any open vulnerability with the above mentioned component versions > that we should be worried about? > > Please update to the latest release (4.20 as of today - PostgreSQL installer updates should come soon). > > 1. > 2. Is there any roadmap to upgrade the above components used in > pgAdmin tool. > > We continually audit bundled Python and JS components in pgAdmin, and regularly update the other components to the latest versions. Some may lag slightly behind if they're dependencies of other dependencies, e.g. some of those listed are part of the upstream Python release). > > 1. > > > > > > <http://null> > > *Joel Mariadasan* > > ENGINEER.SOFTWARE ENGINEERING > > jomar...@cisco.com > > Mobile: *+91 8197530175* > > Cisco Systems (India) Private Limited > > Cessna Business Park, Kadubeesanahalli > > Varthur Hobli, Sarjapur Marathalli ORR > > Bangalore > > Karnataka > > 560 103 > > India > > This email may contain confidential and privileged material for the sole > use of the intended recipient. Any review, use, distribution or disclosure > by others is strictly prohibited. If you are not the intended recipient (or > authorized to receive for the recipient), please contact the sender by > reply email and delete all copies of this message. > > Update Profile <https://engage2demand.cisco.com/LP=6097> - Unsubscribe > <http://demand.cisco.com/unsubscribe?dtid=osscdc000283> - Privacy > <http://www.cisco.com/web/siteassets/legal/privacy.html> > > Please click here > <http://www.cisco.com/c/en/us/about/legal/terms-sale-software-license-agreement/company-registration-information.html> > for Company Registration > > > > > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
