Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
Currently we have this in plperl.c:
"require Safe;"
I am thinking of submitting a patch to replace this with "use Safe 2.09;" to enforce use of a version without the known vulnerability.
This would break both plperl and plperlu on older Perls. Please see if you can avoid breaking plperlu.
For that matter, does plperl.c really cope properly with a failure in this code at all? I sure don't see anything that looks like error handling in plperl_init_interp().
I will look at it. It will probably require some non-trivial rework.
I do agree that we should not break more old stuff than is necessary.
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
