[QGIS-Developer] PostgreSQL vulnerability in the QGIS application
HarishKumar J, (Springbord)
harishkumar.jayakumar at springbord.com
Wed Jul 1 22:47:46 PDT 2026
Hi There,
I hope you are well!
We are currently using QGIS version 4.0.3 and have identified that it comes
bundled with PostgreSQL version 17.0.3.
Our security monitoring has flagged multiple high-priority vulnerabilities
within this version of PostgreSQL (including CVE-2025-4207 and others).
According to PostgreSQL security recommendations, a secure version would be
17.10 or higher.
Could you please confirm if there is a newer release of QGIS that bundles a
secure version of PostgreSQL? Additionally, if a bundled update is not yet
available, please advise on the recommended process for upgrading the
internal PostgreSQL component to version 17.10 or above without impacting
the QGIS application's stability.
Thanks,
Harish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20260702/3b6124b9/attachment.htm>
More information about the QGIS-Developer
mailing list