[QGIS-Developer] PostgreSQL vulnerability in the QGIS application

Greg Troxel gdt at lexort.com
Wed Jul 8 08:36:21 PDT 2026


Bo Victor Thomsen via QGIS-Developer <qgis-developer at lists.osgeo.org>
writes:

> As of today, You have 2 options to get the desired postgres upgrades
> (18.4.1):
>
>  * Install the latest LTR version af QGIS, ver. 3.44.12. It comes with
>    version 18.4.1 of pqlib (Postgres communication).
>  * Install the newest version of QGIS, version 4.2.0 . It too, comes
>    with pqlib version 18.4.1.
>
>    Version 4.2.*0* is an "Early adopter" version -  not yet suited for
>    enterprise use. However, If you can wait, version 4.2*.4*, will be
>    the new LRT version around October 30, 2026.

But qgis *source code* does not come with postgresql at all.  You are
talking about a particular binary package, and I think it would be
helpful if messages describing binary packages identify the binary
package, every time.


More information about the QGIS-Developer mailing list