Re: OpenSSL v1.1.1n in postgres

Daniel Gustafsson <daniel@yesql.se> writes:
>> On 26 Mar 2022, at 18:32, Vibhu Chauhan (iDEAS-ER&D) <vibhu.chauhan@wipro.com> wrote:
>> In one security scan we found that OpenSSL v1.1.1k is vulnerable which is sub-component of postgres 13.3.  From
belowlink we came to know that affected OpenSSL version 1.1.1k is fixed in 1.1.1n version. We wanted to know which
postgresversion having this fix version of OpenSSL? And is there any steps to mitigate the risk of version 1.1.1k? 

> PostgreSQL doesn't come statically linked to any OpenSSL version, you need to
> ask your system administrators and/or PostgreSQL service provider about this.

The question is possibly about the EDB Windows installer, but
it would still be better directed to EDB's support people.

            regards, tom lane