reshke commented on issue #1640: URL: https://github.com/apache/cloudberry/issues/1640#issuecomment-4154176452
> Hi [@reshke](https://github.com/reshke), > > Thanks for opening this issue! Just want to make sure we're on the same page here. š > > It looks like you're proposing to cherry-pick the range of PostgreSQL commits from `2e4229691c6` (doc fix in 14.6) through `dfb5ad7cf0d` (14.7 release notes / [CVE-2022-41862](https://github.com/advisories/GHSA-fr68-cm8v-7vv6)) into Cloudberry. That's a great idea ā keeping up with upstream security and bug fixes is really valuable for the project. > > A few things worth noting as context: > > * Cloudberry is currently based on **PostgreSQL 14.4**. So far, the approach has been to selectively cherry-pick individual fixes from later 14.x releases (e.g., the PG 14.5 stats privilege fix in [Cherry-pick pg14.5 commit: Fix incorrect permissions-checking code for extended statistics.Ā #1550](https://github.com/apache/cloudberry/pull/1550)/[Cherry-pick of CVE fix: Fix privilege checks in pg_stats_ext and pg_sā¦Ā #1551](https://github.com/apache/cloudberry/pull/1551)) rather than doing bulk merges. > * A range like 14.6 ā 14.7 could include a significant number of commits, some of which may conflict with Cloudberry/Greenplum-specific changes in areas like the planner, executor, or catalog. > > It would be really helpful if you could provide a bit more detail on the scope and motivation: > > 1. Are there specific fixes or CVEs within this range that you're particularly interested in? > 2. Would you be interested in contributing this work, or is this more of a feature request for the community to pick up? > 3. Have you had a chance to assess potential conflicts with CBDB-specific code? > > Would love to discuss further and figure out the best way to approach this. Thanks again for bringing it up! š Hi! This issue is merely a part of https://github.com/orgs/apache/projects/572, targeting REL_2_STABLE branch of CBDB, which is currently based of 14.6. See https://github.com/apache/cloudberry/pull/1636 https://github.com/apache/cloudberry/pull/1621 etc As for CVE fixes - we have almost all of 14.4-14.20 CVE fixes in main. Few are still in work -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
