Christopher Kings-Lynne said: > There have been HEAPS of security fixes between 7.2 and 7.3.
That's only the case if your definition of a "security fix" is pretty fast and loose -- as yours seems to be. > Depending > on your definition of security. eg. Going 'select cash_out(2);' on any > 7.2 server and below will crash the backend. If you consider that a security flaw, there are still innumerable problems of a very similar nature in 7.3 or 7.4-devel (*any* situation in which an untrusted client can execute arbitrary SQL will allow for resource exhaustion, at the very least). By a more reasonable definition of "security flaw", I'm not aware of any significant outstanding problems in 7.2.3 -- there are a bunch of buffer handling fixes in 7.3, but they were made for the sake of correctness (a.k.a. paranoia), not necessarily to fix an actual vulnerability. Cheers, Neil ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
