Update postgresql 10.9 -> 10.11, 9.6.14 -> 9.6.16. Resolves CVE-2019-10208.
Updates postgresql from 9.6.14 to 9.6.16 and postgresql_new 10.9 and 10.11 to remediate CVE-2019-10208.
Doing this on .com master since the CVE is already public. Will backport this change 12.7, 12.6, and 12.5 on dev/omnibus-gitlab.
Related issues
- https://gitlab.com/gitlab-org/distribution/team-tasks/issues/542
- https://dev.gitlab.org/gitlab/gitlabhq/issues/2968
Developer checklist
-
Link to the developer security workflow issue on dev.gitlab.org
-
MR targets master
, orX-Y-stable
for backports -
Milestone is set for the version this MR applies to -
Title of this MR is the same as for all backports -
A CHANGELOG entry is added without a merge_request
value, withtype
set tosecurity
-
Add a link to this MR in the links
section of related issue -
Add a link to an EE MR if required -
Assign to a reviewer
Reviewer checklist
-
Correct milestone is applied and the title is matching across all backports -
Assigned to @gitlab-release-tools-bot
with passing CI pipelines
Edited by 🤖 GitLab Bot 🤖