Skip to content

Upgrade PostgreSQL version from 14 to 17.5#199

Merged
antgamdia merged 8 commits into
mainfrom
TRNT-4392
Jun 23, 2026
Merged

Upgrade PostgreSQL version from 14 to 17.5#199
antgamdia merged 8 commits into
mainfrom
TRNT-4392

Conversation

@antgamdia

@antgamdia antgamdia commented May 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description

This PR updates a core dependency we actively use: the PostgreSQL DB version. This is a major upgrade from 14 to 17.5 to avoid an EOL-ed version. The decision of 17.5 is based upon the corresponding version of SLES 15 SP7. This change is also aligned with other updates in development (see trento-project/web#4290 and trento-project/wanda#712).

However, before performing such a change in the Helm Chart, we needed some upgrade tests (see #195). See below the results of the different tests:

  • c471fd5: Updating subcharts without updating the global version (results in no changes), passing CI as expected.
  • 4bbe906: Changing the global version, failing CI, as there is no data migration.
  • 63e520c: Adding an init container performing the DB data migration, passing CI, as the data is migrated safely and it continues to work as expected.

Depends on #195

Additional information

image

Source

image

Source

antgamdia added 2 commits May 21, 2026 19:40
@antgamdia
Add upgrade chart CI pipeline
4a23f8a 
Signed-off-by: Antonio Gamez Diaz <antonio.gamez@suse.com>
@antgamdia
Update DB to 17.5
c471fd5 
Signed-off-by: Antonio Gamez Diaz <antonio.gamez@suse.com>
@antgamdia antgamdia added the dependencies Pull requests that update a dependency file label May 26, 2026
antgamdia added 2 commits May 26, 2026 15:43
@antgamdia
Actually update DB to 17.5
4bbe906 
Signed-off-by: Antonio Gamez Diaz <antonio.gamez@suse.com>
@antgamdia
Add init container for DB data migration
63e520c 
Signed-off-by: Antonio Gamez Diaz <antonio.gamez@suse.com>
@antgamdia antgamdia requested a review from arbulu89 May 26, 2026 14:25
@antgamdia antgamdia changed the title [TRNT-4392] Upgrade PostgreSQL version from 14 to 17.5 Upgrade PostgreSQL version from 14 to 17.5 Jun 2, 2026
@antgamdia antgamdia requested a review from Copilot June 17, 2026 08:11
Copilot AI reviewed Jun 17, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades the PostgreSQL image version used by the Trento Helm chart from 14 to 17.5 (to avoid an EOL major), and adds a PostgreSQL data upgrade init container to support safe in-place upgrades during chart upgrades.

Changes:

  • Bump PostgreSQL image tags across the main chart and embedded subcharts to 17.5.
  • Add a primary.extraInitContainers entry to run pgautoupgrade before PostgreSQL starts.
  • Increment chart version from 3.2.0-dev1 to 3.2.0-dev2.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
charts/trento-server/values.yaml Updates global PostgreSQL tag to 17.5 and introduces a pgautoupgrade init container for in-place major upgrades.
charts/trento-server/charts/trento-web/values.yaml Updates the PostgreSQL image tag default to 17.5 for the trento-web subchart.
charts/trento-server/charts/trento-wanda/values.yaml Updates the PostgreSQL image tag default to 17.5 for the trento-wanda subchart.
charts/trento-server/charts/postgresql/values.yaml Updates the PostgreSQL subchart image tag default to 17.5.
charts/trento-server/Chart.yaml Bumps chart version to 3.2.0-dev2.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread charts/trento-server/values.yaml
Comment thread charts/trento-server/values.yaml Outdated
Comment thread charts/trento-server/values.yaml Outdated
nelsonkopliku
nelsonkopliku approved these changes Jun 18, 2026
View reviewed changes

@nelsonkopliku nelsonkopliku left a comment
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing against bumping to more recent versions of postgres.

Praise on pgautoupgrade: if it keeps the promise of what it does, that'd be great!

Since the data in trento is not only regeneratable data from discoveries, then:

  • keeping relevant data between upgrades becomes an important topic
  • we can't tell customers to start from a clean sheet
  • we need to keep deps up to date.

Well done!

EDIT: let's make copilot happy

antgamdia added 2 commits June 19, 2026 10:43
@antgamdia
Address PR review
72f751d 
Signed-off-by: Antonio Gamez Diaz <antonio.gamez@suse.com>
@antgamdia
Merge branch 'main' into TRNT-4392
8202f1f
@antgamdia antgamdia mentioned this pull request Jun 19, 2026
Open
@dpulls

dpulls Bot commented Jun 23, 2026

Copy link
Copy Markdown

🎉 All dependencies have been resolved !

Base automatically changed from TRNT-4408 to main June 23, 2026 15:50
@antgamdia
Merge branch 'main' into TRNT-4392
cca8c89 
Signed-off-by: Antonio Gamez Diaz <antonio.gamez@suse.com>
@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

Summary

⚠️ Total: 396 CVEs detected

CVE Scan Results

🆕 NEW: pgautoupgrade/pgautoupgrade:17.5-debian

Found 337 CVEs

CRITICAL (19)
CVE ID Package Installed Fixed
CVE-2026-42496 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-42496 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-42496 perl 5.36.0-7+deb12u2 N/A
CVE-2026-42496 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2026-42010 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-33845 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-31789 openssl 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-31789 libssl3 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-8376 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-8376 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-8376 perl 5.36.0-7+deb12u2 N/A
CVE-2026-8376 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2025-68121 stdlib v1.18.2 1.24.13, 1.25.7, 1.26.0-rc.3
CVE-2025-7458 libsqlite3-0 3.40.1-2+deb12u1 N/A
CVE-2025-6965 libsqlite3-0 3.40.1-2+deb12u1 3.40.1-2+deb12u2
CVE-2024-24790 stdlib v1.18.2 1.21.11, 1.22.4
CVE-2023-45853 zlib1g 1:1.2.13.dfsg-1 N/A
CVE-2023-24540 stdlib v1.18.2 1.19.9, 1.20.4
CVE-2023-24538 stdlib v1.18.2 1.19.8, 1.20.3
HIGH (105)
CVE ID Package Installed Fixed
CVE-2026-48962 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-48962 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-48962 perl 5.36.0-7+deb12u2 N/A
CVE-2026-48962 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2026-45447 openssl 3.0.17-1~deb12u2 3.0.20-1~deb12u2
CVE-2026-45447 libssl3 3.0.17-1~deb12u2 3.0.20-1~deb12u2
CVE-2026-42504 stdlib v1.18.2 1.25.11, 1.26.4
CVE-2026-42499 stdlib v1.18.2 1.25.10, 1.26.3
CVE-2026-42497 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-42497 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-42497 perl 5.36.0-7+deb12u2 N/A
CVE-2026-42497 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2026-42009 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-39836 stdlib v1.18.2 1.25.10, 1.26.3
CVE-2026-39825 stdlib v1.18.2 1.25.10, 1.26.3
CVE-2026-39823 stdlib v1.18.2 1.25.10, 1.26.3
CVE-2026-39820 stdlib v1.18.2 1.25.10, 1.26.3
CVE-2026-33846 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-33814 stdlib v1.18.2 1.25.10, 1.26.3
CVE-2026-33811 stdlib v1.18.2 1.25.10, 1.26.3
CVE-2026-32283 stdlib v1.18.2 1.25.9, 1.26.2
CVE-2026-32281 stdlib v1.18.2 1.25.9, 1.26.2
CVE-2026-32280 stdlib v1.18.2 1.25.9, 1.26.2
CVE-2026-28390 openssl 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-28390 libssl3 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-28389 openssl 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-28389 libssl3 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-28388 openssl 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-28388 libssl3 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-28387 openssl 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-28387 libssl3 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-27145 stdlib v1.18.2 1.25.11, 1.26.4
CVE-2026-25679 stdlib v1.18.2 1.25.8, 1.26.1
CVE-2026-11824 libsqlite3-0 3.40.1-2+deb12u1 N/A
CVE-2026-11822 libsqlite3-0 3.40.1-2+deb12u1 N/A
CVE-2026-9538 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-9538 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-9538 perl 5.36.0-7+deb12u2 N/A
CVE-2026-9538 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2026-4878 libcap2 1:2.66-4+deb12u1 1:2.66-4+deb12u3
CVE-2026-3833 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2025-69720 ncurses-bin 6.4-4 N/A
CVE-2025-69720 ncurses-base 6.4-4 N/A
CVE-2025-69720 libtinfo6 6.4-4 N/A
CVE-2025-69720 libncursesw6 6.4-4 N/A
CVE-2025-69421 openssl 3.0.17-1~deb12u2 3.0.18-1~deb12u2
CVE-2025-69421 libssl3 3.0.17-1~deb12u2 3.0.18-1~deb12u2
CVE-2025-68973 gpg-wks-server 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gpg-wks-client 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gpg-agent 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gpg 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gpgv 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gpgsm 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gpgconf 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gnupg-utils 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gnupg-l10n 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 gnupg 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-68973 dirmngr 2.2.40-1.1 2.2.40-1.1+deb12u2
CVE-2025-61729 stdlib v1.18.2 1.24.11, 1.25.5
CVE-2025-61726 stdlib v1.18.2 1.24.12, 1.25.6
CVE-2025-49796 libxml2 2.9.14+dfsg-1.3~deb12u2 2.9.14+dfsg-1.3~deb12u3
CVE-2025-49794 libxml2 2.9.14+dfsg-1.3~deb12u2 2.9.14+dfsg-1.3~deb12u3
CVE-2025-15467 openssl 3.0.17-1~deb12u2 3.0.18-1~deb12u2
CVE-2025-15467 libssl3 3.0.17-1~deb12u2 3.0.18-1~deb12u2
CVE-2025-7424 libxslt1.1 1.1.35-1+deb12u1 1.1.35-1+deb12u2
CVE-2025-6020 libpam-runtime 1.5.2-6+deb12u1 1.5.2-6+deb12u2
CVE-2025-6020 libpam-modules-bin 1.5.2-6+deb12u1 1.5.2-6+deb12u2
CVE-2025-6020 libpam-modules 1.5.2-6+deb12u1 1.5.2-6+deb12u2
CVE-2025-6020 libpam0g 1.5.2-6+deb12u1 1.5.2-6+deb12u2
CVE-2024-34156 stdlib v1.18.2 1.22.7, 1.23.1
CVE-2023-45288 stdlib v1.18.2 1.21.9, 1.22.2
CVE-2023-45287 stdlib v1.18.2 1.20.0
CVE-2023-45283 stdlib v1.18.2 1.20.11, 1.21.4, 1.20.12, 1.21.5
CVE-2023-39325 stdlib v1.18.2 1.20.10, 1.21.3
CVE-2023-31484 perl-modules-5.36 5.36.0-7+deb12u2 5.36.0-7+deb12u3
CVE-2023-31484 perl-base 5.36.0-7+deb12u2 5.36.0-7+deb12u3
CVE-2023-31484 perl 5.36.0-7+deb12u2 5.36.0-7+deb12u3
CVE-2023-31484 libperl5.36 5.36.0-7+deb12u2 5.36.0-7+deb12u3
CVE-2023-29403 stdlib v1.18.2 1.19.10, 1.20.5
CVE-2023-29400 stdlib v1.18.2 1.19.9, 1.20.4
CVE-2023-24539 stdlib v1.18.2 1.19.9, 1.20.4
CVE-2023-24537 stdlib v1.18.2 1.19.8, 1.20.3
CVE-2023-24536 stdlib v1.18.2 1.19.8, 1.20.3
CVE-2023-24534 stdlib v1.18.2 1.19.8, 1.20.3
CVE-2023-2953 libldap-2.5-0 2.5.13+dfsg-5 N/A
CVE-2022-41725 stdlib v1.18.2 1.19.6, 1.20.1
CVE-2022-41724 stdlib v1.18.2 1.19.6, 1.20.1
CVE-2022-41723 stdlib v1.18.2 1.19.6, 1.20.1
CVE-2022-41722 stdlib v1.18.2 1.19.6, 1.20.1
CVE-2022-41720 stdlib v1.18.2 1.18.9, 1.19.4
CVE-2022-41716 stdlib v1.18.2 1.18.8, 1.19.3
CVE-2022-41715 stdlib v1.18.2 1.18.7, 1.19.2
CVE-2022-32189 stdlib v1.18.2 1.17.13, 1.18.5
CVE-2022-30635 stdlib v1.18.2 1.17.12, 1.18.4
CVE-2022-30634 stdlib v1.18.2 1.17.11, 1.18.3
CVE-2022-30633 stdlib v1.18.2 1.17.12, 1.18.4
CVE-2022-30632 stdlib v1.18.2 1.17.12, 1.18.4
CVE-2022-30631 stdlib v1.18.2 1.17.12, 1.18.4
CVE-2022-30630 stdlib v1.18.2 1.17.12, 1.18.4
CVE-2022-30580 stdlib v1.18.2 1.17.11, 1.18.3
CVE-2022-29804 stdlib v1.18.2 1.17.11, 1.18.3
CVE-2022-28131 stdlib v1.18.2 1.17.12, 1.18.4
CVE-2022-27664 stdlib v1.18.2 1.18.6, 1.19.1
CVE-2022-2880 stdlib v1.18.2 1.18.7, 1.19.2
CVE-2022-2879 stdlib v1.18.2 1.18.7, 1.19.2
MEDIUM (213)
CVE ID Package Installed Fixed
CVE-2026-54411 libpam-runtime 1.5.2-6+deb12u1 N/A
CVE-2026-54411 libpam-modules-bin 1.5.2-6+deb12u1 N/A
CVE-2026-54411 libpam-modules 1.5.2-6+deb12u1 N/A
CVE-2026-54411 libpam0g 1.5.2-6+deb12u1 N/A
CVE-2026-48961 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-48961 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-48961 perl 5.36.0-7+deb12u2 N/A
CVE-2026-48961 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2026-48959 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-48959 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-48959 perl 5.36.0-7+deb12u2 N/A
CVE-2026-48959 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2026-45445 openssl 3.0.17-1~deb12u2 3.0.20-1~deb12u2
CVE-2026-45445 libssl3 3.0.17-1~deb12u2 3.0.20-1~deb12u2
CVE-2026-42507 stdlib v1.18.2 1.25.11, 1.26.4
CVE-2026-42250 libbz2-1.0 1.0.8-5+b1 N/A
CVE-2026-42015 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-42014 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-42013 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-42012 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-42011 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-41989 libgcrypt20 1.10.1-3 1.10.1-3+deb12u1
CVE-2026-40356 libkrb5-3 1.20.1-2+deb12u3 1.20.1-2+deb12u5
CVE-2026-40356 libkrb5support0 1.20.1-2+deb12u3 1.20.1-2+deb12u5
CVE-2026-40356 libk5crypto3 1.20.1-2+deb12u3 1.20.1-2+deb12u5
CVE-2026-40356 libgssapi-krb5-2 1.20.1-2+deb12u3 1.20.1-2+deb12u5
CVE-2026-40355 libkrb5-3 1.20.1-2+deb12u3 1.20.1-2+deb12u5
CVE-2026-40355 libkrb5support0 1.20.1-2+deb12u3 1.20.1-2+deb12u5
CVE-2026-40355 libk5crypto3 1.20.1-2+deb12u3 1.20.1-2+deb12u5
CVE-2026-40355 libgssapi-krb5-2 1.20.1-2+deb12u3 1.20.1-2+deb12u5
CVE-2026-40226 libudev1 252.38-1~deb12u1 252.39-1~deb12u2
CVE-2026-40226 libsystemd0 252.38-1~deb12u1 252.39-1~deb12u2
CVE-2026-40225 libudev1 252.38-1~deb12u1 252.39-1~deb12u2
CVE-2026-40225 libsystemd0 252.38-1~deb12u1 252.39-1~deb12u2
CVE-2026-39826 stdlib v1.18.2 1.25.10, 1.26.3
CVE-2026-34743 xz-utils 5.4.1-1 N/A
CVE-2026-34743 liblzma5 5.4.1-1 N/A
CVE-2026-34182 openssl 3.0.17-1~deb12u2 3.0.20-1~deb12u2
CVE-2026-34182 libssl3 3.0.17-1~deb12u2 3.0.20-1~deb12u2
CVE-2026-32289 stdlib v1.18.2 1.25.9, 1.26.2
CVE-2026-32288 stdlib v1.18.2 1.25.9, 1.26.2
CVE-2026-32282 stdlib v1.18.2 1.25.9, 1.26.2
CVE-2026-31790 openssl 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-31790 libssl3 3.0.17-1~deb12u2 3.0.19-1~deb12u2
CVE-2026-29111 libudev1 252.38-1~deb12u1 252.39-1~deb12u2
CVE-2026-29111 libsystemd0 252.38-1~deb12u1 252.39-1~deb12u2
CVE-2026-27456 util-linux-extra 2.38.1-5+deb12u3 N/A
CVE-2026-27456 util-linux 2.38.1-5+deb12u3 N/A
CVE-2026-27456 mount 2.38.1-5+deb12u3 N/A
CVE-2026-27456 libuuid1 2.38.1-5+deb12u3 N/A
CVE-2026-27456 libsmartcols1 2.38.1-5+deb12u3 N/A
CVE-2026-27456 libmount1 2.38.1-5+deb12u3 N/A
CVE-2026-27456 libblkid1 2.38.1-5+deb12u3 N/A
CVE-2026-27456 bsdutils 1:2.38.1-5+deb12u3 N/A
CVE-2026-27171 zlib1g 1:1.2.13.dfsg-1 N/A
CVE-2026-27142 stdlib v1.18.2 1.25.8, 1.26.1
CVE-2026-12087 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-12087 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-12087 perl 5.36.0-7+deb12u2 N/A
CVE-2026-12087 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2026-7010 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2026-7010 perl-base 5.36.0-7+deb12u2 N/A
CVE-2026-7010 perl 5.36.0-7+deb12u2 N/A
CVE-2026-7010 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2026-6653 libxml2 2.9.14+dfsg-1.3~deb12u2 N/A
CVE-2026-6238 locales 2.36-9+deb12u10 N/A
CVE-2026-6238 libc-l10n 2.36-9+deb12u10 N/A
CVE-2026-6238 libc-bin 2.36-9+deb12u10 N/A
CVE-2026-6238 libc6 2.36-9+deb12u10 N/A
CVE-2026-5958 sed 4.9-1 4.9-1+deb12u1
CVE-2026-5928 locales 2.36-9+deb12u10 N/A
CVE-2026-5928 libc-l10n 2.36-9+deb12u10 N/A
CVE-2026-5928 libc-bin 2.36-9+deb12u10 N/A
CVE-2026-5928 libc6 2.36-9+deb12u10 N/A
CVE-2026-5704 tar 1.34+dfsg-1.2+deb12u1 N/A
CVE-2026-5450 locales 2.36-9+deb12u10 N/A
CVE-2026-5450 libc-l10n 2.36-9+deb12u10 N/A
CVE-2026-5450 libc-bin 2.36-9+deb12u10 N/A
CVE-2026-5450 libc6 2.36-9+deb12u10 N/A
CVE-2026-5435 locales 2.36-9+deb12u10 N/A
CVE-2026-5435 libc-l10n 2.36-9+deb12u10 N/A
CVE-2026-5435 libc-bin 2.36-9+deb12u10 N/A
CVE-2026-5435 libc6 2.36-9+deb12u10 N/A
CVE-2026-5260 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u7
CVE-2026-4437 locales 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-4437 libc-l10n 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-4437 libc-bin 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-4437 libc6 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-4105 libudev1 252.38-1~deb12u1 252.39-1~deb12u2
CVE-2026-4105 libsystemd0 252.38-1~deb12u1 252.39-1~deb12u2
CVE-2026-4046 locales 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-4046 libc-l10n 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-4046 libc-bin 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-4046 libc6 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-3184 util-linux-extra 2.38.1-5+deb12u3 N/A
CVE-2026-3184 util-linux 2.38.1-5+deb12u3 N/A
CVE-2026-3184 mount 2.38.1-5+deb12u3 N/A
CVE-2026-3184 libuuid1 2.38.1-5+deb12u3 N/A
CVE-2026-3184 libsmartcols1 2.38.1-5+deb12u3 N/A
CVE-2026-3184 libmount1 2.38.1-5+deb12u3 N/A
CVE-2026-3184 libblkid1 2.38.1-5+deb12u3 N/A
CVE-2026-3184 bsdutils 1:2.38.1-5+deb12u3 N/A
CVE-2026-2219 dpkg 1.21.22 1.21.23
CVE-2026-0990 libxml2 2.9.14+dfsg-1.3~deb12u2 N/A
CVE-2026-0915 locales 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-0915 libc-l10n 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-0915 libc-bin 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2026-0915 libc6 2.36-9+deb12u10 2.36-9+deb12u14
CVE-2025-69419 openssl 3.0.17-1~deb12u2 3.0.18-1~deb12u2
CVE-2025-69419 libssl3 3.0.17-1~deb12u2 3.0.18-1~deb12u2
CVE-2025-68972 gpg-wks-server 2.2.40-1.1 N/A
CVE-2025-68972 gpg-wks-client 2.2.40-1.1 N/A
CVE-2025-68972 gpg-agent 2.2.40-1.1 N/A
CVE-2025-68972 gpg 2.2.40-1.1 N/A
CVE-2025-68972 gpgv 2.2.40-1.1 N/A
CVE-2025-68972 gpgsm 2.2.40-1.1 N/A
CVE-2025-68972 gpgconf 2.2.40-1.1 N/A
CVE-2025-68972 gnupg-utils 2.2.40-1.1 N/A
CVE-2025-68972 gnupg-l10n 2.2.40-1.1 N/A
CVE-2025-68972 gnupg 2.2.40-1.1 N/A
CVE-2025-68972 dirmngr 2.2.40-1.1 N/A
CVE-2025-61730 stdlib v1.18.2 1.24.12, 1.25.6
CVE-2025-61728 stdlib v1.18.2 1.24.12, 1.25.6
CVE-2025-61727 stdlib v1.18.2 1.24.11, 1.25.5
CVE-2025-61725 stdlib v1.18.2 1.24.8, 1.25.2
CVE-2025-61724 stdlib v1.18.2 1.24.8, 1.25.2
CVE-2025-61723 stdlib v1.18.2 1.24.8, 1.25.2
CVE-2025-58189 stdlib v1.18.2 1.24.8, 1.25.2
CVE-2025-58188 stdlib v1.18.2 1.24.8, 1.25.2
CVE-2025-58187 stdlib v1.18.2 1.24.9, 1.25.3
CVE-2025-58185 stdlib v1.18.2 1.24.8, 1.25.2
CVE-2025-58183 stdlib v1.18.2 1.24.8, 1.25.2
CVE-2025-47912 stdlib v1.18.2 1.24.8, 1.25.2
CVE-2025-47907 stdlib v1.18.2 1.23.12, 1.24.6
CVE-2025-47906 stdlib v1.18.2 1.23.12, 1.24.6
CVE-2025-40909 perl-modules-5.36 5.36.0-7+deb12u2 5.36.0-7+deb12u3
CVE-2025-40909 perl-base 5.36.0-7+deb12u2 5.36.0-7+deb12u3
CVE-2025-40909 perl 5.36.0-7+deb12u2 5.36.0-7+deb12u3
CVE-2025-40909 libperl5.36 5.36.0-7+deb12u2 5.36.0-7+deb12u3
CVE-2025-30258 gpg-wks-server 2.2.40-1.1 N/A
CVE-2025-30258 gpg-wks-client 2.2.40-1.1 N/A
CVE-2025-30258 gpg-agent 2.2.40-1.1 N/A
CVE-2025-30258 gpg 2.2.40-1.1 N/A
CVE-2025-30258 gpgv 2.2.40-1.1 N/A
CVE-2025-30258 gpgsm 2.2.40-1.1 N/A
CVE-2025-30258 gpgconf 2.2.40-1.1 N/A
CVE-2025-30258 gnupg-utils 2.2.40-1.1 N/A
CVE-2025-30258 gnupg-l10n 2.2.40-1.1 N/A
CVE-2025-30258 gnupg 2.2.40-1.1 N/A
CVE-2025-30258 dirmngr 2.2.40-1.1 N/A
CVE-2025-22873 stdlib v1.18.2 1.23.9, 1.24.3
CVE-2025-22871 stdlib v1.18.2 1.23.8, 1.24.2
CVE-2025-22870 stdlib v1.18.2 1.23.7, 1.24.1
CVE-2025-22866 stdlib v1.18.2 1.22.12, 1.23.6, 1.24.0-rc.3
CVE-2025-15649 perl-modules-5.36 5.36.0-7+deb12u2 N/A
CVE-2025-15649 perl-base 5.36.0-7+deb12u2 N/A
CVE-2025-15649 perl 5.36.0-7+deb12u2 N/A
CVE-2025-15649 libperl5.36 5.36.0-7+deb12u2 N/A
CVE-2025-14831 libgnutls30 3.7.9-2+deb12u5 3.7.9-2+deb12u6
CVE-2025-10911 libxslt1.1 1.1.35-1+deb12u1 N/A
CVE-2025-9714 libxml2 2.9.14+dfsg-1.3~deb12u2 2.9.14+dfsg-1.3~deb12u5
CVE-2025-9230 openssl 3.0.17-1~deb12u2 3.0.17-1~deb12u3
CVE-2025-9230 libssl3 3.0.17-1~deb12u2 3.0.17-1~deb12u3
CVE-2025-8058 locales 2.36-9+deb12u10 2.36-9+deb12u13
CVE-2025-8058 libc-l10n 2.36-9+deb12u10 2.36-9+deb12u13
CVE-2025-8058 libc-bin 2.36-9+deb12u10 2.36-9+deb12u13
CVE-2025-8058 libc6 2.36-9+deb12u10 2.36-9+deb12u13
CVE-2025-7709 libsqlite3-0 3.40.1-2+deb12u1 N/A
CVE-2025-6021 libxml2 2.9.14+dfsg-1.3~deb12u2 2.9.14+dfsg-1.3~deb12u3
CVE-2025-4802 locales 2.36-9+deb12u10 2.36-9+deb12u11
CVE-2025-4802 libc-l10n 2.36-9+deb12u10 2.36-9+deb12u11
CVE-2025-4802 libc-bin 2.36-9+deb12u10 2.36-9+deb12u11
CVE-2025-4802 libc6 2.36-9+deb12u10 2.36-9+deb12u11
CVE-2025-4673 stdlib v1.18.2 1.23.10, 1.24.4
CVE-2025-3576 libkrb5-3 1.20.1-2+deb12u3 1.20.1-2+deb12u4
CVE-2025-3576 libkrb5support0 1.20.1-2+deb12u3 1.20.1-2+deb12u4
CVE-2025-3576 libk5crypto3 1.20.1-2+deb12u3 1.20.1-2+deb12u4
CVE-2025-3576 libgssapi-krb5-2 1.20.1-2+deb12u3 1.20.1-2+deb12u4
CVE-2025-0913 stdlib v1.18.2 1.23.10, 1.24.4
CVE-2024-45336 stdlib v1.18.2 1.22.11, 1.23.5, 1.24.0-rc.2
CVE-2024-34158 stdlib v1.18.2 1.22.7, 1.23.1
CVE-2024-34155 stdlib v1.18.2 1.22.7, 1.23.1
CVE-2024-24791 stdlib v1.18.2 1.21.12, 1.22.5
CVE-2024-24789 stdlib v1.18.2 1.21.11, 1.22.4
CVE-2024-24785 stdlib v1.18.2 1.21.8, 1.22.1
CVE-2024-24784 stdlib v1.18.2 1.21.8, 1.22.1
CVE-2024-24783 stdlib v1.18.2 1.21.8, 1.22.1
CVE-2024-22365 libpam-runtime 1.5.2-6+deb12u1 1.5.2-6+deb12u2
CVE-2024-22365 libpam-modules-bin 1.5.2-6+deb12u1 1.5.2-6+deb12u2
CVE-2024-22365 libpam-modules 1.5.2-6+deb12u1 1.5.2-6+deb12u2
CVE-2024-22365 libpam0g 1.5.2-6+deb12u1 1.5.2-6+deb12u2
CVE-2024-10041 libpam-runtime 1.5.2-6+deb12u1 N/A
CVE-2024-10041 libpam-modules-bin 1.5.2-6+deb12u1 N/A
CVE-2024-10041 libpam-modules 1.5.2-6+deb12u1 N/A
CVE-2024-10041 libpam0g 1.5.2-6+deb12u1 N/A
CVE-2023-50495 ncurses-bin 6.4-4 N/A
CVE-2023-50495 ncurses-base 6.4-4 N/A
CVE-2023-50495 libtinfo6 6.4-4 N/A
CVE-2023-50495 libncursesw6 6.4-4 N/A
CVE-2023-45290 stdlib v1.18.2 1.21.8, 1.22.1
CVE-2023-45289 stdlib v1.18.2 1.21.8, 1.22.1
CVE-2023-45284 stdlib v1.18.2 1.20.11, 1.21.4
CVE-2023-40403 libxslt1.1 1.1.35-1+deb12u1 1.1.35-1+deb12u2
CVE-2023-39326 stdlib v1.18.2 1.20.12, 1.21.5
CVE-2023-39319 stdlib v1.18.2 1.20.8, 1.21.1
CVE-2023-39318 stdlib v1.18.2 1.20.8, 1.21.1
CVE-2023-29409 stdlib v1.18.2 1.19.12, 1.20.7, 1.21.0-rc.4
CVE-2023-29406 stdlib v1.18.2 1.19.11, 1.20.6
CVE-2023-24532 stdlib v1.18.2 1.19.7, 1.20.2
CVE-2022-41717 stdlib v1.18.2 1.18.9, 1.19.4
CVE-2022-32148 stdlib v1.18.2 1.17.12, 1.18.4
CVE-2022-1962 stdlib v1.18.2 1.17.12, 1.18.4
CVE-2022-1705 stdlib v1.18.2 1.17.12, 1.18.4

🆕 NEW: registry.suse.com/suse/postgres:17.5

Found 59 CVEs

CRITICAL (1)
CVE ID Package Installed Fixed
SUSE-SU-2026:0309-1 libopenssl3 3.2.3-150700.5.18.1 3.2.3-150700.5.24.1
HIGH (30)
CVE ID Package Installed Fixed
SUSE-SU-2026:2231-1 glibc-locale-base 2.38-150600.14.32.1 2.38-150600.14.49.1
SUSE-SU-2026:2231-1 glibc-locale 2.38-150600.14.32.1 2.38-150600.14.49.1
SUSE-SU-2026:2231-1 glibc 2.38-150600.14.32.1 2.38-150600.14.49.1
SUSE-SU-2026:2051-1 liblzma5 5.4.1-150600.3.3.1 5.4.1-150600.3.6.1
SUSE-SU-2026:1944-1 libpq5 17.5-150600.13.13.1 18.4-150600.13.11.1
SUSE-SU-2026:1943-1 postgresql17-server 17.5-150600.13.13.1 17.10-150600.13.27.1
SUSE-SU-2026:1943-1 postgresql17 17.5-150600.13.13.1 17.10-150600.13.27.1
SUSE-SU-2026:1432-1 libcap2 2.63-150400.3.3.1 2.63-150400.3.6.1
SUSE-SU-2026:1375-1 libopenssl3 3.2.3-150700.5.18.1 3.2.3-150700.5.31.1
SUSE-SU-2026:1369-1 glibc-locale-base 2.38-150600.14.32.1 2.38-150600.14.46.1
SUSE-SU-2026:1369-1 glibc-locale 2.38-150600.14.32.1 2.38-150600.14.46.1
SUSE-SU-2026:1369-1 glibc 2.38-150600.14.32.1 2.38-150600.14.46.1
SUSE-SU-2026:1040-1 libsystemd0 254.27-150600.4.43.3 254.27-150600.4.62.1
SUSE-SU-2026:0883-1 postgresql17-server 17.5-150600.13.13.1 17.9-150600.13.24.1
SUSE-SU-2026:0883-1 postgresql17 17.5-150600.13.13.1 17.9-150600.13.24.1
SUSE-SU-2026:0881-1 libpq5 17.5-150600.13.13.1 18.3-150600.13.8.1
SUSE-SU-2026:0371-1 glibc-locale-base 2.38-150600.14.32.1 2.38-150600.14.40.1
SUSE-SU-2026:0371-1 glibc-locale 2.38-150600.14.32.1 2.38-150600.14.40.1
SUSE-SU-2026:0371-1 glibc 2.38-150600.14.32.1 2.38-150600.14.40.1
SUSE-SU-2025:4363-1 postgresql-server 17-150700.21.20 18-150700.23.3.1
SUSE-SU-2025:4363-1 postgresql 17-150700.21.20 18-150700.23.3.1
SUSE-SU-2025:4363-1 postgresql17-server 17.5-150600.13.13.1 17.7-150600.13.19.1
SUSE-SU-2025:4363-1 postgresql17 17.5-150600.13.13.1 17.7-150600.13.19.1
SUSE-SU-2025:4363-1 libpq5 17.5-150600.13.13.1 18.1-150600.13.3.1
SUSE-SU-2025:03546-1 libopenssl3 3.2.3-150700.5.18.1 3.2.3-150700.5.21.1
SUSE-SU-2025:02986-1 postgresql17-server 17.5-150600.13.13.1 17.6-150600.13.16.1
SUSE-SU-2025:02986-1 postgresql17 17.5-150600.13.13.1 17.6-150600.13.16.1
SUSE-SU-2025:02986-1 libpq5 17.5-150600.13.13.1 17.6-150600.13.16.1
SUSE-RU-2026:1228-1 shadow 4.8.1-150600.17.9.1 4.17.2-150600.17.18.1
SUSE-RU-2026:1228-1 login_defs 4.8.1-150600.17.9.1 4.17.2-150600.17.18.1
MEDIUM (28)
CVE ID Package Installed Fixed
SUSE-SU-2026:2485-1 util-linux 2.40.4-150700.2.4 2.40.4-150700.4.13.1
SUSE-SU-2026:2485-1 libuuid1 2.40.4-150700.2.4 2.40.4-150700.4.13.1
SUSE-SU-2026:2485-1 libsmartcols1 2.40.4-150700.2.4 2.40.4-150700.4.13.1
SUSE-SU-2026:2485-1 libmount1 2.40.4-150700.2.4 2.40.4-150700.4.13.1
SUSE-SU-2026:2485-1 libfdisk1 2.40.4-150700.2.4 2.40.4-150700.4.13.1
SUSE-SU-2026:2485-1 libblkid1 2.40.4-150700.2.4 2.40.4-150700.4.13.1
SUSE-SU-2026:1941-1 sed 4.9-150600.1.4 4.9-150600.3.3.1
SUSE-SU-2026:1510-1 terminfo-base 6.1-150000.5.30.1 6.1-150000.5.33.1
SUSE-SU-2026:1510-1 libncurses6 6.1-150000.5.30.1 6.1-150000.5.33.1
SUSE-SU-2026:1406-1 util-linux 2.40.4-150700.2.4 2.40.4-150700.4.10.1
SUSE-SU-2026:1406-1 libuuid1 2.40.4-150700.2.4 2.40.4-150700.4.10.1
SUSE-SU-2026:1406-1 libsmartcols1 2.40.4-150700.2.4 2.40.4-150700.4.10.1
SUSE-SU-2026:1406-1 libmount1 2.40.4-150700.2.4 2.40.4-150700.4.10.1
SUSE-SU-2026:1406-1 libfdisk1 2.40.4-150700.2.4 2.40.4-150700.4.10.1
SUSE-SU-2026:1406-1 libblkid1 2.40.4-150700.2.4 2.40.4-150700.4.10.1
SUSE-SU-2026:0783-1 libz1 1.2.13-150500.4.3.1 1.2.13-150500.4.6.1
SUSE-SU-2026:0605-1 libxml2-2 2.12.10-150700.4.6.1 2.12.10-150700.4.11.1
SUSE-SU-2026:0230-1 util-linux 2.40.4-150700.2.4 2.40.4-150700.4.3.1
SUSE-SU-2026:0230-1 libuuid1 2.40.4-150700.2.4 2.40.4-150700.4.3.1
SUSE-SU-2026:0230-1 libsmartcols1 2.40.4-150700.2.4 2.40.4-150700.4.3.1
SUSE-SU-2026:0230-1 libmount1 2.40.4-150700.2.4 2.40.4-150700.4.3.1
SUSE-SU-2026:0230-1 libfdisk1 2.40.4-150700.2.4 2.40.4-150700.4.3.1
SUSE-SU-2026:0230-1 libblkid1 2.40.4-150700.2.4 2.40.4-150700.4.3.1
SUSE-SU-2025:3699-1 krb5 1.20.1-150600.11.11.2 1.20.1-150600.11.14.1
SUSE-SU-2025:02970-1 pam 1.3.0-150000.6.83.1 1.3.0-150000.6.86.1
SUSE-SU-2025:02964-1 glibc-locale-base 2.38-150600.14.32.1 2.38-150600.14.37.1
SUSE-SU-2025:02964-1 glibc-locale 2.38-150600.14.32.1 2.38-150600.14.37.1
SUSE-SU-2025:02964-1 glibc 2.38-150600.14.32.1 2.38-150600.14.37.1

@antgamdia
Bump up chart version
afbc374 
Signed-off-by: Antonio Gamez Diaz <antonio.gamez@suse.com>
@antgamdia

antgamdia commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Once we merged #195, we can see all the checks are passing: that means the upgrade works in all the covered scenarios.
Also, with #199 (comment), we know we are introducing some CVEs, but we can always VEX them later, as some images are not actually used in runtime (like pgautoupgrade).

@antgamdia antgamdia merged commit 4055e3e into main Jun 23, 2026
12 checks passed
@antgamdia antgamdia deleted the TRNT-4392 branch June 23, 2026 16:07
@antgamdia antgamdia mentioned this pull request Jun 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@nelsonkopliku nelsonkopliku nelsonkopliku approved these changes

@arbulu89 arbulu89 Awaiting requested review from arbulu89

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@antgamdia @nelsonkopliku