CVE-2025-1094 - Requires update PostgreSQL 17.3

[gonzalezge]

What is the bug or the crash?

PostgreSQL that is vulnerable to a critical security flaw (CVE-2025-1094). That was already patched by Postgresql. A lot of organizations/users use kartozar/postgis.

https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/

To patch it, you need to update to 17.3,

It would be highly appreciated if you could release the updated in the docker hub registry. Just required a build and re-upload.

Thank you

Steps to reproduce the issue

Run the 17.3-5 to see the vulnerability

Versions

17.3-5

Additional context

No response

[NyakudyaA]

@gonzalezge Please feel free to submit a PR, GitHub action will push a new image when we merge the PR

[gonzalezge]

Thank you, but in this case is not necessary a PR. Is just rebuilding the image, and automatic will pick up the 17.3. I tried in locally and works.

[NyakudyaA]

Ok, will check if I can trigger the action manually

[gonzalezge]

Thank you! I think will be the same case for 16, 15, and 14, just rebuilding and updating to the latest version

https://www.postgresql.org/support/security/CVE-2025-1094/

[javeddc]

Agree this would be super useful if it's possible to have an image with the patched version 🙏

[lupiyamujalaunimelb]

My organisation also needs this update. When could we have this?

[NyakudyaA]

Pushed a new update, please pull

[NyakudyaA]

Thank you! I think will be the same case for 16, 15, and 14, just rebuilding and updating to the latest version

https://www.postgresql.org/support/security/CVE-2025-1094/

This will need a PR where we adjust the GitHub action with the build matrix for those versions

[gonzalezge]

Thank you!