Security Updates for PostgreSQL
0Empfang
Posts: 2
DAZ3d is using a PostgreSQL-database for the storage of the Product-Metadata.
My Kaspersky Antivirus tells me that I should upgrade the database with the security update to (at least) Version 9.3.14 (for the 9.3 PostgreSQL family) because there are important security issues with versions below.
My questions now:
1st there were some Updates of the DAZ 3d Studio and/or the DIM since the introducion of the PostgreSQL, but the PostgreSQL version remaind the same since the first installation. Have you forgotten this part or do you think the updates of the database are in the responsibility of the users?
2nd is there something to consider if I want to replace the old 9.3.4 Version with an actual 9.3.16 Version on my own? (I think it should be enough to replace the /bin, the /lib, the /share and the /include folder with the files from the postgresql-9.3.16-2-windows-x64-binaries.zip but I would like to have an additional opinion before I try it.)
With best regards
Thomas G.M. Mainka
Daz 3D is part of 
Connect
DAZ Productions, Inc.
7533 S Center View Ct #4664
West Jordan, UT 84084
Licensing Agreement | Terms of Service | Privacy Policy | EULA
© 2025 Daz Productions Inc. All Rights Reserved.
Comments
The version of PostgreSQL that is installed by Daz is configured for local communication only, so it has no open ports for an external source to access as described in the Kaspersky note on the vulnerabilities https://threats.kaspersky.com/en/vulnerability/KLA10910 . Since there is no vulnerability there has been no occasion to update, though it is something Daz monitors.
Of course if you have configured PostgreSQL differently from the default Daz installation then you may have reason to update, but in that case you should prsumably have the knowledge and skills to apply an updated 9.3.# version of the server (or try to apply, PostgreSQL doesn't guarantee the success though it should be possible https://www.postgresql.org/support/versioning/ ).