Old extension version for Azure data studio
HamzaAqel opened this issue · 1 comments
Describe the bug
Current extension version in 0.6.0, we have two issues with this version:
1- Some vulnerabilities reported regarding its binaries used, for example https://nvd.nist.gov/vuln/detail/CVE-2023-0286
"The most recent version of microsoft.azuredatastudio-postgresql-0.6.0 extension for Azure Data Studio is still using an outdated and vournelable version of OpenSSL bundled with the extension.
The files were found at:
%userprofile%\.azuredatastudio\extensions\microsoft.azuredatastudio-postgresql-0.6.0\out\ossdbtoolsservice\windows\v1.10.0\pgsqltoolsservice\pg_exes\win\10\libcrypto-1_1-x64.dll
and
%userprofile%\.azuredatastudio\extensions\microsoft.azuredatastudio-postgresql-0.6.0\out\ossdbtoolsservice\windows\v1.10.0\pgsqltoolsservice\pg_exes\win\10\libssl-1_1-x64.dll
2- ADS provides built-in backup option, but it uses pg_dump version 10 which is too old and limited to target servers with version < 12
To Reproduce
Steps to reproduce the behavior:
- Install Azure data studio on a VM where Defender for Endpoint enabled, and it will be discovered.
- Go to Azure Data Studio and run the build-in backup on any Azure PostgreSQL version > 12 and it will fail with the below error:
. ....\Windows\v1.10.0\pgsqltoolsservice\pg_exes\win does not contain pg_dump for version ...
Expected behavior
Fix the security/vulnerabilities regarding openSSL and allow the backups for higher version.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. Windows 10]
ADS (please complete the following information):
- ADS Version: 1.47.1 ( not specific to version)
- ADS PostgresSQL etension version: 0.6.0
- PostgreSQL version
Additional context
Add any other context about the problem here.
Currently looks like this extension is going to be abandonware... :(