PostgreSQL dependency in Gitlab 13.10.1/13.9.5/13.8.7 security release

The release notes for the new security release (13.10.1/13.9.5/13.8.7) says:

“The dependency on PostgreSQL 11 and 12 has been upgraded to 11.11 and 12.6 in order to mitigate security concerns.”

Does this mean that we have to run PostgreSQL 12.6 in order to upgrade? Our db is on a separate box run by another group, so we can’t just upgrade PG as part of the Gitlab upgrade.

Can we run this release on PG 12.4? (We currently run Gitlab 13.9.4 with PG 12.4)

Thanks for any guidance!


With minor releases, I wouldn’t expect to see big changes that would affect you: Postgres Release Notes - All Versions

as far as I can see there, it’s just mostly fixes between 12.4 and 12.6. Theoretically it would be fine, because if 12.6 is just addressing security concerns, then it just means fixes. Worse would be attempting to run Postgres 11.x when it’s requiring 12.x.

This table will help more with what versions of postgres are in the bundle:

Gitlab 14 will support 12 and 13. Alternatively, if possible, get your team to put your gitlab db on a postgres instance that can run 12.6, and potentially be upgraded more easier and quickly in the future when making gitlab upgrades.

Might be worth waiting for a Gitlab team member to reply here as they will know more details if it’s OK or not with 12.4.

Our dev instance is now running 13.10.2 with a 12.4 backend, so looks like it’s ok. I think they meant 12.6 would be the default, not the required minimum, which is what I would expect for a minor release.

Thanks for your thoughts, iwalker!