Situation: We have a couple customer bugs where the current version of rh-postgresql10 is getting flagged in security scans: rh-postgresql10-postgresql-10.6-1.el7.x86_64 We noticed from this Red Hat security advisory that the security problem is resolved with this version of the package: * Advisory: https://access.redhat.com/errata/RHSA-2020:5316 * Package: rh-postgresql10-postgresql-10.15-1.el7.x86_64 However, oVirt 4.4 still includes 10.6-1 and not 10.15-1 Question: We need to let customers know why rh-postgresql10-postgresql-10.15-1.el7.x86_64 is not included with the latest errata release of oVirt 4.4 Is there an written policy or communication from the community one way or the other regarding the security vulnerability resolved with rh-postgresql10-postgresql-10.15-1.el7.x86_64? (IE: it was reviewed and found not to be applicable, it will be in the next errata release, etc - something along those lines) [oracle-email-sig-198324-355094] Gregory King | Software Development Manager | +1.303.272.2427 Oracle Virtualization Sustaining Engineering 500 Eldorado Boulevard Build 5 | Broomfield Colorado 80021 Mobile: +1.303.968.8169 | Fax: +1.303.272.2427