PostgreSQL
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://www.postgresql.org | Medium | Very Low |
External contacts
The PostgreSQL team, along with a very wide community, are contactable via mailing lists and IRC. Commercial support is available via partners.
Security posture
The database holds all customer order history information, authentication information for customers who choose to use a password, and self-hosted administrator authentication information. As such, PostgreSQL is one of the most critical dependencies for security in MoR.
However, it runs in its own container, which isolates it from some issues. Additionally, Active Record sanitises SQL query parameters, making it harder to exploit from public endpoints. Due to these mitigations, we have ranked it a Medium risk.
Abandonment risk
There is a public Foundation, multiple consultancies, and several Fortune 50 enterprises relying on PostgreSQL. It is very unlikely to be abandoned during the lifetime of MoR.
Versioning policy
Presently, all WTI systems have standarised on PostgreSQL 16, which will remain supported until 2028. We plan on evaluating 18 some time in mid-2026.
If, for some reason, release 18 is inappropriate, 17 can be evaluated as a replacement. 19 is scheduled to be released before 16 is retired as well, providing us multiple options for update and upgrade.