NES for PostgreSQL 14 Support Policy
HeroDevs support policy for NES for PostgreSQL 14: supported platforms, testing and validation, security posture, FIPS operational environments, and customer obligations.
This policy defines how HeroDevs ("we") support NES for PostgreSQL 14: Which platforms we support, how we test and validate the builds, the security posture, the FIPS operational-environment posture, and customer obligations.
Supported platform matrix
We support NES for PostgreSQL 14 on the following platforms. The standard and minimal builds share the same platform matrix.
| Platform | Architecture |
|---|---|
| RHEL / UBI 7, 8, 9, 10 | x86_64 |
| Oracle Linux 7, 8, 9, 10 | x86_64 |
| SLES 12 SP5, 15 SP3 | x86_64 |
| Windows Server 2019, 2022, 2025 | x86_64 |
| AIX 7.2 TL5 | ppc64 |
| Solaris 11.4 | x86_64, SPARC64 |
pgpool-II ships on every platform above except Windows, which upstream pgpool-II does not support. RHEL 7 and Oracle Linux 7 run pgpool-II 4.4.17; all other platforms run 4.5.12.
Testing and validation
Every release is built and validated across the full platform matrix. Testing includes:
- Full build matrix on every supported platform, on each pull request and on release.
- Runtime smoke tests of core PostgreSQL and pgpool-II flows.
- FIPS provider verification (
openssl fipsinstall -verify) and a runtime FIPS probe of the server process. - End-to-end tests against each build.
- Security scanning of the build pipeline and the OpenSSL FIPS provider source.
Security posture
NES for PostgreSQL 14 covers CVEs in PostgreSQL, pgpool-II, and the bundled OpenSSL library and FIPS provider. The HeroDevs CVE response SLA applies to these components.
CVEs in operating-system packages outside the build are the responsibility of the operating system vendor.
FIPS operational environments
NES for PostgreSQL 14 ships a bundled OpenSSL library plus the OpenSSL 3.1.2 FIPS provider (CMVP cert #4985) on each supported platform. Cert #4985's tested operational environments (Debian 11, Ubuntu 22.04, macOS, Windows 10 Pro) do not overlap with the platforms above. As the integrator, HeroDevs affirms continued correctness under FIPS 140-3 IG 2.3.A by recompiling the unmodified validated source on each target platform. The cryptographic boundary, algorithm list, and security policy of cert #4985 apply unchanged across all platforms.
On AIX 7.2, customers may instead use IBM's AIX FIPS Crypto Provider for OpenSSL 3 (CMVP cert #4889).
Customer obligations
Customers must run a platform listed in the supported matrix to receive full product support for NES for PostgreSQL 14.
Customers must monitor the NES for PostgreSQL 14 documentation and release notes.