diff --git a/.github/workflows/abi.yaml b/.github/workflows/abi.yaml
index fb962d325..0bb5e5dcb 100644
--- a/.github/workflows/abi.yaml
+++ b/.github/workflows/abi.yaml
@@ -75,6 +75,12 @@ jobs:
     - name: Build extension
       run: |
         BUILDER_IMAGE="postgres:${{matrix.builder}}-alpine"
+        if [[ "${{matrix.test}}" == *backward ]]; then
+          # Alpine v3.17 updated its default libssl version to 3.0 but the older
+          # images use 1.0. Ensure that the builder image uses the same libssl version
+          # as the one used by the older test image by using Alpine 3.16.
+          BUILDER_IMAGE+="3.16"
+        fi
 
         docker run -i --rm -v $(pwd):/mnt ${BUILDER_IMAGE} bash <<"EOF"
           apk add cmake gcc make build-base krb5-dev openssl-dev git > /dev/null
@@ -90,6 +96,12 @@ jobs:
     - name: Run tests
       run: |
         TEST_IMAGE="postgres:${{ matrix.tester }}-alpine"
+        if [[ "${{matrix.test}}" == *forward ]]; then
+          # Alpine v3.17 updated its default libssl version to 3.0 but the older
+          # images use 1.0. Ensure that the test image uses the same libssl version
+          # as the one used by the older build image by using Alpine 3.16.
+          TEST_IMAGE+="3.16"
+        fi
 
         docker run -i --rm -v $(pwd):/mnt ${TEST_IMAGE} bash <<"EOF"
           apk add cmake gcc make build-base krb5-dev openssl-dev sudo > /dev/null
diff --git a/.github/workflows/update-test.yaml b/.github/workflows/update-test.yaml
index 539bcb8e9..6f614e52c 100644
--- a/.github/workflows/update-test.yaml
+++ b/.github/workflows/update-test.yaml
@@ -79,7 +79,9 @@ jobs:
         PG_MAJOR=$(echo "${{ matrix.pg }}" | sed -e 's![.].*!!')
         UPDATE_FROM_TAG=${DOWNGRADE_TO}-pg${PG_MAJOR}
         export UPDATE_FROM_TAG
-        scripts/test_downgrade_from_tag.sh
+        # We need to use same libssl version used in the latest official TimescaleDB container images.
+        # So we will use the fixed alpine version, this will guarantee that libssl version wont change.
+        PG_IMAGE_TAG="${PG_VERSION}-alpine3.16" scripts/test_downgrade_from_tag.sh
 
     - name: Downgrade diff
       if: failure()
diff --git a/.github/workflows/windows-build-and-test.yaml b/.github/workflows/windows-build-and-test.yaml
index 05908e834..c173e0f46 100644
--- a/.github/workflows/windows-build-and-test.yaml
+++ b/.github/workflows/windows-build-and-test.yaml
@@ -56,7 +56,7 @@ jobs:
             tsl_skips_version: dist_grant-13 dist_partial_agg-13
           - pg: 14
             pkg_version: ${{ fromJson(needs.config.outputs.pg14_latest) }}.1
-            tsl_skips_version: dist_partial_agg-14
+            tsl_skips_version: dist_partial_agg-14 dist_grant-14
     env:
       # PostgreSQL configuration
       PGPORT: 55432
diff --git a/scripts/docker-run-restore-points-test.sh b/scripts/docker-run-restore-points-test.sh
index e6479ef0d..6aae47814 100755
--- a/scripts/docker-run-restore-points-test.sh
+++ b/scripts/docker-run-restore-points-test.sh
@@ -3,7 +3,7 @@
 set -e
 set -o pipefail
 
-SCRIPT_DIR=$(dirname $0)
+SCRIPT_DIR=$(dirname "$0")
 BASE_DIR=${PWD}/${SCRIPT_DIR}/..
 DO_CLEANUP=true
 
@@ -24,7 +24,7 @@ done
 
 shift $((OPTIND-1))
 
-if "$DO_CLEANUP" = "true"; then
+if [ "$DO_CLEANUP" == "true" ] ; then
     trap cleanup EXIT
 fi
 
@@ -42,16 +42,16 @@ cleanup() {
 docker_exec() {
     # Echo to stderr
     >&2 echo -e "\033[1m$1\033[0m: $2"
-    docker exec $1 /bin/bash -c "$2"
+    docker exec "$1" /bin/bash -c "$2"
 }
 
 docker rm -f timescaledb-rp 2>/dev/null || true
-IMAGE_NAME=rp_test TAG_NAME=latest bash ${SCRIPT_DIR}/docker-build.sh
+IMAGE_NAME=rp_test TAG_NAME=latest bash "${SCRIPT_DIR}/docker-build.sh"
 
 # The odd contortion with the BASE_DIR is necessary since SCRIPT_DIR
 # is relative and --volume requires an absolute path.
 docker run --env TIMESCALEDB_TELEMETRY=off -d \
- --volume ${BASE_DIR}/scripts:/mnt/scripts \
+ --volume "${BASE_DIR}/scripts":/mnt/scripts \
  --name timescaledb-rp rp_test:latest
 
 echo "**** Testing ****"
diff --git a/scripts/test_sanitizers.sh b/scripts/test_sanitizers.sh
index fda0f4d57..f19e1b6c7 100755
--- a/scripts/test_sanitizers.sh
+++ b/scripts/test_sanitizers.sh
@@ -4,7 +4,7 @@ set -e
 set -o pipefail
 
 DO_CLEANUP=true
-SCRIPT_DIR=${SCRIPT_DIR:-$(dirname $0)}
+SCRIPT_DIR=${SCRIPT_DIR:-$(dirname "$0")}
 EXCLUDE_PATTERN=${EXCLUDE_PATTERN:-'^$'} # tests matching regex pattern will be excluded
 INCLUDE_PATTERN=${INCLUDE_PATTERN:-'.*'} # tests matching regex pattern will be included
 TEST_MAX=${TEST_MAX:-$((2**16))}
@@ -33,7 +33,7 @@ done
 
 shift $((OPTIND-1))
 
-if "$DO_CLEANUP" = "true"; then
+if [ "$DO_CLEANUP" == "true" ] ; then
     trap cleanup EXIT
 fi
 
@@ -61,12 +61,12 @@ cleanup() {
 docker_exec() {
     # Echo to stderr
     >&2 echo -e "\033[1m$1\033[0m: $2"
-    docker exec $1 /bin/bash -c "$2"
+    docker exec "$1" /bin/bash -c "$2"
 }
 
 docker rm -f timescaledb-san 2>/dev/null || true
 
-docker run -d --privileged --name timescaledb-san --env POSTGRES_HOST_AUTH_METHOD=trust -v ${TIMESCALE_DIR}:/timescaledb ${REMOTE_ORG}/${REMOTE_NAME}:${REMOTE_TAG}
+docker run -d --privileged --name timescaledb-san --env POSTGRES_HOST_AUTH_METHOD=trust -v "${TIMESCALE_DIR}":/timescaledb "${REMOTE_ORG}/${REMOTE_NAME}":"${REMOTE_TAG}"
 
 # Run these commands as root to copy the source into the
 # container. Make sure that all files in the copy is owned by user