AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2025-05-03 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraBabelfish.Updates.md

Summary

Added documentation for Babelfish 5.x versions including new security roles, permission management features, and multiple functional/security fixes

Security assessment

Added support for fixed database/server-level roles (db_securityadmin, securityadmin etc.) which are security controls. Fixed security-related issues including: 1) HASHBYTES function handling (critical for cryptographic operations), 2) Connection pooling cleanup to prevent stale data leakage, 3) Privilege fixes for mapped database users, and 4) Restrictions on @@function mapping to prevent system function overrides. Directly references new permission management documentation.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraBabelfish.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraBabelfish.Updates.md
index 87df3eb57..0649301a3 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraBabelfish.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraBabelfish.Updates.md
@@ -5 +5 @@
-Babelfish for Aurora PostgreSQL 4.x versionsBabelfish for Aurora PostgreSQL 3.x versionsBabelfish for Aurora PostgreSQL 2.x versionsBabelfish for Aurora PostgreSQL 1.x versions (includes some deprecated versions)
+Babelfish for Aurora PostgreSQL 5.x versionsBabelfish for Aurora PostgreSQL 4.x versionsBabelfish for Aurora PostgreSQL 3.x versionsBabelfish for Aurora PostgreSQL 2.x versionsBabelfish for Aurora PostgreSQL 1.x versions (includes some deprecated versions)
@@ -18,0 +19,2 @@ For a list of supported and unsupported functionality across different Babelfish
+  * Babelfish for Aurora PostgreSQL 5.x versions
+
@@ -29,0 +32,137 @@ For a list of supported and unsupported functionality across different Babelfish
+## Babelfish for Aurora PostgreSQL 5.x versions
+
+###### Version updates
+
+  * Babelfish for Aurora PostgreSQL 5.1
+
+
+
+
+### Babelfish for Aurora PostgreSQL 5.1
+
+This release of Aurora Babelfish is provided with Aurora PostgreSQL 17.4. For more information about the improvements in Aurora PostgreSQL 17.4, see [Amazon Aurora PostgreSQL updates](./AuroraPostgreSQL.Updates.html). Babelfish for Aurora PostgreSQL 5.1 adds several new features, enhancements, and fixes. For more information about Babelfish for Aurora PostgreSQL, see [Working with Babelfish for Aurora PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/babelfish.html). 
+
+#### Aurora Babelfish release 5.1.0, May 01, 2025
+
+**New Features**
+
+  * Added support for fixed database-level roles `db_securityadmin`, `db_accessadmin`, `db_ddladmin`, `db_datareader` and `db_datawriter`. T-SQL users can be added to these fixed database roles.
+
+  * Added support for fixed server-level roles `securityadmin` and `dbcreator`. T-SQL logins can be added to these fixed server roles.
+
+  * Added support for adding T-SQL users to `db_owner` fixed database-level role. This T-SQL will have privileges similar to the database owner.
+
+
+
+
+For more information about relevant permission management and access control settings for these new features in Babelfish, see [Managing permissions and access control in Babelfish for Aurora PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/babelfish-permissions.html).
+
+**Critical enhancements**
+
+  * Fixed issues with `Convert` function when converting from `string` to `date`, `datetimeoffset`, `datetime2`, `datetime`, `smalldatetime` and `time`.
+
+  * Fixed the issue of parameter declarations containing # characters not being handled correctly.
+
+  * Supported `SET IDENTITY_INSERT` for three part relation references.
+
+  * Fixed an issue with the `HASHBYTES` function to ensure correct behavior when processing `NVARCHAR` argument.
+
+  * Fixed the issue of `CREATE PARTITION SCHEME` not supporting “PRIMARY” syntax.
+
+  * Fixed the issue of UPDATE/DELETE of table variable query in a function getting incorrectly rejected with multi-table FROM clause.
+
+  * Restricted user defined @@function from being mapped to sys function.
+
+  * Fixed the issue of comparison with empty double quoted string raised the error about “zero-length delimited identifier”.
+
+  * Fixed a crash which could occur in rare situations when using temporary tables with certain orphaned catalog entries.
+
+  * Fixed an issue where trigger gets dropped when dropping a column in a table.
+
+  * Improved performance of queries having join between `TABLE_CONSTRAINTS` and `KEY_COLUMN_USAGE` view in the INFORMATION_SCHEMA schema.
+
+  * Fixed inconsistent formatting issue with `Convert` function when converting MONEY datatype with value 0 to string datatypes.
+
+  * Fixed formatting issues in `CAST` from `MONEY` to `CHAR/VARCHAR`.
+
+  * Fixed the issue where `SELECT...INTO` with `MIN` and `MAX` aggregations on `MONEY` columns lost type information.
+
+  * Implement modulo operator for `MONEY` type.
+
+  * Added cleanup of stale parameters and configs in case of connection pooling.
+
+  * Added comprehensive cursor state cleanup to avoid stale data in case of connection pooling.
+
+  * Fixed a issue with `IDENTITY` columns not being recognized during `DML` statements using `OUTPUT` and `WHERE` clause.
+
+
+
+
+**High Priority stability enhancements**
+
+  * Fixed an issue where @@function in `UPDATE SET` clause causes syntax error.
+
+  * Fixed dynamic evaluation of @local_var for `UPDATE ... SET` @local_var and `SELECT` command.
+
+  * Fixed an issue with `sp_columns_100` where partial data could be returned if @fUsePattern = 0 is used.
+
+  * Fixed an issue where local variables may not be updated correct when query involves manipulation of local variable.
+
+  * Improved the general performance of parsing.
+
+  * Fixed an issue with system function `OPENJSON`.
+
+  * Fixed the incorrect result datatype of `UNION` involving `MONEY` type.
+
+  * Fixed offset when using “AT TIME ZONE” with DATETIME2 datatype conversion with convert() function in non-default local timezone setting.
+
+  * Fixed an issue where batches containing cross database queries looks up the objects in incorrect database.
+
+  * Fixed behavior of `DATEDIFF`() and `DATEDIFF_BIG`() functions for week and quarter `Datepart`.
+
+  * Fixed an issue where `sys.column_property` may return incorrect results for ordinal property of a column.
+
+  * Fixed “`AT TIME ZONE`” issue near DST change time with `DATETIME2` datatype conversion.
+
+  * Fixed behavior of queries which use `sys.Db_id()`function which returned empty rows in enforced parallel mode.
+
+
+
+
+**Additional improvements and enhancements**
+
+  * Optimize execution the `plan` extension by removing unnecessary `CAST` functions.
+
+  * `EXECUTE`() on a double-quoted string no longer raises an error.
+
+  * Fixed an error when using functions as column default values on temp tables.
+
+  * Fixed an error in `OPENJSON` function call to allow parse on long `JSON` string.
+
+  * Fixed issue where dropping member from role does not work after restoring Babelfish database.
+
+  * Fixed the alias issue when if exists co-exists with a “=” alias in select list.
+
+  * Restricted declaring the reserved @@function names as common variables.
+
+  * Corrected the implementation of procedure `sp_helpuser` for database roles where `sp_helpuser` should show roles only when explicitly specified.
+
+  * Fixed an issue where smalldatetime type and date type can more flexibly access data through index.
+
+  * Fixed an issue with system procedure `fn_listextendedproperty`.
+
+  * Fixed the use of table-valued parameters as arguments in procedures. Previously, you had to specify the type name of the table-valued parameter when calling the procedure, now it is optional.
+
+  * Fixed precision and scale when common type of `CASE` expression is `NUMERIC` / `DECIMAL` .
+
+  * Fixed an issue where `sys.dm_exec_sessions` may have abandoned entries for already terminated connections.
+
+  * Fixed an issue where a login with mapped database user still has guest user privileges.
+
+  * Fixed an issue where transaction count changes after execution of some system functions.
+
+  * Fixed issue where `Datepart` functions were having different output based on the GUC `timezone`.
+
+
+
+