AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2025-09-19 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md

Summary

Added release notes for Aurora PostgreSQL versions 17.5.3, 16.9.3, 15.13.3, 14.18.3, 13.21.3, and corrected 11.21.11, documenting security fixes, stability improvements, and general enhancements.

Security assessment

The changes explicitly address security vulnerabilities, including CVE-2025-8713, CVE-2025-8714, CVE-2025-8715, CVE-2022-1364, CVE-2023-3079, and a security issue in routine ownership handling. These CVEs and the described security fixes indicate direct remediation of security vulnerabilities, making the changes security-related. The documentation adds details about these security patches, qualifying as security documentation.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
index b9975b5f3..3af1ada8b 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
@@ -65,0 +66,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.5. For more i
+  * Aurora PostgreSQL 17.5.3, September 16, 2025
+
@@ -74,0 +77,75 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.5. For more i
+#### Aurora PostgreSQL 17.5.3, September 16, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue in engine minor and patch upgrades where in rare cases a backend can incorrectly process an interrupt early.
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process wasn't exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+  * Fixed an issue with Serverless v2 scaling that may cause unavailability when fetching pages from storage.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension’s V8 Engine security vulnerabilities:
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+
+    * [CVE-2023-3079](https://nvd.nist.gov/vuln/detail/CVE-2023-3079).
+
+  * Fixed an issue that can cause reboots of the primary db instance when reading from a logical replication slot in the presence of frequent DDL if aurora.enhanced_logical_replication is enabled.
+
+  * Fixed a race condition where old writer instance may not step down after a new writer instance is promoted and continues to write.
+
+
+
+
+**General enhancements**
+
+  * Improved error handling mechanisms during TDS Connection reset operations.
+
+  * Fixed an issue that could prevent online recovery of an Aurora Replica from completing.
+
+  * Fixed an issue that could cause unavailability when `apg_plan_mgmt` is enabled.
+
+  * Fixed an issue with parallel heap scans that could lead to index inconsistency on tables larger than 16TiB when synchronize_seqscans is enabled.
+
+  * Fixed an issue in Query Plan Management with running a utility statement immediately after installing the extension or resetting shared memory.
+
+  * Fixed an issue with Babelfish ZDP that could lead to instance reboot after minor version ugprade in some cases.
+
+  * Fixed an issue in enforcing, validating and evolving the `plans` extension in Query Plan Management.
+
+  * Fixed an issue during numeric calculations involving aggregate functions with all-column selections.
+
+  * Fixed an issue that could cause prolonged Serverless v2 scaling time.
+
+  * Fixed a crash that occurred when using ST_AsGeoJSON after upgrading to a release containing The `PostGIS` extension 3.5.1 without running postgis_extensions_upgrade.
+
+  * Fixed an issue causing a replica restart during the replica join case.
+
+  * Fixed an issue which can cause vacuum operations to become blocked after the restart of an Aurora replica in a Global Database.
+
+  * Fixed an issue causing query execution failure for execution the `plans` extension using the “bitmap heap scan” access method.
+
+  * Fixed an issue impacting query execution performance for execution the `plans` extension using the “bitmap heap scan” access method.
+
+  * Fixed and issue where storage client may crash during instance restart.
+
+
+
+
@@ -456,0 +534,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.9. For more i
+  * Aurora PostgreSQL 16.9.3, September 16, 2025
+
@@ -465,0 +545,75 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.9. For more i
+#### Aurora PostgreSQL 16.9.3, September 16, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue in engine minor and patch upgrades where in rare cases a backend can incorrectly process an interrupt early.
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process wasn't exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+  * Fixed an issue with Serverless v2 scaling that may cause unavailability when fetching pages from storage.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension’s V8 Engine security vulnerabilities.
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+
+    * [CVE-2023-3079](https://nvd.nist.gov/vuln/detail/CVE-2023-3079).
+
+  * Fixed an issue that can cause reboots of the primary db instance when reading from a logical replication slot in the presence of frequent DDL if aurora.enhanced_logical_replication is enabled.
+
+  * Fixed a race where old writer may not step down after a new writer is promoted and continues to write.
+
+
+
+
+**General enhancements**
+
+  * Implemented enhanced error handling mechanisms during TDS Connection reset operations.
+
+  * Fixed an issue that could in certain cases prevent online recovery of an Aurora Replica from completing.
+
+  * Fixed an issue that could cause unavailability when `apg_plan_mgmt` is enabled.
+
+  * Fixed an issue with parallel heap scans that could lead to index inconsistency on tables larger than 16TiB when synchronize_seqscans is enabled.
+
+  * Fixed an issue in Query Plan Management with running a utility statement immediately after installing the extension or resetting shared memory.
+
+  * Fixed an issue with Babelfish ZDP that could lead to instance reboot after minor version ugprade in some cases.
+
+  * Fixed an issue in enforcing, validating and evolving the `plans` extension in Query Plan Management.
+
+  * Fixed an issue during numeric calculations involving aggregate functions with all-column selections.
+
+  * Fixed an issue with prolonged Serverless v2 scaling time.
+
+  * Fixed a crash that occurred when using ST_AsGeoJSON after upgrading to a release containing The `PostGIS` extension 3.5.1 without running postgis_extensions_upgrade.
+
+  * Fixed an issue causing a replica restart during the replica join case.
+
+  * Fixed an issue which can cause vacuum operations to become blocked after the restart of an Aurora replica in a Global Database.
+
+  * Fixed an issue causing query execution failure for execution the `plans` extension using the “bitmap heap scan” access method.
+
+  * Fixed an issue impacting query execution performance for execution the `plans` extension using the “bitmap heap scan” access method.
+
+  * Fixed and issue where storage client may crash during instance restart.
+
+
+
+
@@ -468 +622 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.9. For more i
-**Critical stability enhancements**.
+**Critical stability enhancements**
@@ -1867,0 +2022,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.13. For more
+  * Aurora PostgreSQL 15.13.3, September 16, 2025
+
@@ -1876,0 +2033,75 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.13. For more
+#### Aurora PostgreSQL 15.13.3, September 16, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue in engine minor and patch upgrades where in rare cases a backend can incorrectly process an interrupt early.
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process wasn't exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+  * Fixed an issue with Serverless v2 scaling that may cause unavailability when fetching pages from storage.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension’s V8 Engine security vulnerabilities:
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+