AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2025-10-16 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md

Summary

Added new release notes for Aurora PostgreSQL versions 17.4.4, 16.8.4, 15.12.4, 14.17.4, and 13.20.4, including security fixes, stability improvements, and general enhancements.

Security assessment

The changes explicitly address security issues: 1) A 'security issue when altering routine ownership' (potential privilege escalation). 2) Backported fixes for PostgreSQL CVEs (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715) and PLv8 engine CVEs (CVE-2022-1364, CVE-2023-3079). These are documented security vulnerabilities requiring patching.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
index c1807bafa..04d64f74b 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
@@ -261,0 +262,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.4. For more i
+  * Aurora PostgreSQL 17.4.4, October 9, 2025
+
@@ -270,0 +273,69 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.4. For more i
+#### Aurora PostgreSQL 17.4.4, October 9, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue in engine minor and patch upgrades where in rare cases a backend can incorrectly process an interrupt early.
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process wasn't exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension’s V8 Engine security vulnerabilities:
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+
+    * [CVE-2023-3079](https://nvd.nist.gov/vuln/detail/CVE-2023-3079).
+
+  * Fixed a race condition where old writer instance may not step down after a new writer instance is promoted and continues to write.
+
+
+
+
+**General enhancements**
+
+  * Improved error handling mechanisms during TDS Connection reset operations.
+
+  * Fixed an issue that could prevent online recovery of an Aurora Replica from completing.
+
+  * Fixed an issue that could cause unavailability when `apg_plan_mgmt` is enabled.
+
+  * Fixed an issue with parallel heap scans that could lead to index inconsistency on tables larger than 16TiB when synchronize_seqscans is enabled.
+
+  * Fixed an issue in Query Plan Management with running a utility statement immediately after installing the extension or resetting shared memory.
+
+  * Fixed an issue in enforcing, validating and evolving the `plans` extension in Query Plan Management.
+
+  * Fixed an issue during numeric calculations involving aggregate functions with all-column selections.
+
+  * Fixed an issue that could cause prolonged Serverless v2 scaling time.
+
+  * Fixed a crash that occurred when using ST_AsGeoJSON after upgrading to a release containing The `PostGIS` extension 3.5.1 without running postgis_extensions_upgrade.
+
+  * Fixed an issue causing a replica restart during the replica join case.
+
+  * Fixed an issue which can cause vacuum operations to become blocked after the restart of an Aurora replica in a Global Database.
+
+  * Fixed an issue causing query execution failure for execution the `plans` extension using the “bitmap heap scan” access method.
+
+  * Fixed an issue impacting query execution performance for execution the `plans` extension using the “bitmap heap scan” access method.
+
+  * Fixed and issue where storage client may crash during instance restart.
+
+
+
+
@@ -615,4 +685,0 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.9. For more i
-  * Fixed an issue causing query execution failure for execution the `plans` extension using the “bitmap heap scan” access method.
-
-  * Fixed an issue impacting query execution performance for execution the `plans` extension using the “bitmap heap scan” access method.
-
@@ -733,0 +801,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.8. For more i
+  * Aurora PostgreSQL 16.8.4, October 9, 2025
+
@@ -742,0 +812,69 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.8. For more i
+#### Aurora PostgreSQL 16.8.4, October 9, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue in engine minor and patch upgrades where in rare cases a backend can incorrectly process an interrupt early.
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process wasn't exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension’s V8 Engine security vulnerabilities:
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+
+    * [CVE-2023-3079](https://nvd.nist.gov/vuln/detail/CVE-2023-3079).
+
+  * Fixed a race condition where old writer instance may not step down after a new writer instance is promoted and continues to write.
+
+
+
+
+**General enhancements**
+
+  * Improved error handling mechanisms during TDS Connection reset operations.
+
+  * Fixed an issue that could prevent online recovery of an Aurora Replica from completing.
+
+  * Fixed an issue that could cause unavailability when `apg_plan_mgmt` is enabled.
+
+  * Fixed an issue with parallel heap scans that could lead to index inconsistency on tables larger than 16TiB when synchronize_seqscans is enabled.
+
+  * Fixed an issue in Query Plan Management with running a utility statement immediately after installing the extension or resetting shared memory.
+
+  * Fixed an issue in enforcing, validating and evolving the `plans` extension in Query Plan Management.
+
+  * Fixed an issue during numeric calculations involving aggregate functions with all-column selections.
+
+  * Fixed an issue that could cause prolonged Serverless v2 scaling time.
+
+  * Fixed a crash that occurred when using ST_AsGeoJSON after upgrading to a release containing The `PostGIS` extension 3.5.1 without running postgis_extensions_upgrade.
+
+  * Fixed an issue causing a replica restart during the replica join case.
+
+  * Fixed an issue which can cause vacuum operations to become blocked after the restart of an Aurora replica in a Global Database.
+
+  * Fixed an issue causing query execution failure for execution the `plans` extension using the “bitmap heap scan” access method.
+
+  * Fixed an issue impacting query execution performance for execution the `plans` extension using the “bitmap heap scan” access method.
+
+  * Fixed and issue where storage client may crash during instance restart.
+
+
+
+
@@ -2103,4 +2240,0 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.13. For more
-  * Fixed an issue causing query execution failure for execution the `plans` extension using the “bitmap heap scan” access method.
-
-  * Fixed an issue impacting query execution performance for execution the `plans` extension using the “bitmap heap scan” access method.
-
@@ -2217,0 +2352,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.12. For more
+  * Aurora PostgreSQL 15.12.4, October 9, 2025
+
@@ -2226,0 +2363,69 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.12. For more
+#### Aurora PostgreSQL 15.12.4, October 9, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue in engine minor and patch upgrades where in rare cases a backend can incorrectly process an interrupt early.
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process wasn't exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension’s V8 Engine security vulnerabilities:
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+
+    * [CVE-2023-3079](https://nvd.nist.gov/vuln/detail/CVE-2023-3079).
+
+  * Fixed a race condition where old writer instance may not step down after a new writer instance is promoted and continues to write.
+
+
+
+