AWS AmazonRDS high security documentation change
Summary
Added release notes for Aurora PostgreSQL Limitless Database 16.9.102, including performance improvements, bug fixes, and security-related fixes for Row Level Security (RLS) data leaks.
Security assessment
The change explicitly mentions fixing 'correctness and data leak issues in Row Level Security (RLS) policies,' which directly addresses a security vulnerability. The recommendation to re-create existing RLS policies indicates a potential exploit path was mitigated.
Diff
diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md index a9d3af90e..bea328699 100644 --- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md +++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md @@ -33,0 +34,2 @@ This version of Aurora PostgreSQL Limitless Database is compatible with PostgreS + * Aurora PostgreSQL Limitless Database 16.9.102, November 21, 2025 + @@ -40,0 +43,38 @@ This version of Aurora PostgreSQL Limitless Database is compatible with PostgreS +### Aurora PostgreSQL Limitless Database 16.9.102, November 21, 2025 + +**Enhancements** + + * Improved performance for shard split. + + * Improved error messages when queries fail during (minor) upgrades due to inconsistent instance versions. + + + + +**Bug fixes** + + * Fixed an issue where database remained unusable after `DROP DATABASE` through JDBC. + + * Fixed an issue with privilege grants which failed with `invalid role OID: 0` when all privileges are `GRANT`ed to public. + + * Fixed an issue with `SELECT` queries with type casts which failed with `cannot cast type cstring to text[]`. + + * Fixed an issue with `CREATE DATABASE` which failed with `connection_limit requires an integer value` when also setting `connection_limit`. + + * Fixed table transformation from standard table to distributed table or reference table to keep Row Level Security Policies. + + * Fixed correctness and data leak issues in Row Level Security (RLS) policies. We recommend to drop and re-create any existing RLS policies. + + * Fixed `DROP POLICY` statement when used with `IF EXISTS`. + + * Fixed incorrect result when selecting `tableoid` system column. The `tableoid` is the OID of the table, which is a distinct identification given to the database object by a given system. If the query is eligible for Single Shard Optimization, the `tableoid` will be obtained from the Shard. Otherwise, the `tableoid` will be obtained from the connected router. Different routers may result in different `tableoid` for the same query. + + * Fixed an issue where internal processes were no longer working properly after revoking `CONNECT` privilege for internal system roles. + + * Fixed stats update for tables with User Defined Types. + + * Fixed one edge case in resolving prepared transaction. + + + +