AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2025-11-25 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md

Summary

Added release notes for Aurora PostgreSQL Limitless Database 16.9.102, including performance improvements, bug fixes, and security-related fixes for Row Level Security (RLS) data leaks.

Security assessment

The change explicitly mentions fixing 'correctness and data leak issues in Row Level Security (RLS) policies,' which directly addresses a security vulnerability. The recommendation to re-create existing RLS policies indicates a potential exploit path was mitigated.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md
index a9d3af90e..bea328699 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/limitless-updates.md
@@ -33,0 +34,2 @@ This version of Aurora PostgreSQL Limitless Database is compatible with PostgreS
+  * Aurora PostgreSQL Limitless Database 16.9.102, November 21, 2025
+
@@ -40,0 +43,38 @@ This version of Aurora PostgreSQL Limitless Database is compatible with PostgreS
+### Aurora PostgreSQL Limitless Database 16.9.102, November 21, 2025
+
+**Enhancements**
+
+  * Improved performance for shard split.
+
+  * Improved error messages when queries fail during (minor) upgrades due to inconsistent instance versions.
+
+
+
+
+**Bug fixes**
+
+  * Fixed an issue where database remained unusable after `DROP DATABASE` through JDBC.
+
+  * Fixed an issue with privilege grants which failed with `invalid role OID: 0` when all privileges are `GRANT`ed to public.
+
+  * Fixed an issue with `SELECT` queries with type casts which failed with `cannot cast type cstring to text[]`.
+
+  * Fixed an issue with `CREATE DATABASE` which failed with `connection_limit requires an integer value` when also setting `connection_limit`.
+
+  * Fixed table transformation from standard table to distributed table or reference table to keep Row Level Security Policies.
+
+  * Fixed correctness and data leak issues in Row Level Security (RLS) policies. We recommend to drop and re-create any existing RLS policies.
+
+  * Fixed `DROP POLICY` statement when used with `IF EXISTS`.
+
+  * Fixed incorrect result when selecting `tableoid` system column. The `tableoid` is the OID of the table, which is a distinct identification given to the database object by a given system. If the query is eligible for Single Shard Optimization, the `tableoid` will be obtained from the Shard. Otherwise, the `tableoid` will be obtained from the connected router. Different routers may result in different `tableoid` for the same query.
+
+  * Fixed an issue where internal processes were no longer working properly after revoking `CONNECT` privilege for internal system roles.
+
+  * Fixed stats update for tables with User Defined Types.
+
+  * Fixed one edge case in resolving prepared transaction.
+
+
+
+