AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2026-01-22 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md

Summary

Added new release notes for multiple Aurora PostgreSQL versions (16.4.6, 15.8.6, 14.13.6, 14.6.13, 13.16.6, 13.9.13, 12.9.16, 11.9.16) with critical stability fixes, security patches, and general enhancements

Security assessment

The change documents fixes for multiple security vulnerabilities: PostgreSQL CVEs (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715), V8 engine vulnerabilities (CVE-2022-1364, CVE-2023-3079) in PLv8 extension, and a security issue in routine ownership alteration. These are concrete security vulnerabilities with CVE references.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
index a8cc40d20..98dd7fdcc 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
@@ -1862,0 +1863,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.4. For more i
+  * Aurora PostgreSQL 16.4.6, November 21, 2025
+
@@ -1875,0 +1878,61 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.4. For more i
+#### Aurora PostgreSQL 16.4.6, November 21, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process was not exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension's V8 Engine security vulnerabilities:
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+
+    * [CVE-2023-3079](https://nvd.nist.gov/vuln/detail/CVE-2023-3079).
+
+  * Fixed a race condition where old writer instance may not step down after a new writer instance is promoted and continues to write.
+
+
+
+
+**General enhancements**
+
+  * Improved error handling mechanisms during TDS Connection reset operations.
+
+  * Fixed an issue that could prevent online recovery of an Aurora Replica from completing.
+
+  * Fixed an issue that could cause unavailability when apg_plan_mgmt is enabled.
+
+  * Fixed an issue with parallel heap scans that could lead to index inconsistency on tables larger than 16TiB when synchronize_seqscans is enabled.
+
+  * Fixed an issue in Query Plan Management with running a utility statement immediately after installing the extension or resetting shared memory.
+
+  * Fixed an issue in enforcing, validating and evolving plans in Query Plan Management.
+
+  * Fixed an issue that could cause prolonged Serverless v2 scaling time.
+
+  * Fixed a crash that occurred when using ST_AsGeoJSON after upgrading to a release containing PostGIS 3.5.1 without running postgis_extensions_upgrade.
+
+  * Fixed an issue causing a replica restart during the replica join case.
+
+  * Fixed an issue causing query execution failure for execution plans using the "bitmap heap scan" access method.
+
+  * Fixed an issue impacting query execution performance for execution plans using the "bitmap heap scan" access method.
+
+
+
+
@@ -3610,0 +3674,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.8. For more i
+  * Aurora PostgreSQL 15.8.6, November 21, 2025
+
@@ -3623,0 +3689,61 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.8. For more i
+#### Aurora PostgreSQL 15.8.6, November 21, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process was not exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension's V8 Engine security vulnerabilities:
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+
+    * [CVE-2023-3079](https://nvd.nist.gov/vuln/detail/CVE-2023-3079).
+
+  * Fixed a race condition where old writer instance may not step down after a new writer instance is promoted and continues to write.
+
+
+
+
+**General enhancements**
+
+  * Improved error handling mechanisms during TDS Connection reset operations.
+
+  * Fixed an issue that could prevent online recovery of an Aurora Replica from completing.
+
+  * Fixed an issue that could cause unavailability when apg_plan_mgmt is enabled.
+
+  * Fixed an issue with parallel heap scans that could lead to index inconsistency on tables larger than 16TiB when synchronize_seqscans is enabled.
+
+  * Fixed an issue in Query Plan Management with running a utility statement immediately after installing the extension or resetting shared memory.
+
+  * Fixed an issue in enforcing, validating and evolving plans in Query Plan Management.
+
+  * Fixed an issue that could cause prolonged Serverless v2 scaling time.
+
+  * Fixed a crash that occurred when using ST_AsGeoJSON after upgrading to a release containing PostGIS 3.5.1 without running postgis_extensions_upgrade.
+
+  * Fixed an issue causing a replica restart during the replica join case.
+
+  * Fixed an issue causing query execution failure for execution plans using the "bitmap heap scan" access method.
+
+  * Fixed an issue impacting query execution performance for execution plans using the "bitmap heap scan" access method.
+
+
+
+
@@ -6373,0 +6500,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.13. For more
+  * Aurora PostgreSQL 14.13.6, November 21, 2025
+
@@ -6386,0 +6515,61 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.13. For more
+#### Aurora PostgreSQL 14.13.6, November 21, 2025
+
+**Critical stability enhancements**
+
+  * Fixed an issue where minor version upgrades and patch upgrades might take a few seconds longer because the runtime process was not exiting gracefully.
+
+  * Fixed an issue related to Optimized Reads-enabled tiered cache functionality that might result in longer recovery times after a failover to Aurora replica instances.
+
+  * Fixed a security issue when altering routine ownership.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-8713](https://www.postgresql.org/support/security/CVE-2025-8713/).
+
+    * [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).
+
+    * [CVE-2025-8715](https://www.postgresql.org/support/security/CVE-2025-8715/).
+
+  * Backported fixes for the following PLv8 extension's V8 Engine security vulnerabilities:
+
+    * [CVE-2022-1364](https://nvd.nist.gov/vuln/detail/CVE-2022-1364).
+
+    * [CVE-2023-3079](https://nvd.nist.gov/vuln/detail/CVE-2023-3079).
+
+  * Fixed a race condition where old writer instance may not step down after a new writer instance is promoted and continues to write.
+
+
+
+
+**General enhancements**
+
+  * Improved error handling mechanisms during TDS Connection reset operations.
+
+  * Fixed an issue that could prevent online recovery of an Aurora Replica from completing.
+
+  * Fixed an issue that could cause unavailability when apg_plan_mgmt is enabled.
+
+  * Fixed an issue with parallel heap scans that could lead to index inconsistency on tables larger than 16TiB when synchronize_seqscans is enabled.
+
+  * Fixed an issue in Query Plan Management with running a utility statement immediately after installing the extension or resetting shared memory.
+
+  * Fixed an issue in enforcing, validating and evolving plans in Query Plan Management.
+
+  * Fixed an issue that could cause prolonged Serverless v2 scaling time.
+
+  * Fixed a crash that occurred when using ST_AsGeoJSON after upgrading to a release containing PostGIS 3.5.1 without running postgis_extensions_upgrade.
+
+  * Fixed an issue causing a replica restart during the replica join case.
+
+  * Fixed an issue causing query execution failure for execution plans using the "bitmap heap scan" access method.
+
+  * Fixed an issue impacting query execution performance for execution plans using the "bitmap heap scan" access method.
+
+
+
+
@@ -8284,0 +8474,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.6. For more i