AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2026-02-16 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md

Summary

Added new version release notes for multiple Aurora PostgreSQL versions (17.4.5, 16.8.5, 16.4.7, 15.8.7, 14.17.5, 14.13.7, 13.20.5, 13.16.7) documenting critical stability fixes, security patches, and general enhancements

Security assessment

The changes explicitly document backported fixes for PostgreSQL community security vulnerabilities CVE-2025-12817 and CVE-2025-12818 across all listed versions. These CVEs are referenced with NIST and PostgreSQL security links, providing concrete evidence of security vulnerability remediation.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
index c01b9e3cb..51deab72f 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
@@ -724,0 +725,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.4. For more i
+  * Aurora PostgreSQL 17.4.5, February 02, 2026
+
@@ -735,0 +738,43 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.4. For more i
+#### Aurora PostgreSQL 17.4.5, February 02, 2026
+
+**Critical stability enhancements**
+
+  * Fixed an issue that could cause garbage collection to get blocked on a change data capture (CDC) volume.
+
+  * Fix an issue which could trigger a race in change data capture (CDC) volume expansion.
+
+  * Process cleanup improvements during zero downtime patching to ensure that all database processes are properly terminated, preventing shutdown stalls and improving zero downtime patching success.
+
+  * Fixed a database shutdown issue which could cause major version upgrade to fail.
+
+  * Fixed an Issue that could cause readers to restart or readers cannot perform read operations due to missing storage segments.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-12817](https://nvd.nist.gov/vuln/detail/CVE-2025-12817).
+
+    * [CVE-2025-12818](https://nvd.nist.gov/vuln/detail/CVE-2025-12818).
+
+  * Fixed an issue which could cause a restart during the start of logical replication data synchronization.
+
+  * Fixed an issue where premature status updates during zero downtime patching could cause unnecessary failures by ensuring proper synchronization with server startup.
+
+  * Fixes crashes and/or intermittent errors when a procedure variable is assigned to itself.
+
+  * Fixed an issue with the cleanup of files created by NOTIFY channels, which could lead to high local storage usage.
+
+
+
+
+**General enhancements**
+
+  * Fixed IMDS throttling issues by reducing IMDS requests for region related information.
+
+
+
+
@@ -1558,0 +1604,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.8. For more i
+  * Aurora PostgreSQL 16.8.5, February 03, 2026
+
@@ -1569,0 +1617,43 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.8. For more i
+#### Aurora PostgreSQL 16.8.5, February 03, 2026
+
+**Critical stability enhancements**
+
+  * Fixed an issue that could cause garbage collection to get blocked on a change data capture (CDC) volume.
+
+  * Fix an issue which could trigger a race in change data capture (CDC) volume expansion.
+
+  * Process cleanup improvements during zero downtime patching to ensure that all database processes are properly terminated, preventing shutdown stalls and improving zero downtime patching success.
+
+  * Fixed a database shutdown issue which could cause major version upgrade to fail.
+
+  * Fixed an Issue that could cause readers to restart or readers cannot perform read operations due to missing storage segments.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-12817](https://nvd.nist.gov/vuln/detail/CVE-2025-12817).
+
+    * [CVE-2025-12818](https://nvd.nist.gov/vuln/detail/CVE-2025-12818).
+
+  * Fixed an issue which could cause a restart during the start of logical replication data synchronization.
+
+  * Fixed an issue where premature status updates during zero downtime patching could cause unnecessary failures by ensuring proper synchronization with server startup.
+
+  * Fixes crashes and/or intermittent errors when a procedure variable is assigned to itself.
+
+  * Fixed an issue with the cleanup of files created by NOTIFY channels, which could lead to high local storage usage.
+
+
+
+
+**General enhancements**
+
+  * Fixed IMDS throttling issues by reducing IMDS requests for region related information.
+
+
+
+
@@ -2078,0 +2169,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.4. For more i
+  * Aurora PostgreSQL 16.4.7, February 13, 2026
+
@@ -2093,0 +2186,22 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.4. For more i
+#### Aurora PostgreSQL 16.4.7, February 13, 2026
+
+**Critical stability enhancements**
+
+  * Fixed an issue that could cause garbage collection to get blocked on a change data capture (CDC) volume.
+
+  * Fix an issue which could trigger a race in change data capture (CDC) volume expansion.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-12817](https://www.postgresql.org/support/security/CVE-2025-12817/).
+
+    * [CVE-2025-12818](https://www.postgresql.org/support/security/CVE-2025-12818/).
+
+
+
+
@@ -4049,0 +4164,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.8. For more i
+  * Aurora PostgreSQL 15.8.7, February 13, 2026
+
@@ -4064,0 +4181,22 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.8. For more i
+#### Aurora PostgreSQL 15.8.7, February 13, 2026
+
+**Critical stability enhancements**
+
+  * Fixed an issue that could cause garbage collection to get blocked on a change data capture (CDC) volume.
+
+  * Fix an issue which could trigger a race in change data capture (CDC) volume expansion.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-12817](https://www.postgresql.org/support/security/CVE-2025-12817/).
+
+    * [CVE-2025-12818](https://www.postgresql.org/support/security/CVE-2025-12818/).
+
+
+
+
@@ -6531,0 +6670,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.17. For more
+  * Aurora PostgreSQL 14.17.5, February 10, 2026
+
@@ -6542,0 +6683,43 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.17. For more
+#### Aurora PostgreSQL 14.17.5, February 10, 2026
+
+**Critical stability enhancements**
+
+  * Fixed an issue that could cause garbage collection to get blocked on a change data capture (CDC) volume.
+
+  * Fix an issue which could trigger a race in change data capture (CDC) volume expansion.
+
+  * Process cleanup improvements during zero downtime patching to ensure that all database processes are properly terminated, preventing shutdown stalls and improving zero downtime patching success.
+
+  * Fixed a database shutdown issue which could cause major version upgrade to fail.
+
+  * Fixed an Issue that could cause readers to restart or readers cannot perform read operations due to missing storage segments.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-12817](https://nvd.nist.gov/vuln/detail/CVE-2025-12817).
+
+    * [CVE-2025-12818](https://nvd.nist.gov/vuln/detail/CVE-2025-12818).
+
+  * Fixed an issue which could cause a restart during the start of logical replication data synchronization.
+
+  * Fixed an issue where premature status updates during zero downtime patching could cause unnecessary failures by ensuring proper synchronization with server startup.
+
+  * Fixes crashes and/or intermittent errors when a procedure variable is assigned to itself.
+
+  * Fixed an issue with the cleanup of files created by NOTIFY channels, which could lead to high local storage usage.
+
+
+
+
+**General enhancements**
+
+  * Fixed IMDS throttling issues by reducing IMDS requests for region related information.
+
+
+
+
@@ -7035,0 +7219,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.13. For more
+  * Aurora PostgreSQL 14.13.7, February 13, 2026
+