AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2026-02-22 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md

Summary

Added release notes for Aurora PostgreSQL 15.12.5 including fixes for CVE-2025-12817 and CVE-2025-12818

Security assessment

Explicitly documents fixes for two CVEs (CVE-2025-12817 and CVE-2025-12818), indicating security vulnerability remediation.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
index 0a838b1eb..e552eb64e 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
@@ -3657,0 +3658,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.12. For more
+  * Aurora PostgreSQL 15.12.5, February 19, 2026
+
@@ -3668,0 +3671,43 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.12. For more
+#### Aurora PostgreSQL 15.12.5, February 19, 2026
+
+**Critical stability enhancements**
+
+  * Fixed an issue that could cause garbage collection to get blocked on a change data capture (CDC) volume.
+
+  * Fix an issue which could trigger a race in change data capture (CDC) volume expansion.
+
+  * Process cleanup improvements during zero downtime patching to ensure that all database processes are properly terminated, preventing shutdown stalls and improving zero downtime patching success.
+
+  * Fixed a database shutdown issue which could cause major version upgrade to fail.
+
+  * Fixed an Issue that could cause readers to restart or readers cannot perform read operations due to missing storage segments.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2025-12817](https://nvd.nist.gov/vuln/detail/CVE-2025-12817).
+
+    * [CVE-2025-12818](https://nvd.nist.gov/vuln/detail/CVE-2025-12818).
+
+  * Fixed an issue which could cause a restart during the start of logical replication data synchronization.
+
+  * Fixed an issue where premature status updates during zero downtime patching could cause unnecessary failures by ensuring proper synchronization with server startup.
+
+  * Fixes crashes and/or intermittent errors when a procedure variable is assigned to itself.
+
+  * Fixed an issue with the cleanup of files created by NOTIFY channels, which could lead to high local storage usage.
+
+
+
+
+**General enhancements**
+
+  * Fixed IMDS throttling issues by reducing IMDS requests for region related information.
+
+
+
+