AWS AmazonRDS high security documentation change
Summary
Added new Aurora PostgreSQL versions (17.7.2, 16.11.2, 15.15.2, 14.20.2, 13.23.2) with critical stability fixes, backported security patches for multiple CVEs, security enhancements, and deprecated PostgreSQL 13 versions.
Security assessment
The update includes backported fixes for multiple CVEs (CVE-2026-2003 to CVE-2026-3172), addresses a buffer overflow vulnerability in the logging utility (potential DoS), resolves Active Directory authentication issues causing database unavailability (DoS risk), and improves permission validation in babelfish_set_role. These changes directly address security vulnerabilities and document security features.
Diff
diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md index 2abd846f8..246623f86 100644 --- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md +++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md @@ -239,0 +240,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.7. For more i + * Aurora PostgreSQL 17.7.2, March 20, 2026 + @@ -246,0 +249,57 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.7. For more i +#### Aurora PostgreSQL 17.7.2, March 20, 2026 + +**Critical stability enhancements** + + * Babelfish cross-database queries now respect dynamic data masking policies, displaying tables with masked data based on policies defined for the current login. + + * Fixed an issue where executing queries from PostgreSQL endpoint on instances with Active Directory Authentication enabled could result in database unavailability. + + * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability. + + * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover. + + + + +**High priority enhancements** + + * Backported fixes for the following PostgreSQL community security issues: + + * [CVE-2026-2003](https://nvd.nist.gov/vuln/detail/CVE-2026-2003). + + * [CVE-2026-2004](https://nvd.nist.gov/vuln/detail/CVE-2026-2004). + + * [CVE-2026-2005](https://nvd.nist.gov/vuln/detail/CVE-2026-2005). + + * [CVE-2026-2006](https://nvd.nist.gov/vuln/detail/CVE-2026-2006). + + * [CVE-2026-2007](https://nvd.nist.gov/vuln/detail/CVE-2026-2007). + + * [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172). + + * Fixed a bug in Query Plan Management that prevented plan capture. + + * Fixed a bug in the Aurora Storage Daemon that could cause database unavailability in rare cases when enhanced logical replication is enabled. + + * Fixed an issue in nested procedure calls that could lead to temporary table cleanup failures and parser errors. + + * Fixed an issue where file handlers could remain improperly allocated after a major version upgrade. + + * Fixed an issue where databases could run out of memory due to excessive storage metadata in rare circumstances. + + * Fixed a bug in the logging utility that could cause database unavailability due to buffer overflow in rare circumstances. + + * Fixed an issue in cache initialization that could cause database unavailability during startup. + + * Fixed an issue where global databases planned switchover operations could become unresponsive while waiting for storage volume growth to complete. + + + + +**Security enhancements** + + * Fixed a bug in the babelfish_set_role function that improved permission validation when setting roles. + + + + @@ -1108,0 +1168,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.11. For more + * Aurora PostgreSQL 16.11.2, March 20, 2026 + @@ -1115,0 +1177,57 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.11. For more +#### Aurora PostgreSQL 16.11.2, March 20, 2026 + +**Critical stability enhancements** + + * Babelfish cross-database queries now respect dynamic data masking policies, displaying tables with masked data based on policies defined for the current login. + + * Fixed an issue where executing queries from PostgreSQL endpoint on instances with Active Directory Authentication enabled could result in database unavailability. + + * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability. + + * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover. + + + + +**High priority enhancements** + + * Backported fixes for the following PostgreSQL community security issues: + + * [CVE-2026-2003](https://nvd.nist.gov/vuln/detail/CVE-2026-2003). + + * [CVE-2026-2004](https://nvd.nist.gov/vuln/detail/CVE-2026-2004). + + * [CVE-2026-2005](https://nvd.nist.gov/vuln/detail/CVE-2026-2005). + + * [CVE-2026-2006](https://nvd.nist.gov/vuln/detail/CVE-2026-2006). + + * [CVE-2026-2007](https://nvd.nist.gov/vuln/detail/CVE-2026-2007). + + * [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172). + + * Fixed a bug in Query Plan Management that prevented plan capture. + + * Fixed a bug in the Aurora Storage Daemon that could cause database unavailability in rare cases when enhanced logical replication is enabled. + + * Fixed an issue in nested procedure calls that could lead to temporary table cleanup failures and parser errors. + + * Fixed an issue where file handlers could remain improperly allocated after a major version upgrade. + + * Fixed an issue where databases could run out of memory due to excessive storage metadata in rare circumstances. + + * Fixed a bug in the logging utility that could cause database unavailability due to buffer overflow in rare circumstances. + + * Fixed an issue in cache initialization that could cause database unavailability during startup. + + * Fixed an issue where global databases planned switchover operations could become unresponsive while waiting for storage volume growth to complete. + + + + +**Security enhancements** + + * Fixed a bug in the babelfish_set_role function that improved permission validation when setting roles. + + + + @@ -3178,0 +3297,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.15. For more + * Aurora PostgreSQL 15.15.2, March 20, 2026 + @@ -3185,0 +3306,57 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.15. For more +#### Aurora PostgreSQL 15.15.2, March 20, 2026 + +**Critical stability enhancements** + + * Babelfish cross-database queries now respect dynamic data masking policies, displaying tables with masked data based on policies defined for the current login. + + * Fixed an issue where executing queries from PostgreSQL endpoint on instances with Active Directory Authentication enabled could result in database unavailability. + + * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability. + + * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover. + + + + +**High priority enhancements** + + * Backported fixes for the following PostgreSQL community security issues: + + * [CVE-2026-2003](https://nvd.nist.gov/vuln/detail/CVE-2026-2003). + + * [CVE-2026-2004](https://nvd.nist.gov/vuln/detail/CVE-2026-2004). + + * [CVE-2026-2005](https://nvd.nist.gov/vuln/detail/CVE-2026-2005). + + * [CVE-2026-2006](https://nvd.nist.gov/vuln/detail/CVE-2026-2006). + + * [CVE-2026-2007](https://nvd.nist.gov/vuln/detail/CVE-2026-2007). + + * [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172). + + * Fixed a bug in Query Plan Management that prevented plan capture. + + * Fixed a bug in the Aurora Storage Daemon that could cause database unavailability in rare cases when enhanced logical replication is enabled. + + * Fixed an issue in nested procedure calls that could lead to temporary table cleanup failures and parser errors. + + * Fixed an issue where file handlers could remain improperly allocated after a major version upgrade. + + * Fixed an issue where databases could run out of memory due to excessive storage metadata in rare circumstances. + + * Fixed a bug in the logging utility that could cause database unavailability due to buffer overflow in rare circumstances. + + * Fixed an issue in cache initialization that could cause database unavailability during startup. + + * Fixed an issue where global databases planned switchover operations could become unresponsive while waiting for storage volume growth to complete. + + + + +**Security enhancements** + + * Fixed a bug in the babelfish_set_role function that improved permission validation when setting roles. + + + + @@ -6223,0 +6401,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.20. For more + * Aurora PostgreSQL 14.20.2, March 20, 2026 + @@ -6230,0 +6410,57 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.20. For more +#### Aurora PostgreSQL 14.20.2, March 20, 2026 + +**Critical stability enhancements** + + * Babelfish cross-database queries now respect dynamic data masking policies, displaying tables with masked data based on policies defined for the current login. + + * Fixed an issue where executing queries from PostgreSQL endpoint on instances with Active Directory Authentication enabled could result in database unavailability. + + * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability.