AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2026-04-10 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md

Summary

Added release notes for Aurora PostgreSQL versions 17.9, 16.13, 15.17, and 14.22, including new features, stability enhancements, and security fixes for multiple CVEs.

Security assessment

The changes explicitly mention back-ported fixes for PostgreSQL community security issues (CVE-2026-2003 to CVE-2026-2007). This is direct evidence of addressing security vulnerabilities. The other changes are stability and performance improvements, but the security fixes are the primary security-related content.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
index 246623f86..eb57ab32f 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
@@ -220,0 +221,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 18.1. For more i
+  * PostgreSQL 17.9
+
@@ -233,0 +236,105 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 18.1. For more i
+### PostgreSQL 17.9
+
+This release of Aurora PostgreSQL is compatible with PostgreSQL 17.9. For more information about the improvements in PostgreSQL 17.9, see [PostgreSQL release 17.9](https://www.postgresql.org/docs/17/release-17-9.html).
+
+###### Releases and patches
+
+  * Aurora PostgreSQL 17.9, April 6, 2026
+
+
+
+
+#### Aurora PostgreSQL 17.9, April 6, 2026
+
+**New features**
+
+  * Enhanced Aurora patch version upgrades to minimize downtime through reliable, simplified connection transfer and accelerated connection restoration.
+
+
+
+
+**Critical stability enhancements**
+
+  * Fixed an issue which can lead to an unnecessary storage checkpoint during database startup leading to prolonged database startup time.
+
+  * Fixed a race condition that could prevents failovers from completing to intended failover target.
+
+  * Fixed a timing condition in the aws_s3 extension which, in rare cases, can cause database unavailability.
+
+  * Fixed an issue that may cause non-failover target reader instances to restart when they attempt to connect to the new writer instance following a failover.
+
+
+
+
+**High priority enhancements**
+
+  * Fixed an issue in cache initialization that could cause a crash during database startup..
+
+  * Fixed an issue in the Aurora Storage Daemon that could lead to brief periods of availability when enhanced logical replication is enabled.
+
+  * Fixed an issue in global databases planned switchover that would cause the switchover to be stuck waiting for a volume growth.
+
+  * Back-ported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-2003](https://www.postgresql.org/support/security/CVE-2026-2003/)
+
+    * [CVE-2026-2004](https://www.postgresql.org/support/security/CVE-2026-2004/)
+
+    * [CVE-2026-2005](https://www.postgresql.org/support/security/CVE-2026-2005/)
+
+    * [CVE-2026-2006](https://www.postgresql.org/support/security/CVE-2026-2006/)
+
+    * [CVE-2026-2007](https://www.postgresql.org/support/security/CVE-2026-2007/)
+
+
+
+
+**General enhancements**
+
+  * Updated the following extensions:
+
+    * aws_s3 to version 2.0.
+
+    * pg_bigm to version 1.2_20250903.
+
+    * pg_hint_plan to version 1.7.1.
+
+    * tds_fdw to version 2.0.5.
+
+    * mysql_fdw to version REL-2_9_3.
+
+    * pg_cron to version 1.6.7.
+
+    * orafce to version 4.16.3.
+
+    * hypopg to version 1.4.2.
+
+    * pglogical to version 2.4.6.
+
+    * pgvector to version 0.8.1.
+
+    * pg_repack to version 1.5.3.
+
+    * oracle_fdw to version 2.8.0.
+
+  * Fixed small memory leaks during database startup and replication.
+
+  * Fixed an issue that could cause file handles to not be properly released after upgrade.
+
+  * Fixed max_wal_size configuration to properly trigger a checkpoint if WAL produced since the prior checkpoint exceeds the parameter value.
+
+  * Improved Aurora Replica availability by reducing buffer cache contention during write-ahead-log replay.
+
+  * Fixed an issue where the pg_hint_plan SET hint cannot set GUCs marked as PGC_RDSSUSET.
+
+  * Fixed an issue in the orafce extension which, in rare cases, can cause database unavailability.
+
+  * Fixed ANALYZE operations to work correctly on tables containing large LOB data.
+
+  * Fixed an issue where infinite recursion within a plv8 procedure could cause database unavailability.
+
+  * Fixed an issue where ALTER FUNCTION could fail with "routine name is not unique".
+
+
+
+
@@ -1140,0 +1248,2 @@ In addition, Aurora PostgreSQL doesn't support writebacks and sync operations si
+  * PostgreSQL 16.13
+
@@ -1161,0 +1271,105 @@ In addition, Aurora PostgreSQL doesn't support writebacks and sync operations si
+### PostgreSQL 16.13
+
+This release of Aurora PostgreSQL is compatible with PostgreSQL 16.13. For more information about the improvements in PostgreSQL 16.13, see [PostgreSQL release 16.13](https://www.postgresql.org/docs/16/release-16-13.html).
+
+###### Releases and patches
+
+  * Aurora PostgreSQL 16.13, April 6, 2026
+
+
+
+
+#### Aurora PostgreSQL 16.13, April 6, 2026
+
+**New features**
+
+  * Enhanced Aurora patch version upgrades to minimize downtime through reliable, simplified connection transfer and accelerated connection restoration.
+
+
+
+
+**Critical stability enhancements**
+
+  * Fixed an issue which can lead to an unnecessary storage checkpoint during database startup leading to prolonged database startup time.
+
+  * Fixed a race condition that could prevents failovers from completing to intended failover target.
+
+  * Fixed a timing condition in the aws_s3 extension which, in rare cases, can cause database unavailability.
+
+  * Fixed an issue that may cause non-failover target reader instances to restart when they attempt to connect to the new writer instance following a failover.
+
+
+
+
+**High priority enhancements**
+
+  * Fixed an issue in cache initialization that could cause a crash during database startup..
+
+  * Fixed an issue in the Aurora Storage Daemon that could lead to brief periods of availability when enhanced logical replication is enabled.
+
+  * Fixed an issue in global databases planned switchover that would cause the switchover to be stuck waiting for a volume growth.
+
+  * Back-ported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-2003](https://www.postgresql.org/support/security/CVE-2026-2003/)
+
+    * [CVE-2026-2004](https://www.postgresql.org/support/security/CVE-2026-2004/)
+
+    * [CVE-2026-2005](https://www.postgresql.org/support/security/CVE-2026-2005/)
+
+    * [CVE-2026-2006](https://www.postgresql.org/support/security/CVE-2026-2006/)
+
+    * [CVE-2026-2007](https://www.postgresql.org/support/security/CVE-2026-2007/)
+
+
+
+
+**General enhancements**
+
+  * Updated the following extensions:
+
+    * aws_s3 to version 2.0.
+
+    * pg_bigm to version 1.2_20250903.
+
+    * pg_hint_plan to version 1.6.2.
+
+    * tds_fdw to version 2.0.5.
+
+    * mysql_fdw to version REL-2_9_3.
+
+    * pg_cron to version 1.6.7.
+
+    * orafce to version 4.16.3.
+
+    * hypopg to version 1.4.2.
+
+    * pglogical to version 2.4.6.
+
+    * pgvector to version 0.8.1.
+
+    * pg_repack to version 1.5.3.
+
+    * oracle_fdw to version 2.8.0.