AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2026-05-10 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md

Summary

Added release notes for Aurora PostgreSQL versions 17.4.6, 16.8.6, 15.12.6, and 14.17.6 documenting critical stability fixes, security patches, and general enhancements.

Security assessment

The change explicitly documents fixes for six PostgreSQL community CVEs (CVE-2026-2003 to CVE-2026-2007, CVE-2026-3172) and includes a security-specific fix for babelfish_set_role permission validation. These directly address known security vulnerabilities.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
index 308d03d37..ebbb041b1 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
@@ -941,0 +942,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.4. For more i
+  * Aurora PostgreSQL 17.4.6, May 07, 2026
+
@@ -954,0 +957,58 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.4. For more i
+#### Aurora PostgreSQL 17.4.6, May 07, 2026
+
+**Critical stability enhancements**
+
+  * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability.
+
+  * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-2003](https://nvd.nist.gov/vuln/detail/CVE-2026-2003).
+
+    * [CVE-2026-2004](https://nvd.nist.gov/vuln/detail/CVE-2026-2004).
+
+    * [CVE-2026-2005](https://nvd.nist.gov/vuln/detail/CVE-2026-2005).
+
+    * [CVE-2026-2006](https://nvd.nist.gov/vuln/detail/CVE-2026-2006).
+
+    * [CVE-2026-2007](https://nvd.nist.gov/vuln/detail/CVE-2026-2007).
+
+    * [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172).
+
+  * Fixed a bug in Query Plan Management that prevented plan capture.
+
+  * Fixed a bug in the Aurora Storage Daemon that could cause database unavailability in rare cases when enhanced logical replication is enabled.
+
+  * Fixed an issue that can result in reader crash during catching up with the writer instance
+
+  * Fixed an issue in cache initialization that could cause database unavailability during startup.
+
+  * Fixed an issue where global databases planned switchover operations could become unresponsive while waiting for storage volume growth to complete.
+
+
+
+
+**Security enhancements**
+
+  * Fixed a bug in the babelfish_set_role function that improved permission validation when setting roles.
+
+
+
+
+**General enhancements**
+
+  * Fixed an issue to reduce CPU overhead while establishing Encryption in Transit between the database engine and the storage layer.
+
+  * Fixed an issue where correlated any transform could return an error message 'failed to build any 3-way joins' during transformation.
+
+  * Fixed an issue where ALTER FUNCTION could fail with "routine name is not unique".
+
+
+
+
@@ -2031,0 +2092,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.8. For more i
+  * Aurora PostgreSQL 16.8.6, May 07, 2026
+
@@ -2044,0 +2107,58 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.8. For more i
+#### Aurora PostgreSQL 16.8.6, May 07, 2026
+
+**Critical stability enhancements**
+
+  * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability.
+
+  * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-2003](https://nvd.nist.gov/vuln/detail/CVE-2026-2003).
+
+    * [CVE-2026-2004](https://nvd.nist.gov/vuln/detail/CVE-2026-2004).
+
+    * [CVE-2026-2005](https://nvd.nist.gov/vuln/detail/CVE-2026-2005).
+
+    * [CVE-2026-2006](https://nvd.nist.gov/vuln/detail/CVE-2026-2006).
+
+    * [CVE-2026-2007](https://nvd.nist.gov/vuln/detail/CVE-2026-2007).
+
+    * [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172).
+
+  * Fixed a bug in Query Plan Management that prevented plan capture.
+
+  * Fixed a bug in the Aurora Storage Daemon that could cause database unavailability in rare cases when enhanced logical replication is enabled.
+
+  * Fixed an issue that can result in reader crash during catching up with the writer instance
+
+  * Fixed an issue in cache initialization that could cause database unavailability during startup.
+
+  * Fixed an issue where global databases planned switchover operations could become unresponsive while waiting for storage volume growth to complete.
+
+
+
+
+**Security enhancements**
+
+  * Fixed a bug in the babelfish_set_role function that improved permission validation when setting roles.
+
+
+
+
+**General enhancements**
+
+  * Fixed an issue to reduce CPU overhead while establishing Encryption in Transit between the database engine and the storage layer.
+
+  * Fixed an issue where correlated any transform could return an error message 'failed to build any 3-way joins' during transformation.
+
+  * Fixed an issue where ALTER FUNCTION could fail with "routine name is not unique".
+
+
+
+
@@ -4292,0 +4413,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.12. For more
+  * Aurora PostgreSQL 15.12.6, May 07, 2026
+
@@ -4305,0 +4428,58 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.12. For more
+#### Aurora PostgreSQL 15.12.6, May 07, 2026
+
+**Critical stability enhancements**
+
+  * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability.
+
+  * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover.
+
+
+
+
+**High priority enhancements**
+
+  * Backported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-2003](https://nvd.nist.gov/vuln/detail/CVE-2026-2003).
+
+    * [CVE-2026-2004](https://nvd.nist.gov/vuln/detail/CVE-2026-2004).
+
+    * [CVE-2026-2005](https://nvd.nist.gov/vuln/detail/CVE-2026-2005).
+
+    * [CVE-2026-2006](https://nvd.nist.gov/vuln/detail/CVE-2026-2006).
+
+    * [CVE-2026-2007](https://nvd.nist.gov/vuln/detail/CVE-2026-2007).
+
+    * [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172).
+
+  * Fixed a bug in Query Plan Management that prevented plan capture.
+
+  * Fixed a bug in the Aurora Storage Daemon that could cause database unavailability in rare cases when enhanced logical replication is enabled.
+
+  * Fixed an issue that can result in reader crash during catching up with the writer instance
+
+  * Fixed an issue in cache initialization that could cause database unavailability during startup.
+
+  * Fixed an issue where global databases planned switchover operations could become unresponsive while waiting for storage volume growth to complete.
+
+
+
+
+**Security enhancements**
+
+  * Fixed a bug in the babelfish_set_role function that improved permission validation when setting roles.
+
+
+
+
+**General enhancements**
+
+  * Fixed an issue to reduce CPU overhead while establishing Encryption in Transit between the database engine and the storage layer.
+
+  * Fixed an issue where correlated any transform could return an error message 'failed to build any 3-way joins' during transformation.
+
+  * Fixed an issue where ALTER FUNCTION could fail with "routine name is not unique".
+
+
+
+
@@ -7558,0 +7739,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.17. For more
+  * Aurora PostgreSQL 14.17.6, May 07, 2026
+
@@ -7571,0 +7754,58 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.17. For more
+#### Aurora PostgreSQL 14.17.6, May 07, 2026
+
+**Critical stability enhancements**
+
+  * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability.
+