AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2026-06-19 · Security-related high

File: AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md

Summary

Updated Aurora PostgreSQL release notes: 1) Changed default value of max_parallel_workers_per_gather to 0 (disabling parallel queries) in PostgreSQL 18.3 compatibility section, 2) Added new patch versions (.4) for PostgreSQL 17, 16, 15, 14, and 13 with security fixes and performance improvements, 3) Corrected date formats across multiple versions

Security assessment

The change documents backported fixes for 11 PostgreSQL CVEs (CVE-2026-6472 through CVE-2026-6638) across multiple Aurora PostgreSQL versions. This provides explicit evidence of addressing known security vulnerabilities. The documentation now includes security bulletin information with direct links to PostgreSQL security advisories.

Diff

diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
index c216eb2a6..105954bd4 100644
--- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
+++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md
@@ -86,0 +87,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 18.3. For more i
+  * The default value of `max_parallel_workers_per_gather` has been changed from 2 to 0, disabling parallel query execution by default. To re-enable parallel queries, modify this parameter in your custom parameter group. For guidance on the parallel query feature, see [Best Practices for Parallel Queries in Aurora PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/PostgreSQL.ParallelQueries.html#PostgreSQL.ParallelQueries.ConfigurationParameters).
+
@@ -389 +391,3 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.7. For more i
-  * Aurora PostgreSQL 17.7.3, May 29th, 2026
+  * Aurora PostgreSQL 17.7.4, June 9, 2026
+
+  * Aurora PostgreSQL 17.7.3, May 29, 2026
@@ -393 +397 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.7. For more i
-  * Aurora PostgreSQL 17.7.1, January 16th, 2026
+  * Aurora PostgreSQL 17.7.1, January 16, 2026
@@ -400 +404,34 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.7. For more i
-#### Aurora PostgreSQL 17.7.3, May 29th, 2026
+#### Aurora PostgreSQL 17.7.4, June 9, 2026
+
+**High priority enhancements**
+
+  * Fixed an issue with suboptimal B-tree prefetch causing increased I/O wait times.
+
+  * Back-ported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-6472](https://www.postgresql.org/support/security/CVE-2026-6472/)
+
+    * [CVE-2026-6473](https://www.postgresql.org/support/security/CVE-2026-6473/)
+
+    * [CVE-2026-6474](https://www.postgresql.org/support/security/CVE-2026-6474/)
+
+    * [CVE-2026-6475](https://www.postgresql.org/support/security/CVE-2026-6475/)
+
+    * [CVE-2026-6476](https://www.postgresql.org/support/security/CVE-2026-6476/)
+
+    * [CVE-2026-6477](https://www.postgresql.org/support/security/CVE-2026-6477/)
+
+    * [CVE-2026-6478](https://www.postgresql.org/support/security/CVE-2026-6478/)
+
+    * [CVE-2026-6479](https://www.postgresql.org/support/security/CVE-2026-6479/)
+
+    * [CVE-2026-6575](https://www.postgresql.org/support/security/CVE-2026-6575/)
+
+    * [CVE-2026-6637](https://www.postgresql.org/support/security/CVE-2026-6637/)
+
+    * [CVE-2026-6638](https://www.postgresql.org/support/security/CVE-2026-6638/)
+
+
+
+
+#### Aurora PostgreSQL 17.7.3, May 29, 2026
@@ -464 +501 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.7. For more i
-#### Aurora PostgreSQL 17.7.1, January 16th, 2026
+#### Aurora PostgreSQL 17.7.1, January 16, 2026
@@ -1591 +1628,3 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.11. For more
-  * Aurora PostgreSQL 16.11.3, May 29th, 2026
+  * Aurora PostgreSQL 16.11.4, June 9, 2026
+
+  * Aurora PostgreSQL 16.11.3, May 29, 2026
@@ -1595 +1634 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.11. For more
-  * Aurora PostgreSQL 16.11.1, January 16th, 2026
+  * Aurora PostgreSQL 16.11.1, January 16, 2026
@@ -1602 +1641,34 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.11. For more
-#### Aurora PostgreSQL 16.11.3, May 29th, 2026
+#### Aurora PostgreSQL 16.11.4, June 9, 2026
+
+**High priority enhancements**
+
+  * Fixed an issue with suboptimal B-tree prefetch causing increased I/O wait times.
+
+  * Back-ported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-6472](https://www.postgresql.org/support/security/CVE-2026-6472/)
+
+    * [CVE-2026-6473](https://www.postgresql.org/support/security/CVE-2026-6473/)
+
+    * [CVE-2026-6474](https://www.postgresql.org/support/security/CVE-2026-6474/)
+
+    * [CVE-2026-6475](https://www.postgresql.org/support/security/CVE-2026-6475/)
+
+    * [CVE-2026-6476](https://www.postgresql.org/support/security/CVE-2026-6476/)
+
+    * [CVE-2026-6477](https://www.postgresql.org/support/security/CVE-2026-6477/)
+
+    * [CVE-2026-6478](https://www.postgresql.org/support/security/CVE-2026-6478/)
+
+    * [CVE-2026-6479](https://www.postgresql.org/support/security/CVE-2026-6479/)
+
+    * [CVE-2026-6575](https://www.postgresql.org/support/security/CVE-2026-6575/)
+
+    * [CVE-2026-6637](https://www.postgresql.org/support/security/CVE-2026-6637/)
+
+    * [CVE-2026-6638](https://www.postgresql.org/support/security/CVE-2026-6638/)
+
+
+
+
+#### Aurora PostgreSQL 16.11.3, May 29, 2026
@@ -1666 +1738 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.11. For more
-#### Aurora PostgreSQL 16.11.1, January 16th, 2026
+#### Aurora PostgreSQL 16.11.1, January 16, 2026
@@ -3994 +4066,3 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.15. For more
-  * Aurora PostgreSQL 15.15.3, May 29th, 2026
+  * Aurora PostgreSQL 15.15.4, June 9, 2026
+
+  * Aurora PostgreSQL 15.15.3, May 29, 2026
@@ -3998 +4072 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.15. For more
-  * Aurora PostgreSQL 15.15.1, January 16th, 2026
+  * Aurora PostgreSQL 15.15.1, January 16, 2026
@@ -4005 +4079,34 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.15. For more
-#### Aurora PostgreSQL 15.15.3, May 29th, 2026
+#### Aurora PostgreSQL 15.15.4, June 9, 2026
+
+**High priority enhancements**
+
+  * Fixed an issue with suboptimal B-tree prefetch causing increased I/O wait times.
+
+  * Back-ported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-6472](https://www.postgresql.org/support/security/CVE-2026-6472/)
+
+    * [CVE-2026-6473](https://www.postgresql.org/support/security/CVE-2026-6473/)
+
+    * [CVE-2026-6474](https://www.postgresql.org/support/security/CVE-2026-6474/)
+
+    * [CVE-2026-6475](https://www.postgresql.org/support/security/CVE-2026-6475/)
+
+    * [CVE-2026-6476](https://www.postgresql.org/support/security/CVE-2026-6476/)
+
+    * [CVE-2026-6477](https://www.postgresql.org/support/security/CVE-2026-6477/)
+
+    * [CVE-2026-6478](https://www.postgresql.org/support/security/CVE-2026-6478/)
+
+    * [CVE-2026-6479](https://www.postgresql.org/support/security/CVE-2026-6479/)
+
+    * [CVE-2026-6575](https://www.postgresql.org/support/security/CVE-2026-6575/)
+
+    * [CVE-2026-6637](https://www.postgresql.org/support/security/CVE-2026-6637/)
+
+    * [CVE-2026-6638](https://www.postgresql.org/support/security/CVE-2026-6638/)
+
+
+
+
+#### Aurora PostgreSQL 15.15.3, May 29, 2026
@@ -4069 +4176 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.15. For more
-#### Aurora PostgreSQL 15.15.1, January 16th, 2026
+#### Aurora PostgreSQL 15.15.1, January 16, 2026
@@ -7374 +7481,3 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.20. For more
-  * Aurora PostgreSQL 14.20.3, May 29th, 2026
+  * Aurora PostgreSQL 14.20.4, June 9, 2026
+
+  * Aurora PostgreSQL 14.20.3, May 29, 2026
@@ -7378 +7487 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.20. For more
-  * Aurora PostgreSQL 14.20.1, January 16th, 2026
+  * Aurora PostgreSQL 14.20.1, January 16, 2026
@@ -7385 +7494,34 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.20. For more
-#### Aurora PostgreSQL 14.20.3, May 29th, 2026
+#### Aurora PostgreSQL 14.20.4, June 9, 2026
+
+**High priority enhancements**
+
+  * Fixed an issue with suboptimal B-tree prefetch causing increased I/O wait times.
+
+  * Back-ported fixes for the following PostgreSQL community security issues:
+
+    * [CVE-2026-6472](https://www.postgresql.org/support/security/CVE-2026-6472/)
+
+    * [CVE-2026-6473](https://www.postgresql.org/support/security/CVE-2026-6473/)
+
+    * [CVE-2026-6474](https://www.postgresql.org/support/security/CVE-2026-6474/)
+
+    * [CVE-2026-6475](https://www.postgresql.org/support/security/CVE-2026-6475/)
+
+    * [CVE-2026-6476](https://www.postgresql.org/support/security/CVE-2026-6476/)
+
+    * [CVE-2026-6477](https://www.postgresql.org/support/security/CVE-2026-6477/)
+
+    * [CVE-2026-6478](https://www.postgresql.org/support/security/CVE-2026-6478/)
+
+    * [CVE-2026-6479](https://www.postgresql.org/support/security/CVE-2026-6479/)
+
+    * [CVE-2026-6575](https://www.postgresql.org/support/security/CVE-2026-6575/)
+
+    * [CVE-2026-6637](https://www.postgresql.org/support/security/CVE-2026-6637/)
+
+    * [CVE-2026-6638](https://www.postgresql.org/support/security/CVE-2026-6638/)
+
+
+
+
+#### Aurora PostgreSQL 14.20.3, May 29, 2026
@@ -7449 +7591 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 14.20. For more
-#### Aurora PostgreSQL 14.20.1, January 16th, 2026
+#### Aurora PostgreSQL 14.20.1, January 16, 2026
@@ -11666 +11808,3 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 13.23. For more
-  * Aurora PostgreSQL 13.23.3, May 29th, 2026
+  * Aurora PostgreSQL 13.23.4, June 9, 2026
+
+  * Aurora PostgreSQL 13.23.3, May 29, 2026