AWS AmazonRDS high security documentation change
Summary
Added release notes for Aurora PostgreSQL versions 17.5.5, 16.9.5, 15.13.5, and 14.18.5 (all dated June 12, 2026) including critical stability fixes, high priority enhancements with security backports, security enhancements, and general improvements.
Security assessment
The change explicitly documents backported fixes for 15 PostgreSQL CVEs (CVE-2026-2003 through CVE-2026-6638) and includes a security enhancement for improved permission validation in babelfish_set_role. These directly reference security vulnerabilities and security controls.
Diff
diff --git a/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md b/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md index 3bb2459d7..ba8284d51 100644 --- a//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md +++ b//AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.md @@ -837,0 +838,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.5. For more i + * Aurora PostgreSQL 17.5.5, June 12, 2026 + @@ -850,0 +853,84 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 17.5. For more i +#### Aurora PostgreSQL 17.5.5, June 12, 2026 + +**Critical stability enhancements** + + * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability. + + * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover. + + + + +**High priority enhancements** + + * Fixed an issue with suboptimal B-tree prefetch causing increased I/O wait times. + + * Backported fixes for the following PostgreSQL community security issues: + + * [CVE-2026-2003](https://nvd.nist.gov/vuln/detail/CVE-2026-2003). + + * [CVE-2026-2004](https://nvd.nist.gov/vuln/detail/CVE-2026-2004). + + * [CVE-2026-2005](https://nvd.nist.gov/vuln/detail/CVE-2026-2005). + + * [CVE-2026-2006](https://nvd.nist.gov/vuln/detail/CVE-2026-2006). + + * [CVE-2026-2007](https://nvd.nist.gov/vuln/detail/CVE-2026-2007). + + * [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172). + + * [CVE-2026-6472](https://nvd.nist.gov/vuln/detail/CVE-2026-6472/) + + * [CVE-2026-6473](https://nvd.nist.gov/vuln/detail/CVE-2026-6473/) + + * [CVE-2026-6474](https://nvd.nist.gov/vuln/detail/CVE-2026-6474/) + + * [CVE-2026-6475](https://nvd.nist.gov/vuln/detail/CVE-2026-6475/) + + * [CVE-2026-6476](https://nvd.nist.gov/vuln/detail/CVE-2026-6476/) + + * [CVE-2026-6477](https://nvd.nist.gov/vuln/detail/CVE-2026-6477/) + + * [CVE-2026-6478](https://nvd.nist.gov/vuln/detail/CVE-2026-6478/) + + * [CVE-2026-6479](https://nvd.nist.gov/vuln/detail/CVE-2026-6479/) + + * [CVE-2026-6575](https://nvd.nist.gov/vuln/detail/CVE-2026-6575/) + + * [CVE-2026-6637](https://nvd.nist.gov/vuln/detail/CVE-2026-6637/) + + * [CVE-2026-6638](https://nvd.nist.gov/vuln/detail/CVE-2026-6638/) + + * Fixed a bug in Query Plan Management that prevented plan capture. + + * Fixed a bug in the Aurora Storage Daemon that could cause database unavailability in rare cases when enhanced logical replication is enabled. + + * Fixed an issue that can result in reader crash during catching up with the writer instance. + + * Fixed an issue in cache initialization that could cause database unavailability during startup. + + * Fixed an issue where global databases planned switchover operations could become unresponsive while waiting for storage volume growth to complete. + + + + +**Security enhancements** + + * Fixed a bug in the babelfish_set_role function that improved permission validation when setting roles. + + + + +**General enhancements** + + * Fixed an issue to reduce CPU overhead while establishing Encryption in Transit between the database engine and the storage layer. + + * Fixed improper handling of empty response during connection loss with storage nodes. + + * Fixed an issue where correlated any transform could return an error message 'failed to build any 3-way joins' during transformation. + + * Fixed an issue where ALTER FUNCTION could fail with "routine name is not unique". + + + + @@ -2111,0 +2198,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.9. For more i + * Aurora PostgreSQL 16.9.5, June 12, 2026 + @@ -2124,0 +2213,84 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 16.9. For more i +#### Aurora PostgreSQL 16.9.5, June 12, 2026 + +**Critical stability enhancements** + + * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability. + + * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover. + + + + +**High priority enhancements** + + * Fixed an issue with suboptimal B-tree prefetch causing increased I/O wait times. + + * Backported fixes for the following PostgreSQL community security issues: + + * [CVE-2026-2003](https://nvd.nist.gov/vuln/detail/CVE-2026-2003). + + * [CVE-2026-2004](https://nvd.nist.gov/vuln/detail/CVE-2026-2004). + + * [CVE-2026-2005](https://nvd.nist.gov/vuln/detail/CVE-2026-2005). + + * [CVE-2026-2006](https://nvd.nist.gov/vuln/detail/CVE-2026-2006). + + * [CVE-2026-2007](https://nvd.nist.gov/vuln/detail/CVE-2026-2007). + + * [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172). + + * [CVE-2026-6472](https://nvd.nist.gov/vuln/detail/CVE-2026-6472/) + + * [CVE-2026-6473](https://nvd.nist.gov/vuln/detail/CVE-2026-6473/) + + * [CVE-2026-6474](https://nvd.nist.gov/vuln/detail/CVE-2026-6474/) + + * [CVE-2026-6475](https://nvd.nist.gov/vuln/detail/CVE-2026-6475/) + + * [CVE-2026-6476](https://nvd.nist.gov/vuln/detail/CVE-2026-6476/) + + * [CVE-2026-6477](https://nvd.nist.gov/vuln/detail/CVE-2026-6477/) + + * [CVE-2026-6478](https://nvd.nist.gov/vuln/detail/CVE-2026-6478/) + + * [CVE-2026-6479](https://nvd.nist.gov/vuln/detail/CVE-2026-6479/) + + * [CVE-2026-6575](https://nvd.nist.gov/vuln/detail/CVE-2026-6575/) + + * [CVE-2026-6637](https://nvd.nist.gov/vuln/detail/CVE-2026-6637/) + + * [CVE-2026-6638](https://nvd.nist.gov/vuln/detail/CVE-2026-6638/) + + * Fixed a bug in Query Plan Management that prevented plan capture. + + * Fixed a bug in the Aurora Storage Daemon that could cause database unavailability in rare cases when enhanced logical replication is enabled. + + * Fixed an issue that can result in reader crash during catching up with the writer instance. + + * Fixed an issue in cache initialization that could cause database unavailability during startup. + + * Fixed an issue where global databases planned switchover operations could become unresponsive while waiting for storage volume growth to complete. + + + + +**Security enhancements** + + * Fixed a bug in the babelfish_set_role function that improved permission validation when setting roles. + + + + +**General enhancements** + + * Fixed an issue to reduce CPU overhead while establishing Encryption in Transit between the database engine and the storage layer. + + * Fixed improper handling of empty response during connection loss with storage nodes. + + * Fixed an issue where correlated any transform could return an error message 'failed to build any 3-way joins' during transformation. + + * Fixed an issue where ALTER FUNCTION could fail with "routine name is not unique". + + + + @@ -4556,0 +4729,2 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.13. For more + * Aurora PostgreSQL 15.13.5, June 12, 2026 + @@ -4569,0 +4744,84 @@ This release of Aurora PostgreSQL is compatible with PostgreSQL 15.13. For more +#### Aurora PostgreSQL 15.13.5, June 12, 2026 + +**Critical stability enhancements** + + * Fixed a bug in the aws_s3 extension which, in rare circumstances, can cause database unavailability. + + * Fixed an issue where read nodes may restart when attempting to connect to the new write node following a failover. + + + + +**High priority enhancements** + + * Fixed an issue with suboptimal B-tree prefetch causing increased I/O wait times. + + * Backported fixes for the following PostgreSQL community security issues: