PostgreSQL has announced updates for several versions, including 18.1, 17.7, 16.11, 15.15, 14.20, and the older version 13.23, which has now reached its end-of-life status. These updates address over fifty bugs and two critical security vulnerabilities that were reported by users in recent months.
The first significant security issue pertains to the CREATE STATISTICS command, which fails to verify the existence of a schema before attempting to create it, potentially leading to improper security configurations for users. The second major flaw affects the core library (libpq) and involves integer wraparound, which can cause memory mismanagement and application crashes. This vulnerability, identified as CVE-2025-12818, has a CVSS v3.1 score of 5.9, highlighting its severity.
Both vulnerabilities were reported by Aleksey Solovev from Positive Technologies, contributing to enhanced safety for database users. In addition to these critical fixes, the PostgreSQL development team has resolved a multitude of other issues, including specific bugs in version 18 and many applicable across multiple supported releases. Notably, they have addressed problems related to hash right semi-joins, parallel GIN index builds, BRIN indexes, and partitioned tables, ensuring improved stability and preventing memory overconsumption.
Other improvements include ensuring that generated columns are not mistakenly included as part of a table's key, enhancing the accuracy of pg_stat_replication regarding replication lag, and preventing unnecessary shutdowns of WAL receivers during failovers. Additional refinements have been made for developers working with PL/pgSQL, logical replication, and error handling, particularly with Windows sockets and GSSAPI.
Minor fixes have also been implemented, ensuring that NOT NULL constraints for inherited columns are correctly reported during backups and that foreign key constraints maintain proper order during database dumps. Users are encouraged to upgrade to these latest versions for improved security and performance. The new version is available for download, and detailed release notes can be accessed for further information.
Looking ahead, users should consider regular updates and maintenance of their PostgreSQL systems to mitigate risks associated with potential future vulnerabilities and ensure optimal performance of their databases. Keeping abreast of updates and leveraging the community's findings can significantly enhance database reliability and security
The first significant security issue pertains to the CREATE STATISTICS command, which fails to verify the existence of a schema before attempting to create it, potentially leading to improper security configurations for users. The second major flaw affects the core library (libpq) and involves integer wraparound, which can cause memory mismanagement and application crashes. This vulnerability, identified as CVE-2025-12818, has a CVSS v3.1 score of 5.9, highlighting its severity.
Both vulnerabilities were reported by Aleksey Solovev from Positive Technologies, contributing to enhanced safety for database users. In addition to these critical fixes, the PostgreSQL development team has resolved a multitude of other issues, including specific bugs in version 18 and many applicable across multiple supported releases. Notably, they have addressed problems related to hash right semi-joins, parallel GIN index builds, BRIN indexes, and partitioned tables, ensuring improved stability and preventing memory overconsumption.
Other improvements include ensuring that generated columns are not mistakenly included as part of a table's key, enhancing the accuracy of pg_stat_replication regarding replication lag, and preventing unnecessary shutdowns of WAL receivers during failovers. Additional refinements have been made for developers working with PL/pgSQL, logical replication, and error handling, particularly with Windows sockets and GSSAPI.
Minor fixes have also been implemented, ensuring that NOT NULL constraints for inherited columns are correctly reported during backups and that foreign key constraints maintain proper order during database dumps. Users are encouraged to upgrade to these latest versions for improved security and performance. The new version is available for download, and detailed release notes can be accessed for further information.
Looking ahead, users should consider regular updates and maintenance of their PostgreSQL systems to mitigate risks associated with potential future vulnerabilities and ensure optimal performance of their databases. Keeping abreast of updates and leveraging the community's findings can significantly enhance database reliability and security
PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 released
PostgreSQL has released updates for versions 18.1, 17.7, 16.11, 15.15, 14.20, and even the older end-of-life version 13.23. These updates fix over fifty bugs and two serious security flaws identified by users in recent months. The security issues include a vulnerability in the CREATE STATISTICS command that could lead to an incorrect security setup for other users and a critical bug affecting PostgreSQL's core library that could cause memory mismanagement and crashes. The new version also includes various other improvements and fixes, such as stabilizing BRIN indexes and partitioned tables, and addressing potential memory leaks in PL/Python functions.
PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 released @ Linux Compatible
