changelogly / releases / postgresql-18-4
PG

PostgreSQL 18.4

18.3β†’18.4SecurityBug fixPerformance
πŸ“… May 14, 2026πŸ—‚ DatabasesπŸ“¦ PostgreSQL β†—πŸ“œ Full changelog β†—
✦ Editor's summary

PostgreSQL 18.4 is a maintenance release that fixes multiple security vulnerabilities, including memory safety, SQL injection, and denial-of-service issues, while delivering dozens of bug fixes across the query planner, replication, indexing, backup tools, and core database engine. No dump/restore is required for users already running PostgreSQL 18.x.

⚠ Security impact
  • Fixes multiple security vulnerabilities, including CVE-2026-6472, CVE-2026-6473, CVE-2026-6479, and CVE-2026-6637.
  • Addresses integer overflow issues that could lead to memory corruption or potential arbitrary code execution.
  • Fixes a denial-of-service vulnerability caused by unbounded recursion in startup packet processing.
  • Resolves SQL injection and buffer overrun vulnerabilities in the contrib/spi module.
  • Strongly recommended for all PostgreSQL 18 deployments.

What's new

  • Updated PostgreSQL to version 18.4.
  • Fixed multiple security vulnerabilities across the database server and bundled components.
  • Improved query planner correctness and index optimization behavior.
  • Resolved issues affecting logical replication, MERGE operations, and partitioned indexes.
  • Fixed memory allocation, integer overflow, and buffer handling issues.
  • Updated timezone data and included numerous stability and reliability improvements.
  • No dump/restore is required when upgrading from PostgreSQL 18.x.

πŸ’¬ Comments (0)

No comments yet.