changelogly / releases / postgresql-18-4
PG
PostgreSQL 18.4
18.3β18.4SecurityBug fixPerformance
β¦ Editor's summary
PostgreSQL 18.4 is a maintenance release that fixes multiple security vulnerabilities, including memory safety, SQL injection, and denial-of-service issues, while delivering dozens of bug fixes across the query planner, replication, indexing, backup tools, and core database engine. No dump/restore is required for users already running PostgreSQL 18.x.
β Security impact
- Fixes multiple security vulnerabilities, including CVE-2026-6472, CVE-2026-6473, CVE-2026-6479, and CVE-2026-6637.
- Addresses integer overflow issues that could lead to memory corruption or potential arbitrary code execution.
- Fixes a denial-of-service vulnerability caused by unbounded recursion in startup packet processing.
- Resolves SQL injection and buffer overrun vulnerabilities in the contrib/spi module.
- Strongly recommended for all PostgreSQL 18 deployments.
What's new
- Updated PostgreSQL to version 18.4.
- Fixed multiple security vulnerabilities across the database server and bundled components.
- Improved query planner correctness and index optimization behavior.
- Resolved issues affecting logical replication, MERGE operations, and partitioned indexes.
- Fixed memory allocation, integer overflow, and buffer handling issues.
- Updated timezone data and included numerous stability and reliability improvements.
- No dump/restore is required when upgrading from PostgreSQL 18.x.
π¬ Comments (0)
No comments yet.