PostgreSQL has announced an update for all supported versions, which includes 17.5, 16.9, 15.13, 14.18, and 13.21. The update addresses one security vulnerability and resolves more than 60 reported bugs from the past few months. PostgreSQL 13 will cease to receive updates on November 13, 2025, and users are advised to prepare for an upgrade to a more current, supported version.

The update fixes important problems, such as handling self-referential foreign keys in partitioned tables, avoiding data loss with BRIN bloom indexes, making sure the MERGE operation works correctly with DO NOTHING actions in partitioned tables, stopping failures in INSERT commands, and fixing issues with casts in JSON constructor expressions. The update addresses enhancements in the query planner, resolves performance issues related to GIN index search startup, and improves I/O statistics for active WAL senders.

The update fixes problems with logical replication, such as handling vacuum for deleted rows, which helps avoid data loss when changing the schema without a strong lock. Additionally, it enhances the scheduling of parallel reindex operations in reindexdb. The update includes revisions to time zone files, aligning with tzdata release 2025b. This release encompasses adjustments for daylight saving time regulations in Chile, historical corrections pertaining to Iran, and the introduction of a new time zone, America/Coyhaique, for the Aysén Region of Chile.

All PostgreSQL update releases are cumulative, and users are not obligated to dump and reload their database or utilize pg_upgrade to implement the update release.

PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 Released!

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.5, 16.9, 15.13, 14.18, and 13.21. This release fixes 1 security vulnerability and over 60 bugs reported over the last several months.

For the full list of changes, please review the  release notes.

PostgreSQL 13 EOL Notice

PostgreSQL 13 will stop receiving fixes on November 13, 2025. If you are running PostgreSQL 13 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our  versioning policy for more information.

Security Issues

CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

CVSS v3.1 Base Score:  5.9

Supported, Vulnerable Versions: 13 - 17.

A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Bug Fixes and Improvements

This update fixes over 60 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

• Handle self-referential foreign keys on partitioned tables correctly. Creating or attaching partitions failed to make the required catalog entries for a foreign-key constraint if the table referenced by the constraint was the same partitioned table. This resulted in failure to enforce the constraint fully. To fix this, please see the instructions in the "Updating" section.
• Fix for potential data loss issue when using BRIN bloom indexes (e.g. using the date_bloom_ops operator class).
• Fix  MERGE into a partitioned table with DO NOTHING actions.
• Prevent failure in  INSERT commands when the table has a  GENERATED column of a  domain type and the domain's constraints disallow NULL values.
• Fix  ALTER TABLE .. ADD COLUMN to correctly handle the case of a  domain type that has its own default value and the DEFAULT for the column is not set.
• Fix issues when performing casts within the keys of JSON constructor expressions.
• Fix  XMLSERIALIZE() so that the INDENT option is correctly dumped out when it's present in views or rules. This was noticeable on restores.
• Several query planner fixes, including avoiding a premature evaluation of arguments in an aggregate function that has both FILTER and either ORDER BY or DISTINCT clauses that could lead to unnecessary failures.
• Fix for potentially returning incorrect results when a bitmap scan without output columns is executed while vacuum is also running on the same table.
• Fix performance issues in GIN index search startup when there are many search keys, for example, jsonbcol ?| array[...] with tens of thousands of array elements.
• Ensure that I/O statistics of active WAL senders are reported within at most one second.
• Fix race condition in handling of  synchronous_standby_names immediately after startup, where a backend might fail to wait for a synchronous commit.
• Avoid infinite loop if  scram_iterations is set to INT_MAX.
• Several fixes for logical replication, including handling of vacuum around deleted rows that are still required for logical decoding.
• Prevent potential data loss when schema modification operations (DDL) that don't take a strong lock affect tables that are being logically replicated.
• Prevent issues in logical replication that could allow duplicate data to be applied due to apply worker error handling.
• Improve how  reindexdb handles scheduling parallel reindex operations to achieve the expected amount of parallelism.

This release also updates time zone data files to tzdata release 2025b for DST law changes in Chile, plus historical corrections for Iran. Additionally, there is a new time zone America/Coyhaique for Chile's Aysén Region, to account for it changing to UTC-03 year-round, which diverges from America/Santiago.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

If you created a self-referential foreign key on a partitioned table, after updating, you should drop and recreate any of these self-referential foreign keys if partitions have been created or attached since the constraint was created. There may be rows in the partition that violate this constraint, in which case recreating the constraint will fail, and you'll need to correct those rows before trying again.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the  release notes.

PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 Released!