• View downloads
• View release notes

• View downloads
• View release notes

New uNmINeD development snapshot is available for download!

Changes:

• Improved Hytale map colors
• Improved Hytale processing speed
• Added grass tints for Hytale (read from chunk data)
• Added water biome tints for Hytale (read from configuration)
• Added player names for Hytale
• Block name matcher now treats patterns ending in ** specially, the pattern foo** means foo or foo_*
• (GUI) Fixed broken chunk inspector GUI
• (GUI) Fixed broken web export GUI

The Hytale support is still experimental. There may be bugs, crashes, and the map colors are still unfinished.

!!! WARNING !!!

It has not yet been tested whether uNmINeD can be used safely while Hytale is running. Always close Hytale before using uNmINeD to prevent data corruption!

A Hytale world in uNmINeD:

The Extended Stable channel has been updated to 144.0.7559.173 for Windows and Mac which will roll out over the coming days/weeks.

The Chrome team is delighted to announce the promotion of Chrome 145 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 145.0.7632.45 (Linux) 145.0.7632.45/46 Windows/Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 145.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 11 security fixes. Please see the Chrome Security Page for more information.

[$8000][467297219] High CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive), Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive) on 2025-12-09

[N/A][478560268] High CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google on 2026-01-26

[N/A][479242793] High CVE-2026-2315: Inappropriate implementation in WebGPU. Reported by Google on 2026-01-27

[$5000][422531206] Medium CVE-2026-2316: Insufficient policy enforcement in Frames. Reported by Luan Herrera (@lbherrera_) on 2025-06-05

[$2000][464173573] Medium CVE-2026-2317: Inappropriate implementation in Animation. Reported by Brendan Draper on 2025-11-28

[$1000][363930141] Medium CVE-2026-2318: Inappropriate implementation in PictureInPicture. Reported by Shaheen Fazim on 2024-09-02

[$1000][40071155] Medium CVE-2026-2319: Race in DevTools. Reported by Anonymous on 2023-09-01

[TBD][435684924] Medium CVE-2026-2320: Inappropriate implementation in File input. Reported by Alesandro Ortiz on 2025-08-02

[N/A][461877477] Medium CVE-2026-2321: Use after free in Ozone. Reported by Google on 2025-11-18

[$1000][470928605] Low CVE-2026-2322: Inappropriate implementation in File input. Reported by Robbe Van Roey | PinkDraconian on 2025-12-22

[$500][467442136] Low CVE-2026-2323: Inappropriate implementation in Downloads. Reported by Hafiizh on 2025-12-10

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

 

Bugfixes and minor changes:

• Improved parallelization of concurrent authentication requests to increase performance
• Don't complain about missing or empty configuration files when reloading the configuration. Default values will be used in that case.
• Fix Let's Encrypt® well-known path normalization to preserve native format.
• FTP: Fixed a crash if both control and data connection fail at the same time

• [p]Localization code and text changes.[/p][/*]

New uNmINeD development snapshot is available for download!

Changes:

• Added support for Hytale (experimental)
• Added support for Minecraft 26.1-snapshot-6 worlds
• Added support for multiple asterixes in block name patterns
• Fixed broken textured rendering for Java Edition

uNmINeD now can read Hytale worlds. This is an experimental feature under development. Map colors are far from finished, the code is slow, and there may be bugs and crashes.

!!! WARNING !!!

It has not yet been tested whether uNmINeD can be used safely while Hytale is running. Always close Hytale before using uNmINeD to prevent data corruption!

Check your Hytale world in uNmINeD and have fun!

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23. This release fixes 2 security vulnerabilities and over 50 bugs reported over the last several months.

For the full list of changes, please review the release notes.

PostgreSQL 13 EOL Notice

This is the final release of PostgreSQL 13. PostgreSQL 13 is now end-of-life and will no longer receive security and bug fixes. If you are running PostgreSQL 13 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information.

Security Issues

CVE-2025-12817: PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

CVSS v3.1 Base Score: 3.1

Supported, Vulnerable Versions: 13 - 18.

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

The PostgreSQL project thanks Jelte Fennema-Nio for reporting this problem.

CVE-2025-12818: PostgreSQL libpq undersizes allocations, via integer wraparound

CVSS v3.1 Base Score: 5.9

Supported, Vulnerable Versions: 13 - 18.

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

The PostgreSQL project thanks Aleksey Solovev (Positive Technologies) for reporting this problem.

Bug Fixes and Improvements

This update fixes over 50 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 18. Some of these issues may also affect other supported versions of PostgreSQL.

• Avoid returning duplicate rows from hash right semi-joins.
• Avoid possible out-of-memory failures during parallel GIN index build.
• Several fixes for BRIN indexes.
• Fixes for crashes related to partitioned tables, including one occurring during a recheck.
• Avoid duplicating hash partition constraints during DETACH CONCURRENTLY, which previously caused issues during dump/restore or if a parent table is dropped after the DETACH.
• Disallow generated columns in partition keys and in COPY ... FROM ... WHERE clauses.
• Fix incorrect reporting of replication lag in pg_stat_replication view.
• Avoid failures when synchronized_standby_slots references nonexistent replication slots.
• Avoid unwanted WAL receiver shutdown when switching from streaming to archive WAL source.
• Avoid unnecessary invalidation of logical replication slots.
• Correctly handle GROUP BY DISTINCT in PL/pgSQL assignment statements.
• Avoid leaking memory when handling a SQL error within PL/Python.
• Fix how libpq handles socket-related errors on Windows within its GSSAPI logic.
• Fix dumping of non-inherited NOT NULL constraints on inherited table columns.
• Ensure consistent ordering of foreign key constraints in the output of pg_dump.
• Several fixes for pgbench error handling and reporting.
• Fix memory leak in pg_combinebackup.
• Allow nonsuperusers with SELECT privileges on a table to use pg_prewarm to prewarm indexes on that table.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

• Download
• Release Notes
• Security
• Versioning Policy
• Submit a Bug
• Donate

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

The PostgreSQL Global Development Group today announced the release of PostgreSQL 18, the latest version of the world's most advanced open source database. Translations of this press release are available in the PostgreSQL 18 press kit.

PostgreSQL 18 improves performance for workloads of all sizes through a new I/O subsystem that has demonstrated up to 3× performance improvements when reading from storage, and also increases the number of queries that can use indexes. This release makes major-version upgrades less disruptive, accelerating upgrade times and reducing the time required to reach expected performance after an upgrade completes. Developers also benefit from PostgreSQL 18 features, including virtual generated columns that compute values at query time, and the database-friendly uuidv7() function that provides better indexing and read performance for UUIDs. PostgreSQL 18 makes it easier to integrate with single-sign on (SSO) systems with support for OAuth 2.0 authentication.

"The efforts of the global open source community shape every PostgreSQL release and help deliver features that meet users where their data resides," said Jonathan Katz, a member of the PostgreSQL core team. "PostgreSQL 18 builds on the project's long, rich history of delivering a reliable and robust data management experience, while continuing to expand the workloads it can support."

PostgreSQL, an innovative data management system known for its reliability, robustness, and extensibility, benefits from nearly 30 years of open source development from a global developer community and has become the preferred open source relational database for organizations of all sizes.

Introducing asynchronous I/O

PostgreSQL previously relied on operating system readahead mechanisms to accelerate data retrieval. However, because operating systems lack insight into database-specific access patterns, they cannot always anticipate what data will be required, leading to suboptimal performance in many workloads.

PostgreSQL 18 introduces a new asynchronous I/O (AIO) subsystem designed to address this limitation. AIO lets PostgreSQL issue multiple I/O requests concurrently instead of waiting for each to finish in sequence. This expands existing readahead and improves overall throughput. AIO operations supported in PostgreSQL 18 include sequential scans, bitmap heap scans, and vacuum. Benchmarking has demonstrated performance gains of up to 3x in certain scenarios.

The new io_method setting lets you toggle between the AIO methods, including worker and io_uring, or you can choose to maintain the current PostgreSQL behavior with the sync setting. There are now more parameters to consider tuning with AIO, which you can learn more about in the documentation.

Faster upgrades, better post-upgrade performance

A key PostgreSQL feature is the generation and storage of statistics that help PostgreSQL select the most efficient query plan. Before PostgreSQL 18, these statistics didn't carry over on a major version upgrade, which could cause significant query performance degradations on busy systems until the ANALYZE finished running. PostgreSQL 18 introduces the ability to keep planner statistics through a major version upgrade, which helps an upgraded cluster reach expected performance more quickly after the upgrade.

Additionally, pg_upgrade, a utility that performs major version upgrades, includes several enhancements in PostgreSQL 18, such as faster upgrades when a database contains many objects like tables and sequences. This release also lets pg_upgrade process its checks in parallel based on the settings of the --jobs flag, and adds the --swap flag that swaps upgrade directories instead of copying, cloning, or linking files.

Query and general performance enhancements

PostgreSQL 18 further accelerates query performance with features that automatically make your workloads faster. This release introduces "skip scan" lookups on multicolumn B-tree indexes that improve execution time for queries that omit an = condition on one or more prefix index columns. It can also optimize queries that use OR conditions in a WHERE to use an index, leading to significantly faster execution. There are also numerous improvements for how PostgreSQL plans and executes table joins, from boosting the performance of hash joins to allowing merge joins to use incremental sorts. PostgreSQL 18 also supports parallel builds for GIN indexes, joining B-tree and BRIN indexes in supporting this capability.

This release also builds on PostgreSQL support for hardware acceleration, including support for ARM NEON and SVE CPU intrinsics for the popcount function, which is used by the bit_count and other internal capabilities.

Enhancing the developer experience

PostgreSQL 18 introduces virtual generated columns that compute values at query time instead of storing them. This is now the default option for generated columns. Additionally, stored generated columns can now be logically replicated.

This release adds the capability to access both the previous (OLD) and current (NEW) values in the RETURNING clause for INSERT, UPDATE, DELETE and MERGE commands. PostgreSQL 18 also adds UUIDv7 generation through the uuidv7() function, letting you generate random UUIDs that are timestamp-ordered to support better caching strategies. PostgreSQL 18 includes uuidv4() as an alias for gen_random_uuid().

PostgreSQL 18 adds temporal constraints -- constraints over ranges -- for both PRIMARY KEY and UNIQUE constraints using the WITHOUT OVERLAPS clause, and on FOREIGN KEY constraints using the PERIOD clause.

Finally, PostgreSQL 18 makes it easier to create the schema definition of a foreign table using the definition of a local table with the CREATE FOREIGN TABLE ... LIKE command.

Improved text processing

PostgreSQL 18 makes text processing easier and faster with several new enhancements. This release adds the PG_UNICODE_FAST collation, which provides full Unicode semantics for case transformations while helping to accelerate many comparisons. This includes the upper and lower string comparison functions and the new casefold function for case-insensitive comparisons. Additionally, PostgreSQL 18 now supports making LIKE comparisons over text that uses a nondeterministic collation, simplifying how you can perform more complex pattern matching. This release also changes full text search to use the default collation provider of a cluster instead of always using libc, which may require you to reindex all full text search and pg_trgm indexes after running pg_upgrade.

Authentication and security features

PostgreSQL 18 introduces oauth authentication, which lets users authenticate using OAuth 2.0 mechanisms supported through PostgreSQL extensions. Additionally, PostgreSQL 18 includes validation for FIPS mode, and adds the ssl_tls13_ciphers parameter for configuring server-side TLS v1.3 cipher suites.

This release deprecates md5 password authentication, which will be removed in a future release. If you require PostgreSQL password-based authentication, use SCRAM authentication. PostgreSQL 18 also supports SCRAM passthrough authentication with both postgres_fdw and dblink for authenticating to remote PostgreSQL instances. Additionally, pgcrypto now supports SHA-2 encryption for password hashing.

Replication

PostgreSQL 18 supports reporting logical replication write conflicts in logs and in the pg_stat_subscription_stats view. Additionally, CREATE SUBSCRIPTION now defaults to using parallel streaming for applying transactions, which can help improve performance. The pg_createsubscriber utility now has an --all flag so you can create logical replicas for all databases in an instance with a single command. PostgreSQL 18 also lets you automatically drop idle replication slots to help prevent storing too many write-ahead log files on a publisher.

Maintenance and observability

PostgreSQL 18 improves its vacuum strategy by proactively freezing more pages during regular vacuums, reducing overhead and helping in situations that require aggressive vacuums.

PostgreSQL 18 adds more details to EXPLAIN, which provides information about query plan execution, and as of this release now automatically shows how many buffers (the fundamental unit of data storage) are accessed when executing EXPLAIN ANALYZE. Additionally, EXPLAIN ANALYZE now shows how many index lookups occur during an index scan, and EXPLAIN ANALYZE VERBOSE includes CPU, WAL, and average read statistics. PostgreSQL 18 includes more info in pg_stat_all_tables on time spent on vacuum and related operations, as well as per-connection statistics on I/O and WAL utilization.

Other notable changes

Databases initialized with PostgreSQL 18 initdb now have page checksums enabled by default. This can affect upgrades from non-checksum enabled clusters, which would require you to create a new PostgreSQL 18 cluster with the --no-data-checksums option when using pg_upgrade.

PostgreSQL 18 also introduces a new version (3.2) of the PostgreSQL wire protocol, the first new protocol version since PostgreSQL 7.4 (2003). libpq still uses version 3.0 by default while clients (e.g., drivers, poolers, proxies) add support for the new protocol version.

Additional Features

Many other new features and improvements have been added to PostgreSQL 18 that may also be helpful for your use cases. Please see the release notes for a complete list of new and changed features.

About PostgreSQL

PostgreSQL is the world's most advanced open source database, with a global community of thousands of users, contributors, companies and organizations. Since its beginnings at the University of California, Berkeley over 40 years ago, PostgreSQL has continued with an unmatched pace of development. PostgreSQL's mature feature set not only matches top proprietary database systems, but exceeds them in advanced database features, extensibility, security, and stability.

Links

• Download
• Release Notes
• Press Kit
• Security Page
• Versioning Policy
• Contact
• Donate

The PostgreSQL Global Development Group announces that the first release candidate of PostgreSQL 18 is now available for download. As a release candidate, PostgreSQL 18 RC 1 will be mostly identical to the initial release of PostgreSQL 18, though some more fixes may be applied prior to the general availability of PostgreSQL 18.

The planned date for the general availability of PostgreSQL 18 is September 25, 2025. Please see the "Release Schedule" section for more details.

Upgrading to PostgreSQL 18 RC 1

To upgrade to PostgreSQL 18 RC 1 from earlier versions of PostgreSQL, you will need to use a major version upgrade strategy, e.g. pg_upgrade or pg_dump / pg_restore. For more information, please visit the documentation section on upgrading:

https://www.postgresql.org/docs/18/upgrading.html

Changes Since 18 Beta 3

Several bug fixes were applied for PostgreSQL 18 during the Beta 3 period. These include:

• Skip vacuuming virtual generated columns when using vacuumdb --missing-stats-only.
• Added recommendation on when to reindex full-text search and pg_trgm indexes after using pg_upgrade.

For a detailed list of fixes, please visit the open items page.

Release Schedule

This is the first release candidate for PostgreSQL 18. Unless an issue is discovered that warrants a delay or to produce an additional release candidate, PostgreSQL 18 should be made generally available on September 25, 2025.

For further information please see the Beta Testing page.

Links

• Download
• Beta Testing Information
• PostgreSQL 18 Beta Release Notes
• PostgreSQL 18 Open Issues
• Submit a Bug
• Donate

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.6, 16.10, 15.14, 14.19, and 13.22, as well as the third beta release of PostgreSQL 18. This release fixes 3 security vulnerabilities and over 55 bugs reported over the last several months.

If you previously created a BRIN index using the numeric_minmax_multi_ops operator class, please see the "Updating" section for additional instructions after upgrading your instance.

For the full list of changes, please review the release notes.

PostgreSQL 13 EOL Notice

PostgreSQL 13 will stop receiving fixes on November 13, 2025. If you are running PostgreSQL 13 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information.

Security Issues

CVE-2025-8713: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

CVSS v3.1 Base Score: 3.1

Supported, Vulnerable Versions: 13 - 17.

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most- common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.

The PostgreSQL project thanks Dean Rasheed for reporting this problem.

CVE-2025-8714: PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 13 - 17.

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.

The PostgreSQL project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem.

CVE-2025-8715: PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 13 - 17.

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.

The PostgreSQL project thanks Noah Misch for reporting this problem.

Bug Fixes and Improvements

This update fixes over 55 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

• Fix for BRIN indexes using the numeric_minmax_multi_ops operator class that could cause them to become bloated and inefficient. Please see the "Updating" section for instructions on how to fix these indexes.
• Several fixes for logical replication, including fixes for memory allocation failure, duplicate transaction replay, infinite wait, unexpected shutdown, and a standby unable to shutdown.
• Fix premature removal of old WAL during a checkpoint, which could impact recovery when using replication slots.
• Revert a change that could reject XML documents over 10MB in size.
• Fix how nested character classes (e.g. [[:alpha:]%_]) are handled in SIMILAR TO expressions.
• Restore the ability for PL/pgSQL expressions to use parallel execution.
• Avoid a rare scenario where a B-tree index could modify the wrong entry.
• Several fixes for MERGE, including incorrect query results with concurrency and when targeting a table that is a parent in an inheritance hierarchy.
• Fix LZ4 decompression failure that could occur on data that is not very compressible.
• Prevent an infinite loop in checkpoints on systems with very large shared_buffers settings.
• Fix issues with GSSAPI authentication when using Active Directory accounts with many group memberships. This release also fixes timing-dependent connection failures when using SSL or GSSAPI encryption in non-blocking mode.
• Fix a crash in libpq function PQcancelCreate().
• Fix several resource leaks.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

If you have any BRIN indexes that use the numeric_minmax_multi_ops operator class, it is advisable to REINDEX them after updating to fix any potential bloating and inefficiency.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

A Note on the PostgreSQL 18 Beta

This release marks the third beta release of PostgreSQL 18 and puts the community one step closer to general availability tentatively around September/October 2025.

In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 18 on your systems to help us eliminate bugs and other issues. While we do not advise you to run PostgreSQL 18 Beta 3 in production environments, we encourage you to find ways to run your typical application workloads against this beta release.

Your testing and feedback helps the community ensure that PostgreSQL 18 upholds our standards of delivering a stable, reliable release of the world's most advanced open source relational database. Please read more about our beta testing process and how you can contribute:

https://www.postgresql.org/developer/beta/

Upgrading to PostgreSQL 18 Beta 3

To upgrade to PostgreSQL 18 Beta 3 from an earlier version of PostgreSQL, you will need to use a strategy similar to upgrading between major versions of PostgreSQL (e.g. pg_upgrade or pg_dump / pg_restore). For more information, please visit the documentation section on upgrading.

Changes Since Beta 2

Fixes and changes in PostgreSQL 18 Beta 3 include:

• Fix for performance regression in trivial queries.
• Fix can't get cancellation key error observed with some additional software.
• Fix for background workers failing to restart after crashes.
• Fix a rare asynchronous I/O failure.
• Stop dumping excess objects in pg_dumpall --statistics-only and --no-schema.
• Remove pg_dumpall non-text output file formats.
• Fix date_trunc(..., 'infinity'::timestamptz) on 32-bit systems.

Please see the release notes for a complete list of new and changed features:

https://www.postgresql.org/docs/18/release-18.html

Testing for Bugs & Compatibility

The stability of each PostgreSQL release greatly depends on you, the community, to test the upcoming version with your workloads and testing tools to find bugs and regressions before the general availability of PostgreSQL 18. As this is a Beta, minor changes to database behaviors, feature details, and APIs are still possible. Your feedback and testing will help determine the final tweaks on the new features, so please test in the near future. The quality of user testing helps determine when we can make a final release.

A list of open issues is publicly available in the PostgreSQL wiki. You can report bugs using this form on the PostgreSQL website:

https://www.postgresql.org/account/submitbug/

Beta Schedule

This is the third beta release of version 18. The PostgreSQL Project will release one or more release candidates, before the final release around September/October 2025. For further information please see the Beta Testing page.

Links

• Download
• Release Notes
• Security
• Versioning Policy
• Beta Testing Information
• PostgreSQL 18 Beta Release Notes
• PostgreSQL 18 Open Issues
• Submit a Bug
• Donate

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

The PostgreSQL Global Development Group announces that the second beta release of PostgreSQL 18 is now available for download. This release contains previews of all features when PostgreSQL 18 is made generally available, though some details of the release can change during the beta period.

You can find information about all of the PostgreSQL 18 features and changes in the release notes:

https://www.postgresql.org/docs/18/release-18.html

In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 18 on your systems to help us eliminate bugs and other issues. While we do not advise you to run PostgreSQL 18 Beta 2 in production environments, we encourage you to find ways to run your typical application workloads against this beta release.

Your testing and feedback helps the community ensure that PostgreSQL 18 upholds our standards of delivering a stable, reliable release of the world's most advanced open source relational database. Please read more about our beta testing process and how you can contribute:

https://www.postgresql.org/developer/beta/

Upgrading to PostgreSQL 18 Beta 2

To upgrade to PostgreSQL 18 Beta 2 from an earlier version of PostgreSQL, you will need to use a strategy similar to upgrading between major versions of PostgreSQL (e.g. pg_upgrade or pg_dump / pg_restore). For more information, please visit the documentation section on upgrading.

Changes Since Beta 1

Fixes and changes in PostgreSQL 18 Beta 2 include:

• Add support for prepared statements in squashing lists in query jumbling.
• Fix for foreign key validation on partitioned tables.
• Remove pg_get_process_memory_contexts() function.
• Several fixes for injection point testing to support testing AIO.
• Fix pg_dump for tables with complex names.
• Fix for statement location calculation for nested statements.
• Fix for upgrades from PostgreSQL 14 when the number of rows in a table is unknown.
• Fix stack overflow for OAuth parsers.
• Set pg_dump and pg_dumpall default behavior to use --no-statistics. Leave the default for pg_restore and pg_upgrade to be --with-statistics.
• Ensure LOAD $libdir/ works.
• Improvements for GIN amcheck.
• Remove PQservice() from libpq.

Please see the release notes for a complete list of new and changed features:

https://www.postgresql.org/docs/18/release-18.html

Testing for Bugs & Compatibility

The stability of each PostgreSQL release greatly depends on you, the community, to test the upcoming version with your workloads and testing tools to find bugs and regressions before the general availability of PostgreSQL 18. As this is a Beta, minor changes to database behaviors, feature details, and APIs are still possible. Your feedback and testing will help determine the final tweaks on the new features, so please test in the near future. The quality of user testing helps determine when we can make a final release.

A list of open issues is publicly available in the PostgreSQL wiki. You can report bugs using this form on the PostgreSQL website:

https://www.postgresql.org/account/submitbug/

Beta Schedule

This is the second beta release of version 18. The PostgreSQL Project will release additional betas as required for testing, followed by one or more release candidates, until the final release around September/October 2025. For further information please see the Beta Testing page.

Links

• Download
• Beta Testing Information
• PostgreSQL 18 Beta Release Notes
• PostgreSQL 18 Open Issues
• Submit a Bug
• Donate

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.5, 16.9, 15.13, 14.18, and 13.21. This release fixes 1 security vulnerability and over 60 bugs reported over the last several months.

For the full list of changes, please review the release notes.

PostgreSQL 13 EOL Notice

PostgreSQL 13 will stop receiving fixes on November 13, 2025. If you are running PostgreSQL 13 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information.

Security Issues

CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

CVSS v3.1 Base Score: 5.9

Supported, Vulnerable Versions: 13 - 17.

A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Bug Fixes and Improvements

This update fixes over 60 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

• Handle self-referential foreign keys on partitioned tables correctly. Creating or attaching partitions failed to make the required catalog entries for a foreign-key constraint if the table referenced by the constraint was the same partitioned table. This resulted in failure to enforce the constraint fully. To fix this, please see the instructions in the "Updating" section.
• Fix for potential data loss issue when using BRIN bloom indexes (e.g. using the date_bloom_ops operator class).
• Fix MERGE into a partitioned table with DO NOTHING actions.
• Prevent failure in INSERT commands when the table has a GENERATED column of a domain type and the domain's constraints disallow NULL values.
• Fix ALTER TABLE .. ADD COLUMN to correctly handle the case of a domain type that has its own default value and the DEFAULT for the column is not set.
• Fix issues when performing casts within the keys of JSON constructor expressions.
• Fix XMLSERIALIZE() so that the INDENT option is correctly dumped out when it's present in views or rules. This was noticeable on restores.
• Several query planner fixes, including avoiding a premature evaluation of arguments in an aggregate function that has both FILTER and either ORDER BY or DISTINCT clauses that could lead to unnecessary failures.
• Fix for potentially returning incorrect results when a bitmap scan without output columns is executed while vacuum is also running on the same table.
• Fix performance issues in GIN index search startup when there are many search keys, for example, jsonbcol ?| array[...] with tens of thousands of array elements.
• Ensure that I/O statistics of active WAL senders are reported within at most one second.
• Fix race condition in handling of synchronous_standby_names immediately after startup, where a backend might fail to wait for a synchronous commit.
• Avoid infinite loop if scram_iterations is set to INT_MAX.
• Several fixes for logical replication, including handling of vacuum around deleted rows that are still required for logical decoding.
• Prevent potential data loss when schema modification operations (DDL) that don't take a strong lock affect tables that are being logically replicated.
• Prevent issues in logical replication that could allow duplicate data to be applied due to apply worker error handling.
• Improve how reindexdb handles scheduling parallel reindex operations to achieve the expected amount of parallelism.

This release also updates time zone data files to tzdata release 2025b for DST law changes in Chile, plus historical corrections for Iran. Additionally, there is a new time zone America/Coyhaique for Chile's Aysén Region, to account for it changing to UTC-03 year-round, which diverges from America/Santiago.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

If you created a self-referential foreign key on a partitioned table, after updating, you should drop and recreate any of these self-referential foreign keys if partitions have been created or attached since the constraint was created. There may be rows in the partition that violate this constraint, in which case recreating the constraint will fail, and you'll need to correct those rows before trying again.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

• Download
• Release Notes
• Security
• Versioning Policy
• Donate

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

The PostgreSQL Global Development Group announces that the first beta release of PostgreSQL 18 is now available for download. This release contains previews of all features when PostgreSQL 18 is made generally available, though some details of the release can change during the beta period.

You can find information about all of the PostgreSQL 18 features and changes in the release notes:

https://www.postgresql.org/docs/18/release-18.html

In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 18 on your systems to help us eliminate bugs and other issues. While we do not advise you to run PostgreSQL 18 Beta 1 in production environments, we encourage you to find ways to run your typical application workloads against this beta release.

Your testing and feedback helps the community ensure that PostgreSQL 18 upholds our standards of delivering a stable, reliable release of the world's most advanced open source relational database. Please read more about our beta testing process and how you can contribute:

https://www.postgresql.org/developer/beta/

PostgreSQL 18 Feature Highlights

Below are some of the feature highlights that are planned for PostgreSQL 18. This list is not exhaustive; for the full list of planned features, please see the release notes.

Performance

PostgreSQL 18 introduces an asynchronous I/O (AIO) subsystem. This new subsystem allows to increase I/O throughput and to hide I/O latency. On Linux io_uring can be used for AIO, a worker based implementation is available on all platforms. This initial release supporting file system reads such as sequential scans, bitmap heap scans, and vacuums, with tests showing up to a 2-3x performance improvements.

These performance gains extend to query optimizations and new indexing features. PostgreSQL 18 adds support for using "skip scan" lookups on multicolumn B-tree indexes, which can result in faster execution times for queries that omit a "=" condition on one or more prefix index columns. This release also includes optimizations for WHERE clauses that contain OR and IN (...) statements to better utilize recent indexing improvements which can also result in better query performance. There are also numerous performance improvements for how PostgreSQL plans and executes table joins, from improving the overall performance of hash joins to allowing merge joins to use incremental sorts.

There are a variety of other PostgreSQL 18 features that improve performance for other query and maintenance operations. PostgreSQL 18 now supports parallel builds for GIN indexes, which are commonly used for search over JSON and full-text data. This release also allows you to define partition keys and materialized views with unique indexes which aren't B-trees. PostgreSQL 18 also improves overall locking performance for queries that access many relations, and adds several improvements to queries over partitioned tables, including improved pruning and join support. PostgreSQL 18 also has performance improvements in text processing, including general speedups to the upper/lower functions and a new built-in collation PG_UNICODE_FAST.

Major version upgrade experience

Before PostgreSQL 18, an important step after performing a major version upgrade was to run the ANALYZE to generate statistics, which is a critical component of helping PostgreSQL to select the most efficient query plan. Based on the size and overall activity of a PostgreSQL cluster, this could be a time consuming process, and potentially impact query performance until the process completed. PostgreSQL 18 introduces the ability to keep planner statistics through a major version upgrade, which helps an upgraded cluster to get to its expected performance state sooner once it's available.

Additionally, pg_upgrade, the utility used to facilitate a major version upgrade, added several performance enhancements to help accelerate upgrades with many objects, such as tables and sequences. This release also allows pg_upgrade to process its checks in parallel based on the settings of the --jobs flag, and also adds the --swap flag, which swaps upgrade directories instead of copying, cloning, or linking files.

Developer Experience

PostgreSQL 18 introduces virtual generated columns that compute the column values just-in-time during query execution, instead of having to store them. This is now the default option for generated columns. Additionally, stored generated columns can now be logically replicated.

This release adds the capability to access both the previous (OLD) and current (NEW) values in the RETURNING clause for INSERT, UPDATE, DELETE and MERGE commands. Additionally, PostgreSQL 18 adds support for UUIDv7 generation through the uuidv7() function, letting you generate random UUIDs that are timestamp-ordered to support better caching strategies (this release also adds uuidv4() as an alias for gen_rand_uuid).

Now in PostgreSQL 18, you can make LIKE comparisons over text that uses a nondeterministic collation, making it simpler to do more complex pattern matching. Additionally, this release introduces the CASEFOLD to help with case-insensitive matches.

This release also adds temporal constraints, or constraints over ranges, for both PRIMARY KEY and UNIQUE constraints using the WITHOUT OVERLAPS clause, and on FOREIGN KEY constraints using the PERIOD clause.

Security Features

PostgreSQL 18 introduces oauth authentication, which lets users authenticate using OAuth 2.0 mechanisms supported through PostgreSQL extensions. Additionally, PostgreSQL 18 adds several features to validate and enforce FIPS mode behavior, and also adds the ssl_tls13_ciphers to let users configure which TLS v1.3 cipher suites the server can use.

This release deprecates md5 password authentication in favor of using SCRAM authentication that was first added in PostgreSQL 10. md5 authentication will be fully removed in a future major version release. Additionally, PostgreSQL 18 adds support for SCRAM passthrough authentication with both postgres_fdw and dblink when authenticating to remote PostgreSQL instances.

Monitoring and Observability

PostgreSQL 18 adds more details to the EXPLAIN utility, which provides information about query plan execution, and as of this release now automatically shows how many buffers (the fundamental unit of data storage) are accessed when executing EXPLAIN ANALYZE. Additionally, EXPLAIN ANALYZE now shows how many index lookups occur during an index scan, and EXPLAIN ANALYZE VERBOSE includes CPU, WAL, and average read statistics. This release also includes information about the total amount of time spent vacuuming and analyzing a table in pg_stat_all_tables, and now shows per-connection statistics on I/O and WAL utilization.

PostgreSQL 18 also provides more insights into write conflicts that occur during logical replication, and surfaces this information both in logs and in the pg_stat_subscription_stats view.

Other Highlights

Starting with PostgreSQL 18, data checksums, which are used to validate the integrity of stored data, are now enabled by default on new PostgreSQL clusters. You can choose to disable this behavior using the initdb --no-data-checksums command. Note that this may require changes to your upgrade scripts.

Additionally, there are new behaviors available in several constraint features. First, both foreign key and check constraints can be set as NOT ENFORCED and conversely, made enforceable. Additionally, NOT NULL constraints now preserve their names as required by the SQL standard, support the NOT VALID and NO INHERIT clauses, and now behave more consistently with inheritance.

pg_createsubscriber now supports an --all flag so you can create logical replicas for all databases in an instance with a single command. Additionally, PostgreSQL 18 lets you create the schema definition of a foreign table using the definition of a local table using the CREATE FOREIGN TABLE ... LIKE command.

PostgreSQL 18 also introduces a new version (3.2) of the PostgreSQL wire protocol, which is the first new protocol version since PostgreSQL 7.4 (2003). libpq still uses version 3.0 by default while clients (e.g., drivers, poolers, proxies) add support for the new protocol version.

Additional Features

Many other new features and improvements have been added to PostgreSQL 18. Many of these may also be helpful for your use cases. Please see the release notes for a complete list of new and changed features:

https://www.postgresql.org/docs/18/release-18.html

Testing for Bugs & Compatibility

The stability of each PostgreSQL release greatly depends on you, the community, to test the upcoming version with your workloads and testing tools to find bugs and regressions before the general availability of PostgreSQL 18. As this is a Beta, minor changes to database behaviors, feature details, and APIs are still possible. Your feedback and testing will help determine the final tweaks on the new features, so please test in the near future. The quality of user testing helps determine when we can make a final release.

A list of open issues is publicly available in the PostgreSQL wiki. You can report bugs using this form on the PostgreSQL website:

https://www.postgresql.org/account/submitbug/

Beta Schedule

This is the first beta release of version 18. The PostgreSQL Project will release additional betas as required for testing, followed by one or more release candidates, until the final release around September/October 2025. For further information please see the Beta Testing page.

Links

• Download
• Beta Testing Information
• PostgreSQL 18 Beta Release Notes
• PostgreSQL 18 Open Issues
• Submit a Bug
• Donate

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.4, 16.8, 15.12, 14.17, and 13.20.

For the full list of changes, please review the release notes.

Bug Fixes and Improvements

The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

• Improve behavior of quoting functions in libpq. The fix for CVE-2025-1094 caused the quoting functions to not honor their string length parameters and, in some cases, cause crashes. This problem could be noticeable from a PostgreSQL client library, based on how it is integrated with libpq.
• Fix small memory leak in pg_createsubscriber.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

• Download
• Release Notes
• Security
• Versioning Policy
• Donate

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

The PostgreSQL Global Development Group is planning for an out-of-cycle release on February 20, 2025 to address a regression that was released as part of the February 13, 2025 update release, which included release 17.3, 16.7, 15.11, 14.16, and 13.19. As part of this release, we will issue fixes for all supported versions (17.4, 16.8, 15.12, 14.17, 13.20). While these fixes may not impact all PostgreSQL users, PostgreSQL Global Development Group determined that it would be better to address these sooner than the next scheduled release on May 8, 2025.

The fix for CVE-2025-1094, which closed a vulnerability in the libpq PostgreSQL client library, introduced a regression related to string handling for non-null terminated strings. The error would be visible based on how a PostgreSQL client implemented this behavior, and may not impact all PostgreSQL drivers. As a precaution, the PostgreSQL Global Development Group opted for a follow up release.

If you are impacted by this issue, we advise to consider waiting for the availability of 17.4, 16.8, 15.12, 14.17, and 13.20 before upgrading.

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.3, 16.7, 15.11, 14.16, and 13.19. This release fixes 1 security vulnerability and over 70 bugs reported over the last several months.

For the full list of changes, please review the release notes.

Security Issues

CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

CVSS v3.1 Base Score: 8.1

Supported, Vulnerable Versions: 13 - 17.

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

The PostgreSQL project thanks Stephen Fewer, Principal Security Researcher, Rapid7 for reporting this problem.

Bug Fixes and Improvements

This update fixes over 70 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

• Restore pre-v17 truncation behavior for >63-byte database names and usernames in connection requests.
• Don't perform connection privilege checks and limits on parallel workers, and instead inherit these from the leader process.
• Remove Lock suffix from LWLock wait event names.
• Fix possible re-use of stale results in window aggregates, which could lead to incorrect results.
• Several race condition fixes for vacuum that in the worst case could cause corruption to a system catalog.
• Several fixes for truncating tables and indexes that prevent potential corruption.
• Fix for detaching a partition where its own foreign-key constraint references a partitioned table.
• Fix for the FFn (e.g., FF1) format codes for to_timestamp, where an integer format code before the FFn would consume all available digits.
• Fixes for SQL/JSON and XMLTABLE() to double-quote specific entries when necessary.
• Include the ldapscheme option in pg_hba_file_rules().
• Several fixes for UNION, including not merging columns with non-compatible collations.
• Several fixes that could impact availability or speed of starting a connection to PostgreSQL.
• Fix multiple memory leaks in logical decoding output.
• Fix several memory leaks in PL/Python.
• Add psql tab completion for COPY (MERGE INTO).
• Make pg_controldata more resilient when displaying info from corruptedpg_control files.
• Fix for a memory leak in pg_restore with zstd-compressed data.
• Fix pg_basebackup to correctly handle pg_wal.tar files exceeding 2GB on Windows.
• Modify earthdistance to use SQL-standard function bodies, which fixes possible issues with major version upgrades to v17 when databases use this extension.
• Fix crash in pageinspect in instances where the brin_page_items() function definition is not updated to the latest version.
• Fix race condition when trying to cancel a postgres_fdw remote query.

This release also updates time zone data files to tzdata release 2025a for DST law changes in Paraguay, plus historical corrections for the Philippines.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

• Download
• Release Notes
• Security
• Versioning Policy
• Donate

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

Postfix stable release 3.10.7 and legacy releases 3.9.8, 3.8.14, 3.7.19

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.7.html]

Fixes for all Postfix 3.* releases:

• This patch addresses build errors on recent Linux distributions. With the patch, Postfix builds will run the compiler with a backwards compatibility option that is supported by Gcc and Clang. For other compilers, an error message provides hints.

  Background: the build errors are caused by C compilers that by default define a 'bool' type (size=1) that conflicts with Postfix's 'bool' type (an alias for 'int', typically size=4). Postfix 3.11 will support the new bool type, but that change is too large for stable Postfix releases (too many lines in too many files).

  This patch will also apply to Postfix 3.6 all the way back to Postfix 3.0 with a simple change: remove the Prereq: line, and remove the part that updates the HISTORY file.

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.

Postfix stable release 3.10.6 and legacy releases 3.9.7, 3.8.13, 3.7.18

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.6.html]

Fixes for Postfix 3.10 only:

• Bugfix (defect introduced: Postfix 3.10, date: 20250117). Symptom: warning messages that smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt".
  Root cause: Support for "TLS-Required: no" broke client-side TLS wrappermode support, by downgrading a connection to TLS security level 'may'.
  The fix changes the downgrade level for wrappermode connections to 'encrypt'. Rationale: by design, TLS can be optional only for connections that use STARTTLS. The downgrade to unauthenticated 'encrypt' allows a sender to avoid an email delivery problem. Problem reported by Joshua Tyler Cochran.

• New logging: the Postfix SMTP client will log a warning when an MX hostname does not match STS policy MX patterns, with "smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with TLSRPT support enabled in a TLS policy plugin. It will log a successful match only when verbose logging is enabled.

• Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP client null pointer crash when an STS policy plugin sends no policy_string or no mx_pattern attributes. This can happen only during tests with a fake STS plugin.

Fixes for Postfix 3.10, 3.9, 3.8, 3.7:

• Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault when a duplicate parameter name is given to "postconf -X" or "postconf -#'.

• Documentation: removed incorrect text from the parameter description for smtp_cname_overrides_servername. File: proto/postconf.proto.

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.

Postfix stable release 3.10.5 and legacy releases 3.9.6, 3.8.12, 3.7.17

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.5.html]

Fixes for Postfix 3.10 only:

• Workaround for an interface mis-match between the Postfix SMTP client and MTA-STS policy plugins.

  • The existing behavior is to connect to any MX host listed in DNS, and to match the server certificate against any STS policy MX host pattern.

  • The corrected behavior is to connect to an MX host only if its name matches any STS policy MX host pattern, and to match the server certificate against the MX hostname.

  The corrected behavior must be enabled in two places: in Postfix with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes") and in an MTA-STS plugin by enabling TLSRPT support, so that the plugin forwards STS policy attributes to Postfix. This works even if Postfix TLSRPT support is disabled at build time or at runtime.

• TLSRPT Workaround: when a TLSRPT policy-type value is "no-policy-found", pretend that the TLSRPT policy domain value is equal to the recipient domain. This ignores that different policy types (TLSA, STS) use different policy domains. But this is what Microsoft does, and therefore, what other tools expect.

Fixes for Postfix 3.10, 3.9, 3.8, 3.7:

• Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP client's connection reuse logic did not distinguish between sessions that require SMTPUTF8 support, and sessions that do not. The solution is 1) to store sessions with different SMTPUTF8 requirements under distinct connection cache storage keys, and 2) to not cache a connection when SMTPUTF8 is required but the server does not support that feature.

• Bugfix (defect introduced: Postfix 3.0, date 20140731): the smtpd 'disconnect' command statistics did not count commands with "bad syntax" and "bad UTF-8 syntax" errors.

• Bugfix: the August 2025 patch broke DBM library support which is still needed on Solaris; and the same change could result in warnings with "database X is older than source file Y".

• Postfix 3.11 forward compatibility: to avoid ugly warnings when Postfix 3.11 is rolled back to an older version, allow a preliminary 'size' record in maildrop queue files created with Postfix 3.11 or later.

• Bugfix (defect introduced: Postfix 3.8, date 20220128): non-reproducible build, because the 'postconf -e' output order for new main.cf entries was no longer deterministic. Problem reported by Oleksandr Natalenko, diagnosis by Eray Aslan.

• To make builds predictable, add missing meta_directory and shlib_directory settings to the stock main.cf file. Problem diagnosed by Eray Aslan.

Fixes for Postfix 3.10, 3.9, 3.8:

• Bugfix (defect introduced: Postfix 3.9, date 20230517): posttls-finger(1) logged an incorrectly-formatted port number. Viktor Dukhovni.

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.

Postfix stable release 3.10.4 and legacy releases 3.9.5, 3.8.11, 3.7.16

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.4.html]

Fixes for Postfix 3.10, 3.9, 3.8, 3.7:

• Fixes for postscreen(8):

  • Bugfix (defect introduced: postfix-2.2, date 20050203): after detecting a lookup table change, and after starting a new postscreen process, the old postscreen process logged an ENOTSOCK error while attempting to accept a connection on a socket that it was no longer listening on. This error was introduced first in the multi_server skeleton code, and was five years later duplicated in the event_server skeleton that was created for postscreen. Problem reported by Florian Piekert.

  • Bugfix (defect introduced: Postfix 2.8, date 20101230): after detecting a cache table change and before starting a new postscreen process, the old postscreen process did not close the postscreen_cache_map, and therefore kept an exclusive lock that could prevent a new postscreen process from starting. Problem reported by Florian Piekert.

• Fixes for tlsproxy(8):

  • Bugfix (defect introduced: Postfix 3.7): incorrect backwards compatible support for the legacy configuration parameters tlsproxy_client_level and tlsproxy_client_policy. This disabled the tlsproxy TLS client role when a legacy parameter was set (instead of the newer tlsproxy_client_security_level or tlsproxy_client_policy_maps). Reported by John Doe, diagnosed by Viktor Dukhovni.

  • Bugfix (defect introduced: Postfix 3.4): with the TLS client role disabled by configuration, the tlsproxy daemon dereferenced a null pointer while handling a tlsproxy client request. Reported by John Doe.

• Reducing process churn: Postfix daemons no longer automatically restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file modification time change, when they opened that table for writing.

• Portability: deleted an <openssl/engine.h> build dependency, because the feature is being removed from OpenSSL, and Postfix no longer needs it.

Fixes for Postfix 3.10 only:

• Cleanup: with "tls_required_enable = yes", the Postfix SMTP client will no longer maintain TLSRPT statistics for messages that contain a "TLS-Required: no" header. This can prevent TLSRPT notifications for TLSRPT notifications.

• Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS client code logged "Untrusted TLS connection" (wrong) instead of "Trusted TLS connection" (right), for a new or resumed TLS session, when a server offered a trusted (valid PKI trust chain) certificate that did not match the expected server name pattern. Fix by Viktor Dukhovni.

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.

Postfix stable release 3.10.3

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.3.html]

This release fixes defects that were introduced in Postfix 3.10. These were fixed first in the Postfix 3.11 unstable release.

The defects exist only with the default configuration "tls_required_enable = yes".

• Bugfix (defect introduced: Postfix-3.10, date 20250117): include the current TLS security level in the SMTP connection cache lookup key for lookups by next-hop destination, to avoid reusing the same SMTP connection when sending messages with and without a "TLS-Required: no" header. Likewise, include the current TLS security level in the TLS session lookup key, to avoid reusing the same TLS session info when sending messages with and without a "TLS-Required: no" header.

• Bugfix (defect introduced: Postfix-3.10, date 20250117): the Postfix SMTP client attempted to look up TLSA records even with "TLS-Required: no". This could result in unnecessary failures. Fix by Viktor Dukhovni & Wietse.

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.

Postfix stable release 3.10.2 and legacy releases 3.9.4, 3.8.10, 3.7.15

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.2.html]

Fixes for Postfix 3.10, 3.9, 3.8, 3.7:

• Bugfix (defect introduced: date 19991116): when appending a setting to a main.cf or master.cf file that did not end in a newline character, the "postconf -e" command did not add an extra newline character before appending the new setting, causing information to become garbled. Fix by Michael Tokarev.

• Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not attempt to create a new connection after an I/O error on an existing connection. Reported by Oleksandr Kozmenko.

• Improved and corrected error messages when converting (host or service) information to (symbolic text, numerical text, or binary) form.

• Documentation: updated link to Dovecot documentation.

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.

Postfix stable release 3.10.1 and legacy releases 3.9.3, 3.8.9, 3.7.14, 3.6.18

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.1.html]

Fix for Postfix 3.10, 3.9, 3.8, 3.7, 3.6:

• Bugfix (defect introduced: 20250210): a recent 'fix' for the default smtp_tls_dane_insecure_mx_policy setting resulted in unnecessary 'dnssec_probe' warnings, on systems that disable DNSSEC lookups (which is the default).

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.

Postfix stable release 3.10.0

[An updated version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.0.html]

Postfix stable release 3.10.0 is available. Postfix 3.6 - 3.9 were updated earlier this week; after that, Postfix 3.6 will no longer be updated.

The main changes are below. See the RELEASE_NOTES file for further details.

Changes that need a restart:

• Internal protocol change: Postfix needs "postfix reload" (or "postfix stop" and "postfix start") after upgrade, because of a change in the delivery agent protocol. If this step is skipped, Postfix delivery agents will log a warning:

  unexpected attribute smtputf8 from xxx socket (expecting: sendopts)

  where xxx is the delivery agent service name.

Changes in TLS support:

• Forward compatibility: Support for OpenSSL 3.5 post-quantum cryptography. To manage algorithm selection, OpenSSL introduces new TLS group syntax that Postfix will not attempt to imitate. Instead, Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups parameter values to have an empty value. When both are set empty, the algorithm selection can be managed through OpenSSL configuration. For more, look for "Post-quantum" in the postconf(5) manpage.

• Support for the RFC 8689 "TLS-Required: no" message header to request delivery of messages (such as TLSRPT summaries) even if the preferred TLS security policy cannot be enforced. This limits the Postfix SMTP client to "smtp_tls_security_level = may" which does not authenticate server certificates and which allows falling back to plaintext.

  Support for the REQUIRETLS SMTP service extension will evolve in Postfix 3.11.

• Support for the TLSRPT protocol (defined in RFC 8460). With this, a domain can publish a policy in DNS that requests daily summary reports for successful and failed SMTP-over-TLS connections to that domain's MX hosts. This supports both DANE (built-in) and MTA-STS (via an smtp_tls_policy_maps plugin). The implementation uses a TLSRPT library and reporting infrastructure that are maintained by sys4. For details, see TLSRPT_README.

Miscellaneous changes:

• Privacy: With "smtpd_hide_client_session = yes", the Postfix SMTP server generates a Received: header without client session info. This setting may be used with the MUA submission services (port 465 and 587).

• Support for RFC 2047 encoding of non-ASCII "full name" information in Postfix-generated From: message headers. Encoding non-ASCII full names can avoid the need to use SMTPUTF8, and therefore can avoid incompatibility with sites that do not support SMTPUTF8. See the full_name_encoding_charset parameter description for details.

• Database performance: When mysql: or pgsql: configuration specifies a single host, assume that it is a load balancer and reconnect immediately after a single failure, instead of failing all requests for 60s.

Changes in logging:

• The Postfix Milter implementation now logs the reason for a 'quarantine' action, instead of "milter triggers HOLD action".

• The SMTP server now logs the queue ID (or "NOQUEUE") when a connection ends abnormally (timeout, lost connection, or too many errors), and the cleanup server now logs "queueid: canceled" when a message transaction is started but not completed. These changes simplify logfile analysis.

• Dovecot SASL client logging for "Invalid authentication mechanism" now includes the name of that mechanism.

• Postfix SMTP server 'reject' logging now shows the sasl_method, sasl_username, and sasl_sender if available.

You can find the Postfix source code at the mirrors listed at https://www.postfix.org/.

Postfix legacy releases 3.9.2, 3.8.8, 3.7.13, 3.6.17

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.9.2.html]

These releases add forward compatibility with upcoming Postfix and OpenSSL versions, improve PostgreSQL and MySQL performance, and fix minor bugs. This will be the last update for Postfix 3.6.

Fixes for Postfix 3.9.2, 3.8.8, 3.7.13, 3.6.17:

• Forward compatibility: Support for OpenSSL 3.5 post-quantum cryptography. To manage algorithm selection, OpenSSL introduces new TLS group syntax that Postfix will not attempt to imitate. Instead, Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups parameter values to have an empty value. When both are set empty, the algorithm selection can be managed through OpenSSL configuration. Viktor Dukhovni.

• Forward compatibility: ignore new queue file flag bits that may be used with Postfix 3.10 and later. This is a safety in case a Postfix 3.10 upgrade needs to be rolled back, after the new TLS-Required feature has been used.

• Performance: when a mysql: or pgsql: configuration specifies a single host, assume that it is a load balancer and reconnect immediately after a single failure, instead of failing all requests for 60s.

• Bugfix (defect introduced: Postfix 3.4, date 20181113): a server with multiple TLS certificates could report, for a resumed TLS session, the wrong server-signature and server-digest names in logging and Received: message headers. Viktor Dukhovni.

• Bugfix (defect introduced: Postfix 3.3, date 20180107) small memory leak in the cleanup daemon when generating a "From: full-name &quot; message header. The impact is limited because the number of requests is bounded by the &quot;max_use&quot; configuration parameter. Found during code maintenance.

• Bugfix (defect introduced: Postfix 3.0): the bounce daemon mangled a non-ASCII address localpart in the "X-Postfix-Sender:" field of a delivery status notification. It backslash-escaped each byte in a multi-byte character. This behavior was implemented in Postfix 2.1 (no support for UTF8 local-parts), but it became incorrect after SMTPUTF8 support was implemented in Postfix 3.0.

• Bugfix (defect introduced: Postfix 3.6): Reverted the default smtp_tls_dane_insecure_mx_policy setting to "dane" as of Postfix 3.6.17, 3.7.13, 3.8.8, 3.9.2, and 3.10.0. By mistake the default was dependent on the smtp_tls_security_level setting. Problem reported by Ömer Güven.

• Portability: added "include <sys_socket.h>" for a SUNOS5 workaround. Gary R. Schmidt.

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.