PostgreSQL 18.4

PostgreSQL 18.4 ships May 14, 2026. Security update. Bug fixes.

This is a minor release for all supported PostgreSQL versions — 18.4, 17.10, 16.14, 15.18, and 14.23. All users are advised to upgrade at their earliest convenience.

Security Fixes

• 11 security vulnerabilities addressed across all supported versions
• Three of the eleven are rated high severity
• Crafted time zone settings could pass % sequences to snprintf() — potential crashes or disclosure of server memory
• Unbounded recursion while processing startup packets — now prevented with proper depth limits
• Additional hardening for permission checks in extension loading

Bug Fixes

• Over 60 bugs reported since 18.3
• Loss of fractional seconds in timestamp handling — fixed
• Assorted planner fixes for edge-case query patterns involving correlated subqueries
• Replication slot management improvements for high-availability setups
• WAL archival reliability fixes under heavy write loads
• Fix for index-only scans returning incorrect results in certain partition-pruning scenarios

Maintenance

• Time zone data updated to reflect recent regulatory changes worldwide
• PostgreSQL 14 will stop receiving fixes on November 12, 2026 — plan your upgrade now

Upgrade recommended for all production deployments. Apply via your package manager — no major version upgrade required.