PostgreSQL 18.3, 17.9, 16.13, 15.17, and 14.22 Released!

Posted on 2026-02-26 by PostgreSQL Global Development Group
PostgreSQL Project Security

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 18.3, 17.9, 16.13, 15.17, and 14.22. This is an out-of-cycle release that fixes several regressions reported after the last update release.

For the full list of changes, please review the release notes.

Bug Fixes and Improvements

This update fixes several bugs that were reported since the previous release. The issues listed below affect PostgreSQL 18. Some of these issues may also affect other supported versions of PostgreSQL.

  • Fix issue where a standby would halt and return an error "could not access status of transaction".
  • Fix error where the substring() function would raise an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column. This was due to a change introduced for the fix to CVE-2026-2006.
  • Fix for the strict_word_similarity function in pg_trgm that could lead to incorrect output or crashes. This was due to an oversight in the fix for CVE-2026-2007.
  • Fix function volatility for json_strip_nulls() and jsonb_strip_nulls() to be immutable, like previous releases, allowing for them to be used in indexes. If you previously upgraded to PostgreSQL 18.0 through 18.2, see the additional steps in the "Updating" section.
  • Fix for NOT NULL tests in LATERAL UNION ALL subquery that could lead to wrong query output.
  • Avoid NOT NULL constraints from generating name conflicts with user-written constraints.
  • Fix pg_stat_get_backend_wait_event() and pg_stat_get_backend_wait_event_type() to report values for auxiliary processes, similar to pg_stat_activity.
  • Fix casting a composite-type variable to a domain type when returning its value from a PL/pgSQL function.
  • Fix the hstore binary input function to avoid crashes on input with duplicate keys.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

If you previously upgraded to PostgreSQL 18.0, 18.1 or 18.2, you need to execute the following SQL as a PostgreSQL superuser in all of your databases to make the json_strip_nulls() and jsonb_strip_nulls() functions immutable:

UPDATE pg_catalog.pg_proc SET provolatile = 'i' WHERE oid IN ('3261','3262');

You should also execute this command in the template0 and template1 databases so future databases you create in your PostgreSQL cluster have the correct function volatility setting. Please see the documentation on template databases for more information.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.