The PostgreSQL Global Development Group has released PostgreSQL 18.1 on November 13, 2025. This minor release brings critical security fixes and important bug corrections for users running PostgreSQL 18.0.

What’s New in PostgreSQL 18.1

This maintenance release focuses on stability and security improvements rather than new features. Users running PostgreSQL 18.X can upgrade without requiring a dump/restore operation, making the upgrade process smooth and straightforward.

Critical Security Fixes

Two important security vulnerabilities have been addressed in this release:

CVE-2025-12817: Statistics Privilege Check
This fix addresses a privilege escalation issue where table owners could create statistics in any schema without proper CREATE privileges. This oversight could lead to unexpected naming conflicts and potential security issues.

CVE-2025-12818: Libpq Integer Overflow
The PostgreSQL team fixed several integer overflow vulnerabilities in libpq’s memory allocation calculations. When processing sufficiently large inputs, these could cause buffer overflows, potentially leading to security exploits.

Key Bug Fixes and Improvements

Query Optimizer Enhancements
Fixed incorrect optimization of variable-free HAVING clauses with grouping sets
Resolved division-by-zero errors in ordered-append plan creation
Improved hash join memory allocation logic

Index and Performance Fixes
Corrected JIT-generated tuple deforming code that could cause “memoization table entry” errors
Fixed BRIN autosummarization for index expressions requiring snapshots
Resolved parallel GIN index build memory issues
Removed faulty assertion in btree index cleanup

Replication and WAL Improvements
Fixed incorrect replication lag reporting in pg_stat_replication view
Resolved WAL receiver shutdown issues during timeline changes
Corrected logical replication slot invalidation behavior

Platform-Specific Fixes
Fixed Windows GSSAPI socket error handling
Corrected memory-context warnings on 64-bit Windows debug builds
Improved compatibility with libsanitizer for testing

Utility and Extension Updates
Fixed pg_dump sorting of foreign key constraints
Improved pg_prewarm privilege checking for indexes
Enhanced pgbench error handling and pipeline mode
Better handling in contrib/pgstattuple for empty or invalid index pages

Should You Upgrade?

If you’re running PostgreSQL 18.0, upgrading to 18.1 is strongly recommended, especially given the security vulnerabilities addressed in this release. The upgrade process is straightforward and doesn’t require a dump/restore operation.

For production environments, the security fixes alone make this upgrade essential. The bug fixes also improve stability and performance in various edge cases.

Upgrade Recommendations
Test in staging: Always test the upgrade in a non-production environment first
Review release notes: Check the full release notes for any fixes that might affect your specific workload
Plan for minimal downtime: The upgrade process is quick but plan accordingly
Monitor after upgrade: Watch for any unexpected behavior after upgrading

Looking Ahead

While PostgreSQL 18.1 is a maintenance release, work continues on future versions. For information about new features in PostgreSQL 18, refer to the major release 18 documentation.

Download and Resources

You can download PostgreSQL 18.1 from the official PostgreSQL download page
Full release notes are available in the PostgreSQL documentation
For upgrade instructions, consult the PostgreSQL upgrade guide

Conclusion

PostgreSQL 18.1 is an important maintenance release that addresses critical security vulnerabilities and fixes numerous bugs. All users running PostgreSQL 18.0 should plan to upgrade at their earliest convenience. The PostgreSQL community continues to demonstrate its commitment to security and stability with these regular maintenance releases.