Database

Postgres Extended-Support Options

Postgres extended-support options are commercial services from cloud providers or third-party vendors that provide security patches and technical assistance for PostgreSQL versions that are no longer supported by the community.

Postgres extended-support options are commercial services that provide security patches and technical assistance for PostgreSQL major versions after they have reached their community end-of-life (EOL). The PostgreSQL Global Development Group supports each major version for five years, after which the community no longer provides bug fixes or security patches. This policy makes it critical for organizations to either upgrade to a supported version or secure an alternative support path.

Running an EOL version exposes systems to unpatched security vulnerabilities, compliance risks, and potential operational instability. Organizations have three primary paths forward: upgrading to a community-supported version (the recommended approach), engaging a third-party vendor for specialized EOL support, or utilizing extended support features offered by a managed database provider like AWS or Google Cloud. This guide details the risks and evaluates each of these options to help you make an informed decision.

Latest briefings on Postgres Extended-Support Options

Data
Keep Your Old PostgreSQL Database Secure for Longer
A new service from PGX offers security patches and bug fixes for old, unsupported versions of PostgreSQL. This helps companies that can't upgrade stay secure and maintain data integrity without a costly migration.
Taranpreet Singh · 6h ago
AI
Why Slack Moved Its AI to Multiple Clouds
Slack shared its four-phase journey from a single-cloud AI setup to a multi-cloud platform using both AWS Bedrock and Google Vertex AI. The move offers a valuable roadmap for companies seeking more flexible and resilient AI infrastructure.
Neeraj Dhiman · 9h ago
Infra
AWS Launches First Cloud Servers with PCIe 6.0
AWS is now the first cloud provider to offer servers with PCIe 6.0, beating rivals like Intel and AMD to the milestone. The new Graviton5 instances provide significantly faster data transfer for demanding workloads.
Ashish Kale · 20h ago
Infra
Why Azure Says Stop Blaming People for Outages
A post-mortem of Azure's 2023 global outage reveals a crucial lesson: "human error" is a myth. Engineering leaders should instead focus on fixing systemic flaws to build truly resilient systems and protect their teams from blame.
Ashish Kale · 2d ago
Infra
Azure Kubernetes Now Runs Demanding AI and Bare Metal
Microsoft has updated its Azure Kubernetes Service with new features for AI, bare metal servers, and managing multiple clusters. This helps teams run more demanding applications and simplifies large-scale operations on the cloud.
Ashish Kale · 2d ago
Data
Get Smarter Postgres Code Editing in Any Editor
A new open-source tool called postgres-lsp is now available for PostgreSQL developers. It provides advanced code editing features like error checking and auto-completion in any modern code editor, improving productivity and code quality.
Taranpreet Singh · 4d ago
Data
Test PostgreSQL Indexes Without Actually Building Them
HypoPG, a popular PostgreSQL extension for testing "hypothetical" indexes without the cost of building them, has a new update. Version 1.4.3 fixes a long-standing bug and adds early support for the upcoming PostgreSQL 19.
Taranpreet Singh · 4d ago
Infra
Keep Your Users Logged In During AWS Outages
Amazon Cognito now automatically copies user data to a backup region. This means if one AWS region fails, your application can still authenticate users from another, improving reliability and simplifying disaster recovery for developers.
Ashish Kale · 5d ago
Infra
Azure Adds AI Agents With No Cold Start
Azure Functions now has a serverless agents runtime in public preview. It lets developers build AI-powered automations without the usual cold start delays or extra costs on the Flex Consumption plan.
Ashish Kale · 6d ago
Infra
Amazon ECS Now Scales Your Apps Much Faster
Amazon ECS can now adjust application capacity much faster, thanks to new high-resolution metrics. This allows services to react to traffic spikes in seconds instead of minutes, improving performance and potentially lowering cloud costs.
Ashish Kale · 6d ago
Data
New Tool Makes PostgreSQL Code Easier to Compare
A code formatter for PostgreSQL, pgfmt, can now format code to match the standard pg_dump tool. This makes it much easier for developers to track and compare changes in database schemas.
Taranpreet Singh · 6d ago
Data
A Key PostgreSQL Performance Tool Gets an Update
The PostgreSQL Workload Analyzer (PoWA) project has released version 5.1.2 of its core tool, powa-archivist. This update provides incremental improvements for developers and IT teams who use it to monitor database performance.
Taranpreet Singh · 1w ago
Infra
AWS Now Lets You Bill AI Bots for Content
AWS WAF has a new feature that lets website owners charge AI bots for accessing their content. This allows publishers to create new revenue streams from AI traffic directly at the network edge, without any code changes.
Ashish Kale · 1w ago
Tech
The Next Big Battery Upgrade Isn't Solid-State
While solid-state batteries are still years away, a new gel-based electrolyte is making current lithium-ion batteries safer and more efficient. This technology offers a practical, near-term upgrade for everything from phones to electric vehicles.
Navdeep Kaur Mahal · 1w ago
Data
Autonomous Databases Won't Replace Your Team
Autonomous databases promise to manage themselves, but they won't eliminate the need for human experts. Percona's co-founder explains that while automation is transforming data management, human oversight and strategic input remain essential for success.
Taranpreet Singh · 1w ago
Data
PostgreSQL Anonymizer Now Offers Stronger Data Privacy
The new version of PostgreSQL Anonymizer introduces Local Differential Privacy, a sophisticated technique for data masking. This gives developers a more robust way to protect sensitive user information without compromising data utility.
Taranpreet Singh · 1w ago
Security
Ubuntu Patches Key PostgreSQL Flaws
Ubuntu has issued a security notice for two PostgreSQL vulnerabilities. The first flaw could allow an attacker to execute arbitrary SQL functions due to an authorization issue. The second could lead to a server crash or denial of service from mishandled large user inputs. Updates are available.
Neeraj Dhiman · 1w ago
AI
Enterprise Security Gets an AI Upgrade
Enterprise security is moving beyond traditional firewalls. The future involves AI-orchestrated defenses and hyper-segmented networks to contain threats more effectively. This shift represents a more sophisticated, proactive approach to protecting corporate data and infrastructure from increasingly advanced cyberattacks.
Neeraj Dhiman · 1w ago
Security
Appsmith Flaw Allows Code Injection
A stored cross-site scripting (XSS) vulnerability has been found in Appsmith's SQL query editor. Attackers with developer access to a shared PostgreSQL database can inject malicious code by creating specially named database objects. This code executes when the autocomplete feature is used by other users.
Neeraj Dhiman · 1w ago
Infra
Google Cloud Simplifies Maintenance Management
Google Cloud is introducing a new way to manage planned maintenance. Instead of tracking individual resource updates across many projects, teams can now view maintenance events in the context of their business services. This change aims to reduce operational overhead for platform and SRE teams.
Ashish Kale · 1w ago
Infra
AWS Launches Secure AI Agent Server
AWS has announced the general availability of its managed Model Context Protocol (MCP) server. The new service provides a secure, standardized interface for AI agents to interact with AWS APIs, documentation, and workflows, using IAM for governance without exposing broad credentials. It enhances security and auditability.
Ashish Kale · 1w ago
Security
Hackers Turn Cloud Servers Into a Secret Mail Network
A threat actor called PCPJack has hijacked over 230 servers on AWS, Google Cloud, and Azure. The compromised servers are being used to create a covert email relay network, turning them into proxies for sending mail.
Neeraj Dhiman · 1w ago
Security
Google Fights AI Threats With Its Own AI
Google has launched Google AI Threat Defense, an automated system to find and stop AI-powered cyberattacks. The new tool helps security teams respond faster to sophisticated threats before they can damage a business.
Neeraj Dhiman · 1w ago
Security
Claude Security Plugin, Azure Flaw Reported
A new security bulletin highlights several critical issues. Key reports include a new security plugin for the Claude AI model, a potential privilege escalation vulnerability in Microsoft Azure, and a technique for bypassing multi-factor authentication in Kali Linux environments. The bulletin also covers ongoing FIFA-themed scams.
Neeraj Dhiman · 1w ago
Security
Trailing Slash Bypassed AWS Authentication
A security researcher discovered that adding a trailing slash to AWS HTTP API paths could bypass Lambda authorizer authentication entirely. This critical vulnerability, caused by a path normalization mismatch, enabled unauthorized actions, including wire transfers at a fintech company, highlighting a significant security risk.
Neeraj Dhiman · 1w ago
Security
Critical Linux Kernel Flaw on Azure
A critical security update has been released for the Azure-specific Linux kernel. The update addresses several vulnerabilities, including a major flaw (CVE-2026-31431) that could allow an attacker to gain higher privileges or escape from a container. Teams operating on Azure should apply the patch immediately.
Neeraj Dhiman · 1w ago
Security
Azure Linux Flaw Could Let Attackers Escape Containers
Security researchers found critical vulnerabilities in the Azure-specific Linux kernel. These flaws could allow a local attacker to gain higher privileges or even break out of a container, posing a serious risk to cloud infrastructure security.
Neeraj Dhiman · 1w ago
Security
Critical Linux Kernel Flaw on Azure
A critical vulnerability, known as Copy Fail, has been found in the Linux kernel for Azure. The flaw affects cryptographic operations and could allow a local attacker to gain higher privileges or escape from a container, posing a significant security risk for cloud-based applications and infrastructure.
Neeraj Dhiman · 1w ago
Infra
Prepare for a Major Java Upgrade Crunch
Four major long-term support (LTS) versions of Java will all reach their end-of-support dates within a tight three-year window. This sets the stage for a future upgrade bottleneck for companies needing to maintain security and support.
Ashish Kale · 1w ago
AI
Azure Lets You Safely Run Risky AI Code
Microsoft Azure now offers sandboxes to safely run untrusted code from AI agents. The isolated environments start in under a second, scale massively, and cost nothing when idle, making AI experimentation much safer for developers.
Neeraj Dhiman · 1w ago

Frequently asked questions

What is the official PostgreSQL EOL policy?

The PostgreSQL community supports each major version for five years from its initial stable release date. After this five-year period, the version is considered end-of-life (EOL) and no longer receives minor releases containing bug fixes or security patches from the community.

What are the main risks of running an EOL Postgres version?

The primary risk is exposure to unpatched security vulnerabilities, which can lead to data breaches and non-compliance with regulations like PCI DSS or GDPR. You also lose access to community bug fixes, potentially causing database instability, and may face compatibility issues with newer applications or operating systems.

Is extended support from a cloud provider the same as community support?

No, they are different. Cloud provider extended support, such as Amazon RDS Extended Support, is a paid service that typically provides only critical security patches and bug fixes for a limited time past the community EOL date. It is designed as a temporary bridge to give you more time to plan an upgrade, not as a long-term replacement for a fully supported community version.

Is upgrading always the best option?

Upgrading to a community-supported major version is the officially recommended and most sustainable path. It ensures you receive all security patches, bug fixes, and new features directly from the community at no extra cost. While extended support is a valuable temporary solution, upgrading is the best long-term strategy for security, stability, and feature access.

Postgres Extended-Support Options

Latest briefings on Postgres Extended-Support Options

Data
Keep Your Old PostgreSQL Database Secure for Longer
A new service from PGX offers security patches and bug fixes for old, unsupported versions of PostgreSQL. This helps companies that can't upgrade stay secure and maintain data integrity without a costly migration.
Taranpreet Singh · 6h ago
AI
Why Slack Moved Its AI to Multiple Clouds
Slack shared its four-phase journey from a single-cloud AI setup to a multi-cloud platform using both AWS Bedrock and Google Vertex AI. The move offers a valuable roadmap for companies seeking more flexible and resilient AI infrastructure.
Neeraj Dhiman · 9h ago
Infra
AWS Launches First Cloud Servers with PCIe 6.0
AWS is now the first cloud provider to offer servers with PCIe 6.0, beating rivals like Intel and AMD to the milestone. The new Graviton5 instances provide significantly faster data transfer for demanding workloads.
Ashish Kale · 20h ago
Infra
Why Azure Says Stop Blaming People for Outages
A post-mortem of Azure's 2023 global outage reveals a crucial lesson: "human error" is a myth. Engineering leaders should instead focus on fixing systemic flaws to build truly resilient systems and protect their teams from blame.
Ashish Kale · 2d ago
Infra
Azure Kubernetes Now Runs Demanding AI and Bare Metal
Microsoft has updated its Azure Kubernetes Service with new features for AI, bare metal servers, and managing multiple clusters. This helps teams run more demanding applications and simplifies large-scale operations on the cloud.
Ashish Kale · 2d ago
Data
Get Smarter Postgres Code Editing in Any Editor
A new open-source tool called postgres-lsp is now available for PostgreSQL developers. It provides advanced code editing features like error checking and auto-completion in any modern code editor, improving productivity and code quality.
Taranpreet Singh · 4d ago
Data
Test PostgreSQL Indexes Without Actually Building Them
HypoPG, a popular PostgreSQL extension for testing "hypothetical" indexes without the cost of building them, has a new update. Version 1.4.3 fixes a long-standing bug and adds early support for the upcoming PostgreSQL 19.
Taranpreet Singh · 4d ago
Infra
Keep Your Users Logged In During AWS Outages
Amazon Cognito now automatically copies user data to a backup region. This means if one AWS region fails, your application can still authenticate users from another, improving reliability and simplifying disaster recovery for developers.
Ashish Kale · 5d ago
Infra
Azure Adds AI Agents With No Cold Start
Azure Functions now has a serverless agents runtime in public preview. It lets developers build AI-powered automations without the usual cold start delays or extra costs on the Flex Consumption plan.
Ashish Kale · 6d ago
Infra
Amazon ECS Now Scales Your Apps Much Faster
Amazon ECS can now adjust application capacity much faster, thanks to new high-resolution metrics. This allows services to react to traffic spikes in seconds instead of minutes, improving performance and potentially lowering cloud costs.
Ashish Kale · 6d ago
Data
New Tool Makes PostgreSQL Code Easier to Compare
A code formatter for PostgreSQL, pgfmt, can now format code to match the standard pg_dump tool. This makes it much easier for developers to track and compare changes in database schemas.
Taranpreet Singh · 6d ago
Data
A Key PostgreSQL Performance Tool Gets an Update
The PostgreSQL Workload Analyzer (PoWA) project has released version 5.1.2 of its core tool, powa-archivist. This update provides incremental improvements for developers and IT teams who use it to monitor database performance.
Taranpreet Singh · 1w ago
Infra
AWS Now Lets You Bill AI Bots for Content
AWS WAF has a new feature that lets website owners charge AI bots for accessing their content. This allows publishers to create new revenue streams from AI traffic directly at the network edge, without any code changes.
Ashish Kale · 1w ago
Tech
The Next Big Battery Upgrade Isn't Solid-State
While solid-state batteries are still years away, a new gel-based electrolyte is making current lithium-ion batteries safer and more efficient. This technology offers a practical, near-term upgrade for everything from phones to electric vehicles.
Navdeep Kaur Mahal · 1w ago
Data
Autonomous Databases Won't Replace Your Team
Autonomous databases promise to manage themselves, but they won't eliminate the need for human experts. Percona's co-founder explains that while automation is transforming data management, human oversight and strategic input remain essential for success.
Taranpreet Singh · 1w ago
Data
PostgreSQL Anonymizer Now Offers Stronger Data Privacy
The new version of PostgreSQL Anonymizer introduces Local Differential Privacy, a sophisticated technique for data masking. This gives developers a more robust way to protect sensitive user information without compromising data utility.
Taranpreet Singh · 1w ago
Security
Ubuntu Patches Key PostgreSQL Flaws
Ubuntu has issued a security notice for two PostgreSQL vulnerabilities. The first flaw could allow an attacker to execute arbitrary SQL functions due to an authorization issue. The second could lead to a server crash or denial of service from mishandled large user inputs. Updates are available.
Neeraj Dhiman · 1w ago
AI
Enterprise Security Gets an AI Upgrade
Enterprise security is moving beyond traditional firewalls. The future involves AI-orchestrated defenses and hyper-segmented networks to contain threats more effectively. This shift represents a more sophisticated, proactive approach to protecting corporate data and infrastructure from increasingly advanced cyberattacks.
Neeraj Dhiman · 1w ago
Security
Appsmith Flaw Allows Code Injection
A stored cross-site scripting (XSS) vulnerability has been found in Appsmith's SQL query editor. Attackers with developer access to a shared PostgreSQL database can inject malicious code by creating specially named database objects. This code executes when the autocomplete feature is used by other users.
Neeraj Dhiman · 1w ago
Infra
Google Cloud Simplifies Maintenance Management
Google Cloud is introducing a new way to manage planned maintenance. Instead of tracking individual resource updates across many projects, teams can now view maintenance events in the context of their business services. This change aims to reduce operational overhead for platform and SRE teams.
Ashish Kale · 1w ago
Infra
AWS Launches Secure AI Agent Server
AWS has announced the general availability of its managed Model Context Protocol (MCP) server. The new service provides a secure, standardized interface for AI agents to interact with AWS APIs, documentation, and workflows, using IAM for governance without exposing broad credentials. It enhances security and auditability.
Ashish Kale · 1w ago
Security
Hackers Turn Cloud Servers Into a Secret Mail Network
A threat actor called PCPJack has hijacked over 230 servers on AWS, Google Cloud, and Azure. The compromised servers are being used to create a covert email relay network, turning them into proxies for sending mail.
Neeraj Dhiman · 1w ago
Security
Google Fights AI Threats With Its Own AI
Google has launched Google AI Threat Defense, an automated system to find and stop AI-powered cyberattacks. The new tool helps security teams respond faster to sophisticated threats before they can damage a business.
Neeraj Dhiman · 1w ago
Security
Claude Security Plugin, Azure Flaw Reported
A new security bulletin highlights several critical issues. Key reports include a new security plugin for the Claude AI model, a potential privilege escalation vulnerability in Microsoft Azure, and a technique for bypassing multi-factor authentication in Kali Linux environments. The bulletin also covers ongoing FIFA-themed scams.
Neeraj Dhiman · 1w ago
Security
Trailing Slash Bypassed AWS Authentication
A security researcher discovered that adding a trailing slash to AWS HTTP API paths could bypass Lambda authorizer authentication entirely. This critical vulnerability, caused by a path normalization mismatch, enabled unauthorized actions, including wire transfers at a fintech company, highlighting a significant security risk.
Neeraj Dhiman · 1w ago
Security
Critical Linux Kernel Flaw on Azure
A critical security update has been released for the Azure-specific Linux kernel. The update addresses several vulnerabilities, including a major flaw (CVE-2026-31431) that could allow an attacker to gain higher privileges or escape from a container. Teams operating on Azure should apply the patch immediately.
Neeraj Dhiman · 1w ago
Security
Azure Linux Flaw Could Let Attackers Escape Containers
Security researchers found critical vulnerabilities in the Azure-specific Linux kernel. These flaws could allow a local attacker to gain higher privileges or even break out of a container, posing a serious risk to cloud infrastructure security.
Neeraj Dhiman · 1w ago
Security
Critical Linux Kernel Flaw on Azure
A critical vulnerability, known as Copy Fail, has been found in the Linux kernel for Azure. The flaw affects cryptographic operations and could allow a local attacker to gain higher privileges or escape from a container, posing a significant security risk for cloud-based applications and infrastructure.
Neeraj Dhiman · 1w ago
Infra
Prepare for a Major Java Upgrade Crunch
Four major long-term support (LTS) versions of Java will all reach their end-of-support dates within a tight three-year window. This sets the stage for a future upgrade bottleneck for companies needing to maintain security and support.
Ashish Kale · 1w ago
AI
Azure Lets You Safely Run Risky AI Code
Microsoft Azure now offers sandboxes to safely run untrusted code from AI agents. The isolated environments start in under a second, scale massively, and cost nothing when idle, making AI experimentation much safer for developers.
Neeraj Dhiman · 1w ago