Two checkpoint-adjacent parameters paired by alphabetical proximity rather than topical kinship. checkpoint_flush_after is the third of the four *_flush_after writeback parameters; checkpoint_warning is a logging knob that emits a complaint when checkpoints fire too frequently. Different jobs, different audiences, but neither needs 400 words of its own.

pgvector 0.8.2 is out. It fixes CVE-2026-3172, a heap buffer overflow in parallel HNSW index builds that can leak data from other relations or crash the backend. If you run pgvector and have it pinned to a version below 0.8.2, upgrade. If you are on a managed provider, check which pgvector version they actually ship — a non-trivial number of

The C cluster opens with the first two checkpoint parameters. We take them out of alphabetical order because checkpoint_completion_target is defined as a fraction of checkpoint_timeout and is unintelligible without it. The alphabet can wait one post.

It’s a heap out-of-bounds write that an unprivileged role can reach over an ordinary database connection, with a plausible path to arbitrary code execution as the OS user running the backend. CVSS 8.8. Fixed in 18.4, 17.10, 16.14, 15.18, and 14.23, which shipped yesterday. If you maintain a PostgreSQL deployment, the upgrade window for this one is shorter than your

A parameter most operators have never knowingly used, even though every PostgreSQL dump file they have ever inspected sets it. check_function_bodies controls whether PostgreSQL validates the body of a CREATE FUNCTION or CREATE PROCEDURE at creation time. Default on. Context is user.

The Table Access Method API has been in PostgreSQL since version 12. For most of that time it has been a quiet piece of infrastructure with very little extension activity attached to it — the kind of API that gets a paragraph in the docs, an enthusiastic conference talk, and then five years of silence.

That is changing.

bytea_output controls how PostgreSQL formats binary data when sending it to a client. Two values: hex (the default since PostgreSQL 9.0, released in 2010) and escape (the traditional format, dating back to the early 2000s). Context is user. The parameter affects output only — bytea input has accepted both formats forever, and a SET bytea_output setting changes nothing about

PgBouncer 1.25.2 shipped on May 8 with four new CVEs. The one you actually need to care about is CVE-2026-6664: an integer overflow in the SCRAM authentication packet parser. It is reachable before authentication. A malformed packet crashes the process.

Anything that can open a TCP connection to PgBouncer can take PgBouncer down.

A short post about two parameters that were a charming idea in 2002 and have aged into a curiosity.

bonjour, when on, makes the PostgreSQL server advertise itself on the local network via Apple’s Bonjour service-discovery protocol (mDNS/DNS-SD). bonjour_name sets the name under which it advertises, defaulting to the computer’s hostname. Both are postmaster context — change

The PostgreSQL 19 first beta is imminent. Feature freeze hit on April 8, the PG19-Final commitfest closed on April 9, and the release notes are well into draft on pgsql-hackers. The headline list will include SQL/PGQ graph queries, and every other preview post is going to lead with them. I am not going to.

There are four other