PostgreSQL 13 will officially reach End-of-Life (EOL) on November 13, 2025. After this date, the PostgreSQL Global Development Group will stop releasing security patches and bug fixes for this version. That means if you’re still running PostgreSQL 13, you’ll soon be on your own with no updates, no community support, and growing security risks.
PostgreSQL’s strength comes from its active global community and continuous innovation. Version 13 introduced significant improvements, including parallel index vacuuming, B-tree deduplication, incremental sorting, and enhanced partitioning. However, newer versions (those from 14 to 18) have taken significant leaps in performance, scalability, and ease of use. If you haven’t planned your upgrade yet, now’s the time.
A thing to remember is that once PostgreSQL 13 hits EOL, it will be the end of security patches released by the PostgreSQL Community. Any new vulnerabilities discovered will remain open unless you fix them yourself. Any unpatched CVEs provide attackers with a known entry point, which is why we often see the Security Team at the door of the DBA team if they linger too long with updating to the newest minor updates that introduce fixes for CVEs.
Hackers have been known to reverse-engineer patches from newer versions to specifically target older ones that did not have these patches available. That means that staying on an unpatched EOL system puts a target on your back.
As PostgreSQL evolves, older versions drift out of sync with the broader ecosystem.
Most security and privacy regulations now treat using EOL software as negligence.
In short, running PostgreSQL 13 past EOL can lead to audit failures, fines, and loss of cyber insurance coverage.
Often, we see that while DBA teams are ready to upgrade to the newest versions, they cannot due to a lack of priority on the application side of the business. This is where tools can be leveraged to demonstrate the size of the risk that the business accepts by not prioritizing the retirement of EOL versions within the ample timeframe. One such tool is the Why-upgrade tool, available on the website of its author. Users can list all the changes introduced since a given version and even filter for specific types of issues, such as CVEs. Leveraging such information with key business decision-makers and Security or Compliance teams allows organisations to make informed decisions about the risks they take on.
Upgrading isn’t just about avoiding risk; it’s also about maximizing opportunities. It’s also an opportunity to unlock significant performance, security, and productivity improvements. It’s no surprise that new major versions not only fix CVEs and bugs but also introduce advancements and new features. Versions 14 through 18 feature significant enhancements in query optimization, observability, concurrency, and developer tools. In PostgreSQL, all these features are available for free, are open source, and are community-supported.
See what’s new in particular versions:
Delaying upgrades only adds technical debt that, at some point, will catch up with you:
Upgrading now, from 13 to a modern release, is far simpler and safer than waiting until it’s urgent. If you need help planning an upgrade or are facing challenges, consider seeking expert or professional services, which can help you navigate the upgrade experience as smoothly as possible.
PostgreSQL 13 served us well, but its time is ending. Staying on it beyond November 2025 means higher risk, higher cost, and lower agility. Treat your upgrade not as maintenance, but rather as an investment in security, stability, and innovation.
The best time to start your PostgreSQL upgrade plan is today.
