PostgreSQL 13 will officially reach End-of-Life (EOL) on November 13, 2025. After this date, the PostgreSQL Global Development Group will stop releasing security patches and bug fixes for this version. That means if you’re still running PostgreSQL 13, you’ll soon be on your own with no updates, no community support, and growing security risks.
Why it matters
PostgreSQL’s strength comes from its active global community and continuous innovation. Version 13 introduced significant improvements, including parallel index vacuuming, B-tree deduplication, incremental sorting, and enhanced partitioning. However, newer versions (those from 14 to 18) have taken significant leaps in performance, scalability, and ease of use. If you haven’t planned your upgrade yet, now’s the time.
##…
PostgreSQL 13 will officially reach End-of-Life (EOL) on November 13, 2025. After this date, the PostgreSQL Global Development Group will stop releasing security patches and bug fixes for this version. That means if you’re still running PostgreSQL 13, you’ll soon be on your own with no updates, no community support, and growing security risks.
Why it matters
PostgreSQL’s strength comes from its active global community and continuous innovation. Version 13 introduced significant improvements, including parallel index vacuuming, B-tree deduplication, incremental sorting, and enhanced partitioning. However, newer versions (those from 14 to 18) have taken significant leaps in performance, scalability, and ease of use. If you haven’t planned your upgrade yet, now’s the time.
The risks of staying on PostgreSQL 13
1. Security vulnerabilities
A thing to remember is that once PostgreSQL 13 hits EOL, it will be the end of security patches released by the PostgreSQL Community. Any new vulnerabilities discovered will remain open unless you fix them yourself. Any unpatched CVEs provide attackers with a known entry point, which is why we often see the Security Team at the door of the DBA team if they linger too long with updating to the newest minor updates that introduce fixes for CVEs.
Hackers have been known to reverse-engineer patches from newer versions to specifically target older ones that did not have these patches available. That means that staying on an unpatched EOL system puts a target on your back.
2. Growing instability
As PostgreSQL evolves, older versions drift out of sync with the broader ecosystem.
- Extensions like PostGIS will stop supporting PostgreSQL 13 as they follow the same lifecycle as PostgreSQL Community does.
- Drivers and frameworks (such as JDBC, Npgsql, Hibernate, or Entity Framework) will lose compatibility.
- Backup, monitoring, and HA tools will focus on newer releases, making your setup unreliable and hard to maintain.
- This shows that while staying on an older version may be done due to “lack of time” reasons, what you end up with is more work and even less time due to the extra manual work you will be doing to retrofit solutions to an unsupported version.
3. Compliance & legal risks
Most security and privacy regulations now treat using EOL software as negligence.
- GDPR: Requires “state-of-the-art” security. One thing that’s certain – using EOL software fails that standard.
- PCI-DSS 4.0: From March 2025, mandates documented plans to retire EOL systems.
- HIPAA: Failing to patch known vulnerabilities can be a direct violation of the Security Rule.
In short, running PostgreSQL 13 past EOL can lead to audit failures, fines, and loss of cyber insurance coverage.
Often, we see that while DBA teams are ready to upgrade to the newest versions, they cannot due to a lack of priority on the application side of the business. This is where tools can be leveraged to demonstrate the size of the risk that the business accepts by not prioritizing the retirement of EOL versions within the ample timeframe. One such tool is the Why-upgrade tool, available on the website of its author. Users can list all the changes introduced since a given version and even filter for specific types of issues, such as CVEs. Leveraging such information with key business decision-makers and Security or Compliance teams allows organisations to make informed decisions about the risks they take on.
The opportunity: Upgrade and move forward
Upgrading isn’t just about avoiding risk; it’s also about maximizing opportunities. It’s also an opportunity to unlock significant performance, security, and productivity improvements. It’s no surprise that new major versions not only fix CVEs and bugs but also introduce advancements and new features**. **Versions 14 through 18 feature significant enhancements in query optimization, observability, concurrency, and developer tools. In PostgreSQL, all these features are available for free, are open source, and are community-supported.
See what’s new in particular versions:
Why waiting makes it worse
Delaying upgrades only adds technical debt that, at some point, will catch up with you:
- More things break: Each PostgreSQL version gap adds more breaking changes, and an upgrade later may land you with unexpected surprises.
- **Wasted time: **Developers waste time on workarounds instead of delivering value.
- **More effort: **Future upgrades become longer, riskier, and more expensive. You also need to worry about whether all your other tools and extensions will still function properly.
- Losing skills: Practically, what we see is that the DBAs and the organisation altogether become less and less confident to perform upgrades, as they delay
Upgrading now, from 13 to a modern release, is far simpler and safer than waiting until it’s urgent. If you need help planning an upgrade or are facing challenges, consider seeking expert or professional services, which can help you navigate the upgrade experience as smoothly as possible.
Final word
PostgreSQL 13 served us well, but its time is ending. Staying on it beyond November 2025 means higher risk, higher cost, and lower agility. Treat your upgrade not as maintenance, but rather as an investment in security, stability, and innovation.
The best time to start your PostgreSQL upgrade plan is today.