Postgres Weekly — 2026-03, Week 13
Editor’s Note
This week’s developments center on improving PostgreSQL’s integration with modern application stacks. Native JSON export formats, TypeScript runtime support, and tenant-aware observability tooling all respond to operational patterns emerging from SaaS and serverless architectures.
Top Stories
Native JSON Export Arrives in PostgreSQL 19
PostgreSQL 19 introduces native JSON output for the COPY TO command, generating NDJSON format with one JSON object per line. This capability aligns with growing ecosystem demand for improved JSON handling, particularly in analytical workflows where tools like Breathe-Memory and ragbandit already combine PostgreSQL with pgvector for vector storage and retrieval. The new export path simplifies data movement from relational storage into systems expecting JSON-serialized records without intermediate transformation layers. Details are available in the official documentation announcement.
TypeScript Functions Running Inside Postgres
An alpha extension called pg_typescript now enables developers to write server-side functions in TypeScript, executing them via the Deno runtime. The extension, built with Rust using pgrx, supports npm package imports, async/await syntax, and fine-grained control over filesystem and network access through GUC parameters. Sandboxing isolates execution contexts, and callbacks into Postgres provide integration with database internals. This addresses the gap left by plv8 for teams adopting modern JavaScript toolchains. The extension is available on GitHub.
Per-Tenant Query Attribution for SaaS Workloads
Multi-tenant deployments on shared PostgreSQL instances face attribution challenges that standard monitoring tools do not resolve. FaultWall addresses this by polling pg_stat_statements every 10 seconds to map queries to tenants using schema detection, then exposing per-tenant QPS, P50/P95/P99 latencies, and cost metrics. The tool includes automatic throttling via pg_terminate_backend() when thresholds are breached. This pattern becomes critical when concurrent user loads trigger parallel query execution far beyond available vCPU capacity—official guidance notes that a two-second query serving 4,000 users concurrently would require 67 parallel executions. More on the implementation is at the FaultWall repository.
Logical Replication Exclusion Lists Gain Mutability
Following the introduction of CREATE PUBLICATION EXCEPT TABLE, PostgreSQL 19 now allows ALTER PUBLICATION to modify exclusion lists for logical replication. This change simplifies operational workflows where replication topology evolves without recreating publication objects. Community tooling around change data capture continues to expand in parallel; pg_duckpipe added transparent query routing, append-only changelogs, and partitioned table support this month. The feature is documented in Depesz’s coverage.
Releases
The PostgreSQL RPM repository now includes support for openSUSE Leap 16.0. AWS announced serverless Aurora PostgreSQL database creation in seconds, reducing provisioning latency for ephemeral environments.
Security and Compliance
An analysis of 1,808 Model Context Protocol servers identified security findings in 66 percent of implementations, 30 CVEs in 60 days, and malware in 76 published skills. PostgreSQL MCP servers exemplify the risk: lacking granular permissions, they expose DELETE and DROP TABLE operations alongside read-only queries in an all-or-nothing access model. Aerostack published a mitigation approach using per-tool toggles and proxy-layer enforcement. Full details are in Aerostack’s analysis.
Worth Reading
Oracle and SQL Server to PostgreSQL migration tooling gotchas no one warns you about
PostgreSQL high availability on OCI: why your failover passes every test but breaks in production
Rust and Postgres: everything you need to know
Java bulk insert to PostgreSQL benchmark, including DuckDB and Apache Arrow paths