1
Redshift investigative white papers here; https://www.redshift-observatory.ch/white_papers/index.html
Redshift replacement system tables here; https://github.com/MaxGanzII/redshift-observatory.ch
https://www.redshift-observatory.ch/slblog/2026-01.html
I am an Amazon Redshift specialist.
I know of an issue with Redshift such that any user who can create a table and issue a query on that table is able, with normal but specially crafted table and query, to crash the cluster about ten seconds after the query is issued.
I reported this to HackerOne as a vulnerability, providing the DDL for the table and the SQL for the query.
HackerOne triage (not AWS) have come back with;
> We are happy to review this further if you are able to leverage this into a practical exploitation scenario that results in an impact to Amazon assets or data. [Your] report will be closed as Informative.
Which is not what I expected.
I am thinking I have misunderstood something fundamental.
Can anyone here with experience or knowledge in this matter provide advice?
Most recent update two days ago, on the 15th April.
You can now see for yourselves, directly and visually, the variations in performance of each node type across regions and over time - the region wide upgrades (and occasional downgrades).
https://www.redshiftresearchproject.org/cross_region_benchmarks/index.html
Current maintenance release is from 27th Jan - and today is 19th April!
But we've had now no new release on current since 1st March, a big long gap.
https://www.redshiftresearchproject.org/redshift_version_tracker/index.html