📊 HiddenMerit Daily · Issue 37

Focus on Database Frontiers, Practical Insights for DBAs June 5, 2026 ｜ 5 Selected Global Breaking News

01｜Microsoft Azure HorizonDB Launches Public Preview: A PostgreSQL Rebuilt for AI Agents, Storage Engine Rewritten in Rust

On June 2, at the Build 2026 conference keynote, Microsoft officially announced that Azure HorizonDB has entered public preview. This is a PostgreSQL‑compatible cloud database rebuilt from the ground up for agentic AI workloads, now available in 5 Azure regions globally.

HorizonDB is not a simple upgrade to Azure Database for PostgreSQL, but a completely new architectural design. Key technical points:

• “Database‑as‑a‑log” architecture: Transactions are committed directly to a shared WAL (Write‑Ahead Log) storage, achieving sub‑millisecond multi‑region commit latency and eliminating the multi‑step coordination overhead of traditional PostgreSQL.
• Rust storage engine: Microsoft explicitly chose Rust over C/C++ to eliminate memory safety vulnerabilities such as buffer overflows at the language level. This design is highly significant for unattended AI agent high‑frequency query scenarios.
• Storage‑compute separation: Storage automatically scales to 128TB, compute can scale to 3072 vCores, and supports up to 15 read replicas.
• DiskANN vector search: Natively embedded vector search capability, supporting vectors of up to 16,000 dimensions (far exceeding pgvector’s 2,000‑dimension limit), achieving near‑neighbour search on large‑scale disk‑resident datasets through spherical quantisation.
• Hybrid search: Simultaneously complete vector similarity search and full‑text retrieval within a single SQL statement – the standard retrieval pattern for RAG applications.
• In‑database AI functions (azure_ai extension): Directly invoke model inference within the PostgreSQL engine, eliminating the need for an external orchestration layer.

Currently, HorizonDB does not yet offer a serverless option – compute must be manually provisioned, with only storage auto‑scaling. Microsoft executives have confirmed this limitation, which may change in future versions.

• DBA Perspective: HorizonDB is Microsoft’s重磅 move in the “AI database” track. With this, all three major cloud vendors (AWS, Google, Azure) have completed their strategic layouts for AI‑native databases. HorizonDB’s Rust storage engine is particularly noteworthy – the choice of database kernel language is shifting from C/C++ to memory‑safe languages, a trend that may reshape database security baselines over the next 3‑5 years. When evaluating cloud databases, DBAs will find that AI‑native capabilities (vector search, in‑database inference) are upgrading from “nice‑to‑have” to “must‑have.”

• CTO Perspective: The core value of HorizonDB’s “database‑as‑a‑log” architecture is eliminating multi‑step coordination overhead to achieve sub‑millisecond multi‑region commit latency – a huge performance dividend for cross‑region AI agent applications. However, the lack of a serverless option is a notable limitation: compared to competitors such as AWS Aurora DSQL and CockroachDB that offer serverless options, HorizonDB still requires manual compute provisioning. CTOs must权衡 “architectural sophistication” against “operational automation” when selecting.

• Investor Perspective: Microsoft’s formal entry into the AI database track marks that all three major cloud vendors have completed their strategic layouts. Azure HorizonDB competes directly with AWS Aurora and Google AlloyDB. Microsoft emphasises security differentiation through its choice of Rust, and DiskANN technology comes from internal积累 at Microsoft Research. Investors should monitor the changing share of AI databases in cloud vendors’ revenue structures.

02｜Oracle June CSPU Preview: Quarterly CPU + Monthly CSPU Dual‑Track Operation, Net Service and REST Data Services Hardest Hit

On June 2, Oracle released its first monthly Critical Security Patch Update (CSPU), marking a shift from the traditional quarterly CPU model to a dual‑track mechanism of “quarterly CPU + monthly CSPU.” This CSPU fixes a total of 35 vulnerabilities, of which 11 are rated Critical, 18 High, and 6 Medium.

Oracle Database Server Net Service Component: CVE-2026-46833 (CVSS 9.0), affecting versions 23.4.0 to 23.26.2. Attack complexity is high, but it allows an unauthenticated attacker to compromise Net Service via network TLS access, and the attack may significantly impact other products (scope changed), potentially leading to full takeover of Net Service.

Oracle REST Data Services is the hardest hit area:

• CVE-2026-46840 (CVSS 10.0): Backend‑as‑a‑Service component, allowing an unauthenticated attacker to fully compromise the system via HTTPS.
• CVE-2026-46775 / CVE-2026-46839 (CVSS 9.9): Core components, allowing a low‑privilege attacker to fully control REST Data Services.
• CVE-2026-2332 (CVSS 9.1): Core (Eclipse Jetty) component, could lead to unauthorised addition, deletion, or modification of critical data.

Other affected products include Oracle Communications Unified Assurance (CVE-2026-33557 CVSS 9.1), Oracle Hospitality OPERA 5 (CVE-2026-34311 CVSS 9.8), and others.

Oracle stated that the monthly CSPU aims to provide “targeted, high‑priority security fixes in a smaller, more focused format, enabling patch application with minimal disruption.” Future CSPUs will be released on the third Tuesday of each month, with initial planned dates of June 16, July 21, August 18, and September 15. Oracle Cloud customers will receive patches automatically.

• DBA Perspective: The emergence of a CVSS 10.0 vulnerability, combined with REST Data Services being the hardest hit area, signals that the API security boundary of Oracle databases is under serious challenge. The affected versions (23.4.0 to 23.26.2) cover most current Oracle 23ai deployments. DBAs should immediately assess affected versions and set the CSPU patch to P0 priority. Particularly noteworthy is the “scope changed” characteristic of CVE-2026-46833 – an attack could extend from the database service to other affected products, giving this vulnerability a damage radius that may exceed expectations.

• CTO Perspective: Oracle’s shift to monthly updates represents a significant upgrade in security threat response speed. Technology decision‑makers need to assess the impact of monthly CSPUs on internal change management processes. It is recommended to establish a “monthly security baseline” mechanism, incorporating Oracle patches into CI/CD gates. At the same time, the concentrated爆发 of high‑score vulnerabilities in REST Data Services indicates that API gateway security is becoming a new focus of database protection.

• Investor Perspective: The continued rise in Oracle’s security maintenance costs may push enterprise customers to evaluate cloud‑native and open‑source alternatives. Investors should monitor the automated patch coverage of Oracle Cloud services, as well as customer feedback on “increased security operations complexity” – this could become a catalyst for changes in the database market competitive landscape.

03｜EDB Releases PGD 6.4: Distributed PostgreSQL Adds Quorum Commit, Targeting Bank‑Grade Strong Consistency

On June 4, EDB officially released version 6.4 of PostgreSQL Distributed (PGD). The core new feature is Quorum Commit, designed to enable PostgreSQL to meet the stringent distributed strong consistency requirements of critical industries such as banking, payments, and telecommunications.

How Quorum Commit works: Before a transaction commits, it performs pre‑commit coordination among cluster nodes. Unlike traditional replication, which only confirms that replicas have received the record, Quorum Commit ensures that conflicting concurrent writes are coordinated before the transaction completes. EDB uses a credit card payment scenario as an example – with the same credit card used simultaneously at different locations, under traditional replication, both transactions could pass local checks and be committed, with the institution handling overdrafts through after‑the‑fact reconciliation. With Quorum Commit, one transaction wins cluster consensus, and the other, seeing the updated balance, is rejected before completion.

PGD 6.4 also adds a built‑in connection pool, replacing the widely used pgBouncer in production environments and further reducing the number of deployment components. Additionally, the new version adds support for replicating PostgreSQL large objects – which is significant for industries such as government, healthcare, and finance that need to store scanned documents, image archives, and unstructured data in the same database as transaction records.

Jozef de Vries, EDB’s Senior Vice President, said: “Postgres has become the de facto standard for modern applications. But until now, organisations running high‑value workloads in banking, payments, telecommunications, and other fields have been forced to fall back on traditional enterprise RDBMS to meet their strongest consistency requirements. PGD 6.4 changes that.”

• DBA Perspective: Quorum Commit fills a critical gap for PostgreSQL in distributed strong consistency scenarios. For DBAs looking to migrate from Oracle to the open‑source ecosystem, this is significant good news – PostgreSQL can now meet bank‑grade strong consistency requirements. The introduction of a built‑in connection pool also reduces deployment complexity; DBAs no longer need to maintain pgBouncer alongside their cluster. For DBA teams managing large‑scale PostgreSQL clusters, every additional component means deployment, maintenance, and monitoring overhead, so the value of a built‑in solution is not negligible.

• CTO Perspective: The release of EDB PGD 6.4 makes PostgreSQL a viable option for financial core systems. EDB cites a Gartner prediction: by 2030, more than 75% of enterprises in Europe and the Middle East will move their workloads back to local jurisdictions. The data sovereignty trend, combined with PGD’s strong consistency capabilities, provides a new open‑source path for financial institutions’ database selection.

• Investor Perspective: By strengthening PostgreSQL’s distributed strong consistency capabilities through Quorum Commit, EDB is directly targeting Oracle’s core strongholds in banking, payments, and telecommunications. Gartner’s “workload repatriation” prediction (>75% of enterprises will move workloads back to local jurisdictions by 2030)叠加 with the data sovereignty trend will drive enterprises to reassess their database architectures. Commercial service providers in the PostgreSQL ecosystem are likely to continue benefiting from this process.

04｜Yingda Fund and Others See密集 Xinchuang Procurement: Financial Xinchuang Moves from “Peripheral Pilot” to “Core Replacement”

On June 2, the list of winning bidders for the second material public bidding of State Grid Yingda International Holding Group Co., Ltd. in 2026 was announced. The procurement involved several Xinchuang‑related projects:

• Yingda Fund – 2026 Domestic Xinchuang Database – Software Procurement Project: Winning supplier is Bei (Cheng) Xinchuang Technology (the original text did not fully display the name), with the procurement content explicitly being “domestic Xinchuang database”;
• Yingda Industrial Fund – 2026 Equity Investment Management System Software Procurement;
• Yingda Fund – 2026 Domestic Xinchuang Hyperconverged All‑in‑One Resource Expansion – Hardware Procurement Project.

Yingda Fund is part of the State Grid system, an important component of the energy industry’s financial sector. This follows the previous procurement cases of head brokers such as CITIC Securities and CITIC Construction Investment Securities, representing a new implementation case of financial Xinchuang replacement in the cross‑domain of “finance + energy.” Beijing Institute of Petrochemical Technology also completed a database procurement project worth RMB 4.005 million during the same period, covering academic database resources.

• DBA Perspective: Yingda Fund’s Xinchuang procurement indicates that the penetration of financial Xinchuang is expanding from “banking + securities” to broader financial sub‑sectors such as insurance, funds, and energy finance. DBAs whose skill储备 is not limited to a single industry – those with cross‑industry domestic database migration and operations experience – will be more competitive. Moreover, the “hyperconverged all‑in‑one + database” software‑hardware integrated procurement model is becoming the standard配置 for Xinchuang projects, requiring DBAs to also have hardware architecture evaluation capabilities.

• CTO Perspective: Yingda Fund’s parent company, State Grid Yingda, belongs to the State Grid system. The demonstration effect of its Xinchuang procurement will accelerate domestic replacement in the energy industry’s financial sector. The evolution of the procurement model from “single database procurement” to “database + hyperconverged all‑in‑one” software‑hardware integration means that Xinchuang replacement is moving from “software replacement” to “full‑stack重构.” When planning Xinchuang roadmaps, CTOs should consider the compatibility and long‑term evolution capabilities of software‑hardware integrated solutions in advance.

• Investor Perspective: The consecutive Xinchuang procurements by Yingda Fund (energy finance) and Beijing Institute of Petrochemical Technology (education) indicate that Xinchuang replacement has expanded from government and finance to a wider range of industries such as energy and education. This cross‑industry diffusion effect will significantly expand the market space for domestic database vendors. Vendors with “database + hyperconverged all‑in‑one” software‑hardware integrated delivery capabilities are likely to gain stronger order competitiveness in the deep‑water Xinchuang replacement.

05｜Kingware Releases 2026 Database White Paper: Defining Core System Replacement Methodology and New Selection Paradigm

CETC Kingware recently released the “2026 Database White Paper: Core System Evolution Strategy and Value重塑 Path,” systematically outlining the strategic framework and methodology for core system domestic replacement. The white paper’s core framework includes:

Value Model (Four Dimensions):

• Cost Reduction: Licensing costs reduced by over 40%, hardware costs reduced by 50%‑60%
• Efficiency Increase: Development cycles shortened by 30%, O&M manpower reduced by 70%
• Innovation: HTAP supports real‑time risk control/marketing, business iteration cycles from “months” to “weeks”
• Risk Control: Availability increased from 99.9% to 99.999%, supply chain断供 risk eliminated

Migration Methodology (Standardised Five‑Step Process): Assessment → Design → Migration → Verification → Operations, emphasising the “dual‑track operation, grey‑scale switchover” strategy.

New Government Cloud Selection Standards: The white paper points out that in 2026, government cloud database selection is shifting from the traditional standards of “high availability, strong consistency” to a重构 around “mixed workload capability” and “native intelligent adaptation.” Core considerations include: unified engine for vector search and structured queries, full‑stack Xinchuang adaptability, elastic scaling and high availability (RPO=0/RTO<30s), and intelligent O&M automation.

• DBA Perspective: Kingware’s white paper provides DBAs with a transformation framework “from executor to strategy definer.” The “standardised five‑step process” (Assessment → Design → Migration → Verification → Operations) can serve as the standard operating procedure for DBAs participating in core system migration projects. The “dual‑track operation, grey‑scale switchover” strategy is a key methodology DBAs must master for core system migration. Additionally, the white paper’s TCO quantification model (licensing costs ↓40%, hardware costs ↓50%‑60%) provides core arguments for DBAs when presenting selection plans to technology decision‑makers.

• CTO Perspective: Kingware’s white paper elevates core system replacement from a “technical problem” to a “strategic problem.” The value model (Cost Reduction, Efficiency Increase, Innovation, Risk Control) provides CTOs with a quantitative framework for presenting Xinchuang investment to boards. The judgment that government cloud selection standards are重构 from “usable” to “intelligent computing” closely aligns with the government Xinchuang trends we have reported in previous issues. The white paper’s emphasis on “full‑stack Xinchuang adaptability” and “automated migration toolchains” should serve as core capability indicators for CTOs evaluating domestic database suppliers.

• Investor Perspective: Kingware’s transformation from a “product supplier” to a “methodology exporter” is a sign of the maturity of the domestic database industry. The white paper’s publication of new government cloud selection standards is essentially a process of defining industry rules – vendors with the ability to “define standards” will gain stronger pricing power in the deep‑water Xinchuang replacement. The TCO optimisation data cited in the white paper (45%‑55% reduction over a 5‑year cycle) provides a quantitative basis for the business value of domestic database replacement, helping the capital market understand the true economic benefits of Xinchuang replacement.

📅 Recent Database Hot Topics Recap

📌 Issue Summary

HiddenMerit Team Production Slogan: 绩优隐于内，金石启新程 | Hidden deep. Merit bold. Forge ahead.