---
title: Improved connection security, easier Cursor MCP integration, simpler RLS with Neon Auth, and more
---

## One-click install: Neon MCP Server in Cursor

You can now add the [Neon MCP Server](https://github.com/neondatabase-labs/mcp-server-neon) to Cursor with a single click. Look for the **Add to Cursor** button in our [MCP Server docs](/docs/ai/connect-mcp-clients-to-neon#cursor) and in the [GitHub repo](https://github.com/neondatabase-labs/mcp-server-neon), or try it here:

<a href="cursor://anysphere.cursor-deeplink/mcp/install?name=Neon&config=eyJ1cmwiOiJodHRwczovL21jcC5uZW9uLnRlY2gvc3NlIn0%3D" style={{display: 'inline-block'}}>
<img src="https://cursor.com/deeplink/mcp-install-dark.svg" alt="Add to Cursor" style={{height: '32px', verticalAlign: 'middle', margin: '0'}} />
</a>

## Enhanced connection security with channel binding

Connection strings and snippets in the Neon Console now include `channel_binding=require` by default, providing stronger protection against man-in-the-middle (MITM) attacks for `psql` and other libpq-based clients:

```bash shouldWrap
postgresql://alex:AbC123dEf@ep-cool-darkness-a1b2c3d4-pooler.us-east-2.aws.neon.tech/dbname?sslmode=require&channel_binding=require
```

Channel binding works alongside `sslmode=require` to cryptographically link your TLS connection and authentication credentials, making it nearly impossible for attackers to intercept or impersonate your database connections, strengthening security without required client-side root certificate setup.

Most libpq-based clients support this option transparently. For others (e.g., Go's `pgdriver`), compatibility may vary.

> We recommend updating your connection strings to include `channel_binding=require` if you're using a libpq-based client.

Learn more in our blog post: [Why Postgres needs better connection security defaults](https://neon.com/blog/postgres-needs-better-connection-security-defaults).

## Simplified Neon RLS setup for Neon Auth projects

We've made it easier for you to set up Neon RLS (Row Level Security) for your Neon Auth projects. The Auth page now displays your Stack Auth project details, including the JWKS URL needed for RLS setup.

![Stack Auth project details in Neon Console](/docs/changelog/neon_auth_jwks.png)

To get started adding RLS to your Neon Auth project:

1. Copy the JWKS URL from the **Configuration** tab of your Auth page.
1. Paste it into the RLS authentication provider setup on the **Settings > RLS** for your project.
1. Follow our UI to get RLS set up for your tables.

See [Neon RLS](/docs/guides/neon-rls) for more info.

## New NAT gateway IP addresses

We've added new NAT gateway IP addresses in three AWS regions to expand infrastructure capacity. If you have external IP allowlists that enable connections from external services into Neon, **update those allowlists soon to include the new addresses** to avoid connectivity issues.

### New IP addresses

**AWS US East (N. Virginia) – `aws-us-east-1`**

- 13.219.161.141
- 34.235.208.71
- 34.239.66.10

**AWS US East (Ohio) – `aws-us-east-2`**

- 3.16.227.37
- 3.128.6.252
- 52.15.165.218

**AWS US West (Oregon) – `aws-us-west-2`**

- 35.83.202.11
- 35.164.221.218
- 44.236.56.140

See our [Regions documentation](/docs/introduction/regions#aws-nat-gateway-ip-addresses) for the full list of NAT gateway IPs.

## Support for Postgres Event Triggers

The `neon_superuser` role now supports Postgres [Event Triggers](https://www.postgresql.org/docs/current/event-triggers.html). Unlike regular triggers, which are attached to a single table and capture only DML events, event triggers are global to a particular database and are capable of capturing DDL events.

Event trigger support enables various tools and platforms that utilize this functionality, including [pgroll](https://pgroll.com/), [Zero](https://zero.rocicorp.dev/), and [Readyset](https://readyset.io/), among others.

For more about event triggers, see [PostgreSQL Event Trigger](/postgresql/postgresql-triggers/postgresql-event-trigger).

## Neon Launchpad now supports database seeding

> Neon Launchpad enables instant provisioning of a Postgres database without configuration or account creation. If you're not familiar, you can learn more here: [Neon Launchpad: A Tool For Instant Postgres, No Login Needed](https://neon.com/blog/neon-launchpad)

[Neon Launchpad](/docs/reference/neon-launchpad) now supports database seeding, allowing developers to automatically populate databases with SQL scripts during database initialization. This feature streamlines the development workflow by enabling instant database setup with sample data. The seeding capability is also available through the Vite plugin integration, making it accessible in Vite-based projects.

To try it from your terminal:

```bash
npx neondb --seed /path/to/file.sql
```

For more details, see:

- [Neondb CLI Changelog](https://github.com/neondatabase/neondb-cli/blob/main/packages/neondb/CHANGELOG.md)
- [Vite Plugin Changelog](https://github.com/neondatabase/neondb-cli/blob/main/packages/vite-plugin-postgres/CHANGELOG.md)

## Scheduled maintenance for Business and Enterprise plans

As announced earlier, we're rolling out scheduled updates that include Postgres version upgrades, security patches, and Neon feature improvements.

These updates are applied during your project's maintenance window or the next time the compute restarts. Most updates take only a few seconds.

Updates for Business amd Enterprise plan projects will begin rolling out on **July 9, 2025** — you'll receive an email notice for updates 7 days in advance. You can also check for update notices and configure your preferred update window in the Neon Console — [learn how](/docs/manage/updates#updates-on-paid-plans).

![Paid plan updates UI](/docs/manage/paid_plan_updates.png)

> Computes larger than 8 CU or those configured to autoscale beyond 8 CU are not updated automatically. You must restart these computes manually. See [Updating large computes](/docs/manage/updates#updating-large-computes).

To apply updates ahead of schedule, see [Applying updates ahead of schedule](/docs/manage/updates#applying-updates-ahead-of-schedule).

Need help? Reach out to [Neon Support](https://console.neon.tech/app/projects?modal=support).

<details>

<summary>**Fixes & improvements**</summary>

- **Neon Console**
  - Fixed autoscaling configuration errors that could sometimes occur after plan downgrade.

- **Neon API**
  - Added support for naming compute endpoints using a new `name` parameter in create and update operations:

    ```bash
    curl -X POST 'https://console.neon.tech/api/v2/projects/your-project-id/endpoints' \
      -H 'Authorization: Bearer $NEON_API_KEY' \
      -H 'Content-Type: application/json' \
      -d '{
        "endpoint": {
          "name": "Production API", // [!code highlight]
          "branch_id": "br-your-branch-id"
        }
      }'
    ```

  - Added OAuth provider management endpoints for Neon Auth projects (Google, GitHub, Microsoft support)
    - [`POST /projects/{project_id}/auth/oauth_providers`](https://api-docs.neon.tech/reference/addneonauthoauthprovider) - Add new providers

    - [`GET /projects/{project_id}/auth/oauth_providers`](https://api-docs.neon.tech/reference/listneonauthoauthproviders) - List configured providers

  - Improved API documentation for project management endpoints to clarify organization and `org_id` parameter requirements. See [Personal vs organization API keys](/docs/manage/orgs-api#personal-vs-organization-api-keys) for details.

- **Fixes**
  - PgBouncer connections from the Neon proxy were not immediately closed when a compute was suspended. This left connections open until the TCP timeout expired, causing connection issues. Connections are now cleanly terminated when a compute suspends.

</details>