After running apt upgrade on an Ubuntu 22.04 server, PostgreSQL jumped from version 16 to 17 without any warning. The server kept working fine, but the upgrade was unintentional.

Turns out this is expected behavior. The PostgreSQL apt repository provides the latest major versions, and the generic postgresql package follows whatever is newest. Version 17 had just been released, and apt pulled it in automatically.

Here’s what to do to prevent it from happening again:

1. Pin PostgreSQL to a specific version

Create or edit /etc/apt/preferences.d/pg_holding:

Package: postgresql-*
Pin: version 16.*
Pin-Priority: 1001

This tells apt to stick to the pinned version and ignore newer major releases.

2. Disable unattended upgrades

If unattended-upgrades is enabled, it can trigger upgrades in the background without any prompt. Disabling it gives full control over when upgrades run.

3. Use version-specific package names

Instead of the generic postgresql package, install postgresql-16 directly. That way apt only picks up minor version updates unless explicitly told otherwise.

Version pinning with version-specific packages is now the standard setup on any server where the database version matters.