Crunchy Postgres for Kubernetes 5.5.x Release notes
Release notes for each of the 5.5.x releases.
Component versions
Crunchy Postgres for Kubernetes | Postgres | pgBackRest | pgbouncer | Patroni | pgadmin |
---|---|---|---|---|---|
5.5.4 | 16.4 | 2.53.1 | 1.23 | 3.3.3 | 4.30, 8.12 |
5.5.3 | 16.4 | 2.52.1 | 1.22 | 3.1.2 | 4.30, 8.10 |
5.5.2 | 16.3 | 2.51 | 1.22 | 3.1.2 | 4.30, 8.6 |
5.5.1 | 16.2 | 2.49 | 1.21 | 3.1.2 | 4.30, 7.8 |
5.5.0 | 16.1 | 2.47 | 1.21 | 3.1.1 | 4.30, 7.8 |
Postgres extension versions
Crunchy Postgres for Kubernetes version | PostGIS | pgRouting | pgaudit | pg_cron | pg_partman | pgnodemx | set_user | wal2json | TimescaleDB | orafce | pgvector |
---|---|---|---|---|---|---|---|---|---|---|---|
5.5.4 | 2.5.11 (earliest) 3.4.2(latest) | 2.6.3 (earliest) 3.4.3 (latest) | 1.4.3 (earliest) 16.0 (latest) | 1.6.4 | 5.1.0 | 1.7 | 4.1.0 | 2.6 | 2.17.0 | 4.10.3 | 0.7.4 |
5.5.3 | 2.5.11 (earliest) 3.4.2 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.4.3 (earliest) 16.0 (latest) | 1.6.2 | 5.1.0 | 1.6 | 4.0.1 | 2.5 | 2.15.3 | 4.10.3 | 0.7.3 |
5.5.2 | 2.5.11 (earliest) 3.4.2 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.4.3 (earliest) 16.0 (latest) | 1.6.2 | 5.1.0 | 1.6 | 4.0.1 | 2.5 | 2.14.2 | 4.9.4 | 0.7.0 |
5.5.1 | 2.5.9 (earliest) 3.4.0 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.4.3 (earliest) 16.0 (latest) | 1.6.2 | 5.0.1 | 1.6 | 4.0.1 | 2.5 | 2.13.0 | 4.9.1 | 0.6.0 |
5.5.0 | 2.4.10 (earliest) 3.4.0 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.3.4 (earliest) 16.0 (latest) | 1.6.0 | 5.0.0 | 1.6 | 4.0.1 | 2.5 | 2.12.2 | 4.7.0 | 0.5.1 |
A bold version number indicates that the component version was updated in latest release.
5.5.4
Features
- You can now easily enable or disable CPK feature gates via values.yaml settings when installing CPK via Helm. Contributed by Daniel Holmes (@jaitaiwan)
Changes
- PostGIS version 3.4.3 is now available.
- Patroni is now at version 3.3.3.
- pgBackrest is now at version 2.53.1.
- pgBouncer is now at version 1.23.1.
- pgMonitor is now at version 5.1.1.
- pgAdmin is now at version 8.12.
- The pg_cron extension is now at version 1.6.4.
- The pgvector extension is now at version 0.7.4.
- The pgnodemx extension is now at version 1.7.
- The TimescaleDB extension is at version 2.17.0 for PG 17, 16, 15, and 14.
- pgAdmin and pgBackRest images have
tar
as required by thekubectl cp
command.
Fixes
- Standalone pgAdmin failed in certain ARM environments
5.5.3
Changes
- PostgreSQL versions 16.4, 15.8, 14.13, 13.16, and 12.20 are now available.
- The pgvector extension is now at version 0.7.3.
- The orafce extension is now at version 4.10.3.
- The TimescaleDB extension is at version 2.15.3 for PG 16, 15, and 14.
- When migrating from Timescale DB 2.14.x you must run this SQL script after you run
ALTER EXTENSION
. For more details, see the following pull request #6797.
- When migrating from Timescale DB 2.14.x you must run this SQL script after you run
5.5.2
Features
- Warn when a
PASSWORD
option is included inspec.users.options
. - pgAdmin v8 is now supported by the Namespace-Scoped PGAdmin API.
Changes
- PostgreSQL versions 16.3, 15.7, 14.12, 13.15, and 12.19 are now available.
- PostGIS versions 3.4.2, 3.3.6, 3.2.7, 3.1.11, 3.0.11, and 2.5.11 are now available.
- pgAdmin v8.6 is now available.
- pgBackRest is now at version 2.51.
- pgBouncer is now at version 1.22.1.
- The orafce extension is now at version 4.9.4.
- The pg_partman extension is now at version 5.1.0 for PG 16, 15 and 14.
- The pgvector extension is now at version 0.7.0.
- The TimescaleDB extension is now at version 2.14.2 for PG 16, 15, 14, and 13.
- The
postgres-operator
image now uses UBI Minimal.
Notable Security Fixes
Crunchy PostgreSQL 16.3-0, 15.7-0, and 14.12-0 include:
-
Restrict visibility of
pg_stats_ext
andpg_stats_ext_exprs
entries to the table owner.These views failed to hide statistics for expressions that involve columns the accessing user does not have permission to read. View columns such as
most_common_vals
might expose security-relevant data. The potential interactions here are not fully clear, so in the interest of erring on the side of safety, make rows in these views visible only to the owner of the associated table.By itself, this fix will only fix the behavior in newly initdb'd database clusters. If you wish to apply this change in an existing cluster, you will need to do the following:
-
Find the SQL script
fix-CVE-2024-4317.sql
in the share directory of the PostgreSQL installation. In Crunchy Data's PostgreSQL 16 RPM packages, the script can be found in folder/usr/pgsql-16/share/
after installing thepostgresql16-server
RPM. Be sure to use the script appropriate to your PostgreSQL major version. If you do not see this file, either your version is not vulnerable (only v14-v16 are affected) or your minor version is too old to have the fix. -
In each database of the cluster, run the
fix-CVE-2024-4317.sql
script as superuser. In psql this would look like\i /usr/pgsql-16/share/fix-CVE-2024-4317.sql
(adjust the file path as appropriate). Any error probably indicates that you've used the wrong script version. It will not hurt to run the script more than once.
-
Do not forget to include the
template0
andtemplate1
databases, or the vulnerability will still exist in databases you create later. To fixtemplate0
, you'll need to temporarily make it accept connections. Do that with:ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
and then after fixing
template0
, undo it withALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
-
5.5.1
Fixes
- Only load
datasource.pgbackrest.configuration
when performing a cloud based restore. - Queue an event based on instance Patroni ‘master’ role change
- The pgAdmin controller now owns any objects it creates
- pgAdmin can now be accessed from Kubernetes networks by default
- Allow numeric characters in pgAdmin config settings. Contributed by Roman Gherta (@rgherta).
Changes
- PostgreSQL versions 16.2, 15.6, 14.11, 13.14, and 12.18 are now available.
- pgBackRest is now at version 2.49.
- patroni is now at version 3.1.2.
- pgMonitor is now at version 4.11.
- The orafce extension is now at version 4.9.1.
- The pg_cron extension is now at version 1.6.2.
- The pg_partman extension is now at version 5.0.1 for PG 16, 15 and 14.
- The pgvector extension is now at version 0.6.0.
- The TimescaleDB extension is now available for PG 16. The extension is at version 2.13.0 for PG 16, 15, 14, and 13.
5.5.0
Features
- The monitoring stack has undergone a number of significant improvements in 5.5, including:
- Transitioning the
crunchy-postgres-exporter
image into a component container, thereby decoupling it from thepostgres-operator
. - The ability to append custom exporter queries to the default queries provided by Crunchy Postgres for Kubernetes.
- You can now monitor your standby clusters by editing the
ccp_monitoring
password. - Postgres 16 support!
- Transitioning the
- We added a new API for pgAdmin 4, which allows you to create a single pgAdmin 4 to manage multiple clusters in a namespace! This new API also comes with a new image containing the latest version of pgAdmin 4.
Changes
- When specified, the
citus
extension is loaded before othershared_preload_libraries
. - You can reduce metrics to those provided by pgMonitor by setting the
postgres-operator.crunchydata.com/postgres-exporter-collectors
annotation toNone
. - PostgreSQL versions 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22 are now available.
- As of February, 2023, public builds will offer the latest PG 16 and 15.
- pgBouncer is now at version 1.21.0.
- The orafce extension is now at version 4.7.0.
- The pg_partman extension is now at version 5.0.0 for PG 16, 15 and 14.
- The pgAudit16 extension is now at version 16.0.
- The pgvector extension is now at version 0.5.1.
- The TimescaleDB extension now at version 2.12.2 for PG 15, 14 and 13, version 2.11.2 for PG 12 and version 2.3.1 for PG 11.
- DNS names for the replica service have been added to the certificates generated for the PostgresCluster to facilitate TLS connections between pgBouncer and read replicas. Contributed by Scott Zelenka (@szelenka)