Crunchy Postgres for Kubernetes 5.4.x Release notes
Release notes for each of the 5.4.x releases.
Component versions
Crunchy Postgres for Kubernetes | Postgres | pgBackRest | pgbouncer | Patroni | pgadmin |
---|---|---|---|---|---|
5.4.7 | 16.4 | 2.52.1 | 1.22 | 3.1.2 | 4.30 |
5.4.6 | 16.3 | 2.51 | 1.22 | 3.1.2 | 4.30 |
5.4.5 | 16.2 | 2.49 | 1.21 | 3.1.2 | 4.30 |
5.4.4 | 16.1 | 2.47 | 1.21 | 3.1.1 | 4.30 |
5.4.3 | 16.0 | 2.47 | 1.19 | 3.1.1 | 4.30 |
5.4.2 | 15.4 | 2.47 | 1.19 | 3.1.0 | 4.30 |
5.4.1 | 15.3 | 2.45 | 1.19 | 2.1.7 | 4.30 |
5.4.0 | 15.3 | 2.45 | 1.19 | 2.1.7 | 4.30 |
Postgres extension versions
Crunchy Postgres for Kubernetes version | PostGIS | pgRouting | pgaudit | pg_cron | pg_partman | pgnodemx | set_user | wal2json | TimescaleDB | orafce | pgvector |
---|---|---|---|---|---|---|---|---|---|---|---|
5.4.7 | 2.5.11 (earliest) 3.4.2 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.4.3 (earliest) 16.0 (latest) | 1.6.2 | 5.1.0 | 1.6 | 4.0.1 | 2.5 | 2.15.3 | 4.10.3 | 0.7.3 |
5.4.6 | 2.5.11 (earliest) 3.4.2 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.4.3 (earliest) 16.0 (latest) | 1.6.2 | 5.1.0 | 1.6 | 4.0.1 | 2.5 | 2.14.2 | 4.9.4 | 0.7.0 |
5.4.5 | 2.5.9 (earliest) 3.4.0 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.4.3 (earliest) 16.0 (latest) | 1.6.2 | 5.0.1 | 1.6 | 4.0.1 | 2.5 | 2.13.0 | 4.9.1 | 0.6.0 |
5.4.4 | 2.4.10 (earliest) 3.4.0 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.3.4 (earliest) 16.0 (latest) | 1.6.0 | 5.0.0 | 1.6 | 4.0.1 | 2.5 | 2.12.2 | 4.7.0 | 0.5.1 |
5.4.3 | 2.4.10 (earliest) 3.4.0 (latest) | 2.6.3 (earliest) 3.4.2 (latest) | 1.3.4 (earliest) 1.7.0 (latest) | 1.6.0 | 4.7.4 | 1.6 | 4.0.1 | 2.5 | 2.11.2 | 4.6.1 | 0.4.4 |
5.4.2 | 2.4.10 (earliest) 3.3.2 (latest) | 2.6.3 (earliest) 3.3.1 (latest) | 1.3.4 (earliest) 1.7.0 (latest) | 1.5.2 | 4.7.3 | 1.4 | 4.0.1 | 2.5 | 2.10.3 | 4.2.6 | 0.4.4 |
5.4.1 | 2.4.10 (earliest) 3.3.2 (latest) | 2.6.3 (earliest) 3.3.1 (latest) | 1.3.4 (earliest) 1.7.0 (latest) | 1.5.2 | 4.7.3 | 1.4 | 4.0.1 | 2.5 | 2.10.3 | 4.2.6 | 0.4.4 |
5.4.0 | 2.4.10 (earliest) 3.3.2 (latest) | 2.6.3 (earliest) 3.3.1 (latest) | 1.3.4 (earliest) 1.7.0 (latest) | 1.5.2 | 4.7.3 | 1.4 | 4.0.1 | 2.5 | 2.10.3 | 4.2.6 | 0.4.4 |
A bold version number indicates that the component version was updated in latest release.
5.4.7
Changes
- PostgreSQL versions 16.4, 15.8, 14.13, 13.16, and 12.20 are now available.
- pgBackRest is now at version 2.53.
- The pgvector extension is now at version 0.7.3.
- The orafce extension is now at version 4.10.3.
- The TimescaleDB extension is at version 2.15.3 for PG 16, 15, and 14.
- When migrating from Timescale DB 2.14.x you must run this SQL script after you run
ALTER EXTENSION
. For more details, see the following pull request #6797.
- When migrating from Timescale DB 2.14.x you must run this SQL script after you run
5.4.6
Features
- Warn when a
PASSWORD
option is included inspec.users.options
.
Changes
- PostgreSQL versions 16.3, 15.7, 14.12, 13.15, and 12.19 are now available.
- PostGIS versions 3.4.2, 3.3.6, 3.2.7, 3.1.11, 3.0.11, and 2.5.11 are now available.
- pgBackRest is now at version 2.51.
- pgBouncer is now at version 1.22.1.
- The orafce extension is now at version 4.9.4.
- The pg_partman extension is now at version 5.1.0 for PG 16, 15 and 14.
- The pgvector extension is now at version 0.7.0.
- The TimescaleDB extension is now at version 2.14.2 for PG 16, 15, 14, and 13.
- The
postgres-operator
image now uses UBI Minimal.
Notable Security Fixes
Crunchy PostgreSQL 16.3-0, 15.7-0, and 14.12-0 include:
-
Restrict visibility of
pg_stats_ext
andpg_stats_ext_exprs
entries to the table owner.These views failed to hide statistics for expressions that involve columns the accessing user does not have permission to read. View columns such as
most_common_vals
might expose security-relevant data. The potential interactions here are not fully clear, so in the interest of erring on the side of safety, make rows in these views visible only to the owner of the associated table.By itself, this fix will only fix the behavior in newly initdb'd database clusters. If you wish to apply this change in an existing cluster, you will need to do the following:
-
Find the SQL script
fix-CVE-2024-4317.sql
in the share directory of the PostgreSQL installation. In Crunchy Data's PostgreSQL 16 RPM packages, the script can be found in folder/usr/pgsql-16/share/
after installing thepostgresql16-server
RPM. Be sure to use the script appropriate to your PostgreSQL major version. If you do not see this file, either your version is not vulnerable (only v14-v16 are affected) or your minor version is too old to have the fix. -
In each database of the cluster, run the
fix-CVE-2024-4317.sql
script as superuser. In psql this would look like\i /usr/pgsql-16/share/fix-CVE-2024-4317.sql
(adjust the file path as appropriate). Any error probably indicates that you've used the wrong script version. It will not hurt to run the script more than once.
-
Do not forget to include the
template0
andtemplate1
databases, or the vulnerability will still exist in databases you create later. To fixtemplate0
, you'll need to temporarily make it accept connections. Do that with:ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
and then after fixing
template0
, undo it withALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
-
5.4.5
Fixes
- Only load
datasource.pgbackrest.configuration
when performing a cloud based restore. - Queue an event based on instance Patroni ‘master’ role change
- Make Standalone PgAdmin controller the owner of the objects it creates
- Allow numeric characters in pgAdmin config settings. Contributed by Roman Gherta (@rgherta).
Changes
- PostgreSQL versions 16.2, 15.6, 14.11, 13.14, and 12.18 are now available.
- pgBackRest is now at version 2.49.
- patroni is now at version 3.1.2.
- pgMonitor is now at version 4.11.
- The orafce extension is now at version 4.9.1.
- The pg_cron extension is now at version 1.6.2.
- The pg_partman extension is now at version 5.0.1 for PG 16, 15 and 14.
- The pgvector extension is now at version 0.6.0.
- The TimescaleDB extension is now available for PG 16. The extension is at version 2.13.0 for PG 16, 15, 14, and 13.
5.4.4
Changes
- PostgreSQL versions 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22 are now available.
- pgBouncer is now at version 1.21.0.
- The orafce extension is now at version 4.7.0.
- The pg_partman extension is now at version 5.0.0 for PG 16, 15 and 14.
- The pgAudit16 extension is now at version 16.0.
- The pgvector extension is now at version 0.5.1.
- The TimescaleDB extension now at version 2.12.2 for PG 15, 14 and 13, version 2.11.2 for PG 12 and version 2.3.1 for PG 11.
5.4.3
Changes
- PostgreSQL version 16.0 is now available. This release of PostgreSQL 16 does not include the TimescaleDB extension.
- PostGIS versions 3.4.0, 3.3.4 are now available.
- Patroni is now at version 3.1.1.
- pgMonitor is now at version 4.10.
- The orafce extension is now at version 4.6.1.
- The pg_cron extension is now at version 1.6.0.
- The pg_partman extension is now at version 4.7.4.
- The pgAudit Analyze extension is now at version 1.0.9.
- The pgnodemx extension is now at version 1.6.
- The pgRouting extension is now at version 3.4.2 for PG 16, and version 3.3.4 for PG 16 15 & 14.
- pscyopg is now at version 2.9.7.
- The TimescaleDB extension is now at version 2.11.2.
5.4.2
Changes
- PostgreSQL versions 15.4, 14.9, 13.12, 12.16, and 11.21 are now available.
- Patroni is now at version 3.1.0.
- pgBackrest is now at version 2.47.
- pgBouncer is now at version 1.19.1.
5.4.1
Fixes
- Backup jobs for S3-compatible object storage repositories would fail with a message about config hash mismatch. This is now fixed.
- PGO now prevents empty image values from impacting a PostgresCluster. With this change, a warning event explains that the cluster will be updated once the necessary images are defined. PostgresClusters with images defined continue to reconcile normally.
- Recovering from missing images during a Postgres major version upgrade is easier now. Conditions on PGUpgrade are more clearly defined, and new validation checks the upgrade image field.
5.4.0
Features
- The
PGUpgrade
API has been added to Crunchy Postgres for Kubernetes OLM installer. - The
pgo-upgrade
deployment is no longer needed and can be removed. - Added the ability to add volumes for
tablepace
support (guarded by feature gate) - ARM images are now available
- PostgreSQL versions 15.3, 14.8, 13.11 are now available.
- PostGIS versions 3.1.8, 3.2.4 & 3.3.2 are now available.
- The pgvector extension, version 0.4.4, is now available.
Changes
- Trivy has been integrated into Continuous Integration pipelines for the detection and resolution of CVE's within Go binaries and container image builds.
- Major Upgrade doc change providing clarity around deleting old WAL files. Contributed by Stefan Midjich (@stemid).
- Documentation update to bring our Keycloak example into alignment with the latest version. Contributed by David Jeffers (@dajeffers).
- The
pgaudit_analyze
tool is deprecated and may be removed in a future release.
Fixes
- The major PG upgrades documentation now includes the proper guidance/instructions for updating the
pgAudit
extension. - PostgresClusters that do not request huge pages can now initialize and be restored on nodes with huge pages. Kubernetes container runtimes still configure cgroups incorrectly in these cases, but
initdb
no longer crashes. - The custom TLS documentation now includes the proper information for the Common Name for the certificates for both the
customTLSSecret
and thecustomReplicationTLSSecret
.