Release date: Oct 23, 2025
Changes
-
Delayed the decommissioning of native in-core support for Barman Cloud to at least version 1.29. (#8670)
-
Adopted the new format of
postgres-containersandpostgis-containersimages and image catalog artifacts, and updated the default PostgreSQL version to18.0-system-trixie(PostgreSQL 18 is now supported). (#8578, #8760, #8558) -
Deprecated the
monitoring.enablePodMonitorfield in theClusterandPoolerresources. This field will be removed in a future release. Users who rely onPodMonitorresources should create them manually instead. (#8753)
Enhancements
-
Added support for overriding the PgBouncer
auth_type,server_tls_sslmode, andclient_tls_sslmodesettings, which were previously hardcoded. Default values remain consistent with the former behavior but can now be customized when required. (#8674) -
Added a
CHECKPOINTstep before PostgreSQL smart and fast shutdowns to reduce shutdown duration and replica promotion time, especially on systems with a highcheckpoint_timeout. (#8867) -
Added a warning in the instance manager for deprecated or unsupported OS versions, based on the official
postgres-containersproject. (#8601) -
Improved certificate parsing error reporting. Failures now log specific errors instead of a generic message, aiding troubleshooting. This is particularly relevant after the CVE-2025-58187 fix in Go 1.25.2 and 1.24.8, which may trigger parsing failures for invalid DNS SANs. (#8801)
-
Added a check to ensure the destination WAL archive path is empty when bootstrapping a cluster using the
pg_basebackupmethod, consistent with other bootstrap methods. (#8895) -
Added validation to prevent backups from running on hibernated clusters. Backups attempted on such clusters now fail with reason
ClusterIsHibernated, following the standard prerequisite check pattern. (#8870) -
Added support for
pprofprofiling. Instances can now enable thepproftool by adding thealpha.cnpg.io/enableInstancePprofannotation to theClusterresource for advanced debugging. (#7876) -
cnpgplugin:
Fixes
-
Fixed backup restoration failures when using custom WAL segment sizes with parallel WAL recovery. The operator no longer manages the end-of-WAL file marker during restoration, preventing errors when backups span multiple WAL segments. (#8873)
-
Fixed a bug in major upgrades where a volume snapshot from a previous minor version could be incorrectly used to optimize replica creation. (#8475)
-
Fixed
initdbto wait for the application user secret before bootstrapping a new cluster, preventing potential race conditions. (#8663)
- Fixed quorum-based failover to work correctly in clusters with only two instances using synchronous replication. (#8680)
-
Fixed configuration hash calculation to ignore internal configuration fields, preventing unnecessary reconciliations. (#8868)
-
Fixed the connection retry logic in the
cnpgiplugin. The reconciliation loop now detects connection pool changes correctly and uses exponential backoff to reduce "closed pool" errors. (#8554) -
Fixed volume snapshot usage during replica scaling to work with backup plugins. Previously, this optimization was only available with the in-tree backup implementation, but now clusters using backup plugins can also leverage volume snapshots when creating new replicas. (#8506)
-
Fixed the
Poolertemplating to correctly inherit settings for the bootstrap controller init container. (#8394) -
Fixed webhook errors to use the correct API group (
postgresql.cnpg.io) inPoolerand backup webhooks, ensuring consistent API error reporting. (#8485) -
Fixed a potential nil pointer dereference in the hibernation reconciler when handling errors. Contributed by @PascalBourdier. (#8756)
-
Fixed an issue in the environment cache where callers could inadvertently modify shared data. The
LoadEnvfunction now returns a copy of cached environment slices to prevent mutations from affecting the cache. (#8880)