Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vZK2Q-008JZ7-0Z for pgsql-announce@arkaria.postgresql.org; Sat, 27 Dec 2025 02:28:15 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vZK2M-00Aidg-2P for pgsql-announce@arkaria.postgresql.org; Sat, 27 Dec 2025 02:28:11 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vZK2L-00Aico-2M for pgsql-announce@lists.postgresql.org; Sat, 27 Dec 2025 02:28:10 +0000 Received: from mahout.postgresql.org ([2001:4800:3e1:1::227]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vZK2J-002np7-1U for pgsql-announce@lists.postgresql.org; Sat, 27 Dec 2025 02:28:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=postgresql.org; s=20171124; h=Message-ID:Date:Reply-To:From:To:Subject: MIME-Version:Content-Type:Sender:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=32Y9RfeBMfD9vwaGYj489/mspUWh7cp21BpC7u4KTPo=; b=d+oVzypXFuQj83P9/QSs/83Uje tSXRVLcGJ3ZhdH9BVfNbSczzpTRMTJpmYO8K+A3LYgf0bpdBgNhQyeWZSTa+YTyUA56G9ViQS3kJF jRXPUsbTj1tyFcbiTGDKO+RWaJbxhkggLQx4thB4BUS2FiIXyQ419I3VfDMg2QbIOj/SvJ/FikvYY ZGJnQ3JylMGZazx1L6xJD7JD+nAhlD/IzO/bbe24yvpu57S5MzX+aqkbm5CaKGKMdwK8Wboeu8SW6 x7LfS3xJ/RwnMVgcXZ11GxxkhlsZ0dDrYFDH5nBPEtDnYTRx0c3x+J3rnlSOzKPwMEYFh2glJvdDX vOL+4LWg==; Received: from wrigleys.postgresql.org ([217.196.149.60]) by mahout.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vZK2I-0086Xe-2N for pgsql-announce@lists.postgresql.org; Sat, 27 Dec 2025 02:28:06 +0000 Received: from localhost ([127.0.0.1] helo=wrigleys.postgresql.org) by wrigleys.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vZK2F-00E6zR-0C for pgsql-announce@lists.postgresql.org; Sat, 27 Dec 2025 02:28:03 +0000 Content-Type: multipart/mixed; boundary="===============5490620042851086082==" MIME-Version: 1.0 Subject: credcheck v4.3 has been released To: PostgreSQL Announce From: HexaCluster via PostgreSQL Announce Reply-To: gilles@hexacluster.ai Date: Sat, 27 Dec 2025 02:28:00 +0000 Message-ID: <176680248001.978862.3573581040525065690@wrigleys.postgresql.org> X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-pglister-tags: related X-pglister-tagsig: 3393da4a215c563945184e04775f62be50c174b75624c4d298681bcf1c9e2be0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --===============5490620042851086082== Content-Type: multipart/alternative; boundary="===============3390873885236560847==" MIME-Version: 1.0 --===============3390873885236560847== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Dar es Salaam, Tanzania - December 23, 2025 ## PostgreSQL credcheck extension The credcheck PostgreSQL extension provides few general credential checks, = which will be evaluated during the user creation, during the password chang= e and user renaming. By using this extension, we can define a set of rules: * allow a specific set of credentials * reject a certain type of credentials * deny password that can be easily cracked * enforce use of an expiration date with a minimum of day for a password * define a password reuse policy * define the number of authentication failure allowed before a user is ba= nned * define a delay on authentication failures * force users to change their password after first login * throw a warning N days before when the password user is about to expire Release 4.3 has been published, it fixes issues reported by users since las= t release. - Fix background workers crash when pg_cron is used and potentially others extension using background workers. - Only execute processUtility hook if we are at top level (not SPI re-ent= er). - Fix the "change password after first login" feature that was affecting = all users connecting to the database instead of only the related user. Upgrade require a PostgreSQL restart to reload the credcheck library. Complete list of changes and acknowledgements are available [here](https://= github.com/HexaCluster/credcheck/releases/tag/v4.3) ## Links & Credits credcheck is an open project under the PostgreSQL license maintained by [He= xaCluster](https://github.com/HexaCluster/credcheck/). Any contribution to build a better tool is welcome. You can send your ideas= , features requests or patches using the GitHub tools. **Links :** * Download: [https://github.com/HexaCluster/credcheck/releases/](https://g= ithub.com/HexaCluster/credcheck/releases/) * Support: use GitHub report tool at [https://github.com/HexaCluster/credch= eck/issues](https://github.com/HexaCluster/credcheck/issues) ## About credcheck The credcheck extension is an original work of MigOps Inc, Since MigOPs is = closed the extension is developed and maintained by Gilles Darold at [https= ://hexacluster.ai](HexaCluster Corp). If you need more information please [= https://hexacluster.ai/contact-us/](contact us). Documentation at [https://github.com/HexaCluster/credcheck#readme](https://= github.com/HexaCluster/credcheck#readme) --===============3390873885236560847== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable credcheck v4.3 has been released
 

credcheck v4.3 has been released

Dar es Salaam, Tanzania - December 23, 2025=

PostgreSQL credcheck extension<= /h2>

The credcheck PostgreSQL extension provides= few general credential checks, which will be evaluated during the user cre= ation, during the password change and user renaming. By using this extensio= n, we can define a set of rules:

  • allow a specifi= c set of credentials
  • reject a certai= n type of credentials
  • deny password t= hat can be easily cracked
  • enforce use of = an expiration date with a minimum of day for a password
  • define a passwo= rd reuse policy
  • define the numb= er of authentication failure allowed before a user is banned
  • define a delay = on authentication failures
  • force users to = change their password after first login
  • throw a warning= N days before when the password user is about to expire

Release 4.3 has been published, it fixes is= sues reported by users since last release.

  • Fix background = workers crash when pg_cron is used and potentially others extension using background workers.
  • Only execute pr= ocessUtility hook if we are at top level (not SPI re-enter).
  • Fix the "change= password after first login" feature that was affecting all users connecting to the database instead of only the related user.

Upgrade require a PostgreSQL restart to rel= oad the credcheck library.

Complete list of changes and acknowledgemen= ts are available here<= /p>

Links & Credits

credcheck is an open project under the Post= greSQL license maintained by HexaCluster. Any contribution to build a better tool is welcome. You can send your ideas= , features requests or patches using the GitHub tools.

Links :

About credcheck

The credcheck extension is an original work= of MigOps Inc, Since MigOPs is closed the extension is developed and maint= ained by Gilles Darold at https://hexacluster.ai. If you need more information please https://hexacluster.ai/= contact-us/.

Documentation at https://github.com/HexaCluster/credcheck#readme
This email was sent to you from HexaCluster. It was delivered on their beha= lf by the PostgreSQL project. Any questions about the content of the message shou= ld be sent to HexaCluster.

You were sent this email as a subscriber of the pgsql-announce mai= linglist, for the content tag Related Open Source. To unsubscribe from further emails, or change which emails you want to receive, please click th= e personal unsubscribe link that you can find in the headers of this email, or visit https://lists.postgresql.org/unsubscribe/.
 
--===============3390873885236560847==-- --===============5490620042851086082==--