Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-announce-owner+archive@lists.postgresql.org>)
	id 1vvHwm-00C9e4-1d
	for pgsql-announce@arkaria.postgresql.org;
	Wed, 25 Feb 2026 16:41:13 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-announce-owner+archive@lists.postgresql.org>)
	id 1vvHwl-007PWL-0j
	for pgsql-announce@arkaria.postgresql.org;
	Wed, 25 Feb 2026 16:41:11 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <announce-noreply@postgresql.org>)
	id 1vvHwk-007PVz-0h
	for pgsql-announce@lists.postgresql.org;
	Wed, 25 Feb 2026 16:41:10 +0000
Received: from mahout.postgresql.org ([2001:4800:3e1:1::227])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <announce-noreply@postgresql.org>)
	id 1vvHwe-0000000199H-2lzl
	for pgsql-announce@lists.postgresql.org;
	Wed, 25 Feb 2026 16:41:09 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=postgresql.org; s=20171124; h=Message-ID:Date:Reply-To:From:To:Subject:
	MIME-Version:Content-Type:Sender:Cc:Content-Transfer-Encoding:Content-ID:
	Content-Description:In-Reply-To:References;
	bh=hneQOmntt1xwg4K6xkSZxQqlAd+zKiTm2b5rmj4YpX8=; b=jVZgoZXQNLLHAaWI5YL6RVm06r
	HuNnQy/4gXKJA3RgpCHdu3yuEpfUN+KTQ8MccDjwlLNVBtqGfY5IDCHwK9RMBMR4eIi6ALSzdECiq
	W3SxTXdDnsGect7nDtcS0M5wgLeH1qSXCjArhhR3rNQz/4xHivbPm0ULcDVRmckv4sw/dgw/q5f3Z
	5XxfCyh9caGKBaKHnSZ+ozqR2XRbjDn6l9NlkCZZvrgtafAi//SOCxXfxpWIcSF1Wp1O3UEwvZKqr
	ePilc2frhUED+rJUel52RsRZXsWIYFCsmNOu9eoo8SMP/PbSaZEt7wZJ47WVt4T92SQbcupOudNmu
	YLv5LYSg==;
Received: from wrigleys.postgresql.org ([217.196.149.60])
	by mahout.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <announce-noreply@postgresql.org>)
	id 1vvHwe-003PhP-2I
	for pgsql-announce@lists.postgresql.org;
	Wed, 25 Feb 2026 16:41:05 +0000
Received: from localhost ([127.0.0.1] helo=wrigleys.postgresql.org)
	by wrigleys.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <announce-noreply@postgresql.org>)
	id 1vvHwd-00BZ2z-0l
	for pgsql-announce@lists.postgresql.org;
	Wed, 25 Feb 2026 16:41:03 +0000
Content-Type: multipart/alternative; boundary="===============3829147830782839373=="
MIME-Version: 1.0
Subject: credcheck v4.6 has been released
To: PostgreSQL Announce <pgsql-announce@lists.postgresql.org>
From: HexaCluster via PostgreSQL Announce <announce-noreply@postgresql.org>
Reply-To: gilles@hexacluster.ai
Date: Wed, 25 Feb 2026 16:40:52 +0000
Message-ID: <177203765228.1546493.8602115913870896549@wrigleys.postgresql.org>
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
X-pglister-tags: related
X-pglister-tagsig: 7c1181f5ee8afa7d91f7fb86df4b782649c46ff0ace3281ac6bc704104baf4f5
List-Id: <pgsql-announce.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-announce@lists.postgresql.org>
List-Owner: <mailto:pgsql-announce-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-announce>
Archived-At: <https://www.postgresql.org/message-id/177203765228.1546493.8602115913870896549%40wrigleys.postgresql.org>
Precedence: bulk

--===============3829147830782839373==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Grenoble, France - Febuary 23, 2026

## PostgreSQL credcheck extension

The credcheck PostgreSQL extension provides few general credential checks, =
which will be evaluated during the user creation, during the password chang=
e and user renaming. By using this extension, we can define a set of rules:

  * allow a specific set of credentials
  * reject a certain type of credentials
  * deny password that can be easily cracked
  * enforce use of an expiration date with a minimum of day for a password
  * define a password reuse policy
  * define the number of authentication failure allowed before a user is ba=
nned
  * define a delay on authentication failures
  * force users to change their password after first login
  * throw a warning N days before when the password user is about to expire

Release 4.6 has been published, it is a security fix release. If you are ru=
nning
v4.5 please upgrade as soon as possible.=20

  - Fix security issue with `ALTER ROLE current_role` that allow to change
    superusers password.
  - Fix event trigger for password expiration warning when time diff are
    negative values.
  - Disable the login event trigger when `credcheck.password_valid_warning`
    is not defined or set to 0.

If you are using the password expiration warning feature you should
execute the event_trigger.sql in each database where it is defined.


Upgrade require a PostgreSQL restart to reload the credcheck library.

Complete list of changes and acknowledgements are available [here](https://=
github.com/HexaCluster/credcheck/releases/tag/v4.6)

## Links & Credits

credcheck is an open project under the PostgreSQL license maintained by [He=
xaCluster](https://github.com/HexaCluster/credcheck/).
Any contribution to build a better tool is welcome. You can send your ideas=
, features requests or patches
using the GitHub tools.

**Links :**

* Download:  [https://github.com/HexaCluster/credcheck/releases/](https://g=
ithub.com/HexaCluster/credcheck/releases/)
* Support: use GitHub report tool at [https://github.com/HexaCluster/credch=
eck/issues](https://github.com/HexaCluster/credcheck/issues)

## About credcheck

The credcheck extension is developed and maintained by Gilles Darold at [ht=
tps://hexacluster.ai](HexaCluster Corp). If you need more information pleas=
e [https://hexacluster.ai/contact-us/](contact us).

Documentation at [https://github.com/HexaCluster/credcheck#readme](https://=
github.com/HexaCluster/credcheck#readme)
--===============3829147830782839373==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable



<!doctype html>
<html>
  <head>
    <meta name=3D"viewport" content=3D"width=3Ddevice-width">
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8=
">
    <title>credcheck v4.6 has been released</title>
    <style>

    @media only screen and (max-width: 620px) {
      table[class=3Dbody] h1 {
        font-size: 28px !important;
        margin-bottom: 10px !important;
      }
      table[class=3Dbody] p,
            table[class=3Dbody] ul,
            table[class=3Dbody] ol,
            table[class=3Dbody] td,
            table[class=3Dbody] span,
            table[class=3Dbody] a {
        font-size: 16px !important;
      }
      table[class=3Dbody] .wrapper,
            table[class=3Dbody] .article {
        padding: 10px !important;
      }
      table[class=3Dbody] .content {
        padding: 0 !important;
      }
      table[class=3Dbody] .container {
        padding: 0 !important;
        width: 100% !important;
      }
      table[class=3Dbody] .main {
        border-left-width: 0 !important;
        border-radius: 0 !important;
        border-right-width: 0 !important;
      }
      table[class=3Dbody] .btn table {
        width: 100% !important;
      }
      table[class=3Dbody] .btn a {
        width: 100% !important;
      }
      table[class=3Dbody] .img-responsive {
        height: auto !important;
        max-width: 100% !important;
        width: auto !important;
      }
    }

    @media all {
      .ExternalClass {
        width: 100%;
      }
      .ExternalClass,
            .ExternalClass p,
            .ExternalClass span,
            .ExternalClass font,
            .ExternalClass td,
            .ExternalClass div {
        line-height: 100%;
      }
      .apple-link a {
        color: inherit !important;
        font-family: inherit !important;
        font-size: inherit !important;
        font-weight: inherit !important;
        line-height: inherit !important;
        text-decoration: none !important;
      }
      #MessageViewBody a {
        color: inherit;
        text-decoration: none;
        font-size: inherit;
        font-family: inherit;
        font-weight: inherit;
        line-height: inherit;
      }
      .btn-primary table td:hover {
        background-color: #34495e !important;
      }
      .btn-primary a:hover {
        background-color: #34495e !important;
        border-color: #34495e !important;
      }
    }
    </style>
  </head>
  <body class=3D"" style=3D"background-color: #f6f6f6; font-family: sans-se=
rif; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4=
; margin: 0; padding: 0; -ms-text-size-adjust: 100%; -webkit-text-size-adju=
st: 100%;">
    <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" class=3D"body" =
style=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace=
: 0pt; width: 100%; background-color: #f6f6f6;">
      <tr>
        <td style=3D"font-family: sans-serif; font-size: 14px; vertical-ali=
gn: top;">&nbsp;</td>
        <td class=3D"container" style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top; display: block; Margin: 0 auto; max-width: 580=
px; padding: 10px; width: 580px;">
          <div class=3D"content" style=3D"box-sizing: border-box; display: =
block; Margin: 0 auto; max-width: 580px; padding: 10px;">


            <span class=3D"preheader" style=3D"color: transparent; display:=
 none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden=
; mso-hide: all; visibility: hidden; width: 0;"></span>
            <table class=3D"main" style=3D"border-collapse: separate; mso-t=
able-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; =
border-radius: 3px;">


              <tr>
                <td class=3D"wrapper" style=3D"font-family: sans-serif; fon=
t-size: 14px; vertical-align: top; box-sizing: border-box; padding: 20px;">
                  <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" s=
tyle=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace:=
 0pt; width: 100%;">
                    <tr>
                      <td style=3D"font-family: sans-serif; font-size: 14px=
; vertical-align: top;">

<div>
<h1 style=3D"color: #000; font-family: sans-serif; line-height: 1.4; margin=
: 0; margin-bottom: 30px; font-size: 25px; font-weight: 300; text-align: ce=
nter">credcheck v4.6 has been released</h1>
</div>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Grenoble, France - Febuary 23, 2026</p>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">PostgreSQL credcheck extension<=
/h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">The credcheck PostgreSQL extension provides=
 few general credential checks, which will be evaluated during the user cre=
ation, during the password change and user renaming. By using this extensio=
n, we can define a set of rules:</p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px">allow a specifi=
c set of credentials</li>
<li style=3D"list-style-position: inside; margin-left: 5px">reject a certai=
n type of credentials</li>
<li style=3D"list-style-position: inside; margin-left: 5px">deny password t=
hat can be easily cracked</li>
<li style=3D"list-style-position: inside; margin-left: 5px">enforce use of =
an expiration date with a minimum of day for a password</li>
<li style=3D"list-style-position: inside; margin-left: 5px">define a passwo=
rd reuse policy</li>
<li style=3D"list-style-position: inside; margin-left: 5px">define the numb=
er of authentication failure allowed before a user is banned</li>
<li style=3D"list-style-position: inside; margin-left: 5px">define a delay =
on authentication failures</li>
<li style=3D"list-style-position: inside; margin-left: 5px">force users to =
change their password after first login</li>
<li style=3D"list-style-position: inside; margin-left: 5px">throw a warning=
 N days before when the password user is about to expire</li>
</ul>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Release 4.6 has been published, it is a sec=
urity fix release. If you are running
v4.5 please upgrade as soon as possible. </p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px">Fix security is=
sue with <code>ALTER ROLE current_role</code> that allow to change
    superusers password.</li>
<li style=3D"list-style-position: inside; margin-left: 5px">Fix event trigg=
er for password expiration warning when time diff are
    negative values.</li>
<li style=3D"list-style-position: inside; margin-left: 5px">Disable the log=
in event trigger when <code>credcheck.password_valid_warning</code>
    is not defined or set to 0.</li>
</ul>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">If you are using the password expiration wa=
rning feature you should
execute the event_trigger.sql in each database where it is defined.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Upgrade require a PostgreSQL restart to rel=
oad the credcheck library.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Complete list of changes and acknowledgemen=
ts are available <a href=3D"https://github.com/HexaCluster/credcheck/releas=
es/tag/v4.6" style=3D"color: #3498db; text-decoration: underline">here</a><=
/p>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">Links &amp; Credits</h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">credcheck is an open project under the Post=
greSQL license maintained by <a href=3D"https://github.com/HexaCluster/cred=
check/" style=3D"color: #3498db; text-decoration: underline">HexaCluster</a=
>.
Any contribution to build a better tool is welcome. You can send your ideas=
, features requests or patches
using the GitHub tools.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px"><strong>Links :</strong></p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px">Download:  <a h=
ref=3D"https://github.com/HexaCluster/credcheck/releases/" style=3D"color: =
#3498db; text-decoration: underline">https://github.com/HexaCluster/credche=
ck/releases/</a></li>
<li style=3D"list-style-position: inside; margin-left: 5px">Support: use Gi=
tHub report tool at <a href=3D"https://github.com/HexaCluster/credcheck/iss=
ues" style=3D"color: #3498db; text-decoration: underline">https://github.co=
m/HexaCluster/credcheck/issues</a></li>
</ul>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">About credcheck</h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">The credcheck extension is developed and ma=
intained by Gilles Darold at <a style=3D"color: #3498db; text-decoration: u=
nderline">https://hexacluster.ai</a>. If you need more information please <=
a style=3D"color: #3498db; text-decoration: underline">https://hexacluster.=
ai/contact-us/</a>.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Documentation at <a href=3D"https://github.=
com/HexaCluster/credcheck#readme" style=3D"color: #3498db; text-decoration:=
 underline">https://github.com/HexaCluster/credcheck#readme</a></p>

                      </td>
                    </tr>
                  </table>
                </td>
              </tr>

            </table>

            <div class=3D"footer" style=3D"clear: both; Margin-top: 10px; t=
ext-align: center; width: 100%;">
              <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" style=
=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt=
; width: 100%;">
                <tr>
                  <td class=3D"content-block" style=3D"font-family: sans-se=
rif; vertical-align: top; padding-bottom: 10px; padding-top: 10px; font-siz=
e: 12px; color: #999999; text-align: center;">
                    <span class=3D"apple-link" style=3D"color: #999999; fon=
t-size: 12px; text-align: center;">
This email was sent to you from HexaCluster. It was delivered on their beha=
lf by
the PostgreSQL project. Any questions about the content of the message shou=
ld be
sent to HexaCluster.
</span>
		    <br><br>
You were sent this email as a subscriber of the <em>pgsql-announce</em> mai=
linglist, for
the content tag Related Open Source.
To unsubscribe from
further emails, or change which emails you want to receive, please click th=
e personal unsubscribe
link that you can find in the headers of this email, or visit
<a href=3D"https://lists.postgresql.org/unsubscribe/" style=3D"color: #3498=
db; text-decoration: underline">https://lists.postgresql.org/unsubscribe/</=
a>.

                  </td>
                </tr>
              </table>
            </div>

          </div>
        </td>
        <td style=3D"font-family: sans-serif; font-size: 14px; vertical-ali=
gn: top;">&nbsp;</td>
      </tr>
    </table>
  </body>
</html>

--===============3829147830782839373==--