Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w8FlU-000Lor-2b for pgsql-announce@arkaria.postgresql.org; Thu, 02 Apr 2026 10:59:09 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w8FlT-005A7t-1z for pgsql-announce@arkaria.postgresql.org; Thu, 02 Apr 2026 10:59:08 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w8FlS-005A7X-1c for pgsql-announce@lists.postgresql.org; Thu, 02 Apr 2026 10:59:07 +0000 Received: from mahout.postgresql.org ([2001:4800:3e1:1::227]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1w8FlQ-00000000AZN-2kG6 for pgsql-announce@lists.postgresql.org; Thu, 02 Apr 2026 10:59:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=postgresql.org; s=20171124; h=Message-ID:Date:Reply-To:From:To:Subject: MIME-Version:Content-Type:Sender:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=8mXt9QrOQpNXsHpgNiQGKmyMq7bfv+yk9A7+hYSAwHE=; b=Zs2w8Rl2Cb35tmny9+pYB2awD7 5CHx2HrBZU51HRoK6T9YyqlGE1YYHKAQSIKRup2lwTaFN0JFfNRvJroc7zWXmLuUBFLgT0MbFfFxX yVWnvyT+rYH1VN9QAhE77usnFt9OfMGckkNMkZxbybE9LhMzOLV9yMlCdjTN0+JbVVSUT8BaAY8fp OWwaH4zztytgA6boiLnQnBPjAu1HBt9ZArbWbeHzZitdVhjE017snL61WUJMoUQ/3LaDQqhTGEvdv JckNG/CeJrDgOI/Pga3tp6h2it5FBUiWKPDP2chgkFzzAiZ/f9+VAyKAtaWXe03Vw5AhAl6BKuTBG 1/nS2i+w==; Received: from wrigleys.postgresql.org ([217.196.149.60]) by mahout.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w8FlP-000TU6-2X for pgsql-announce@lists.postgresql.org; Thu, 02 Apr 2026 10:59:04 +0000 Received: from localhost ([127.0.0.1] helo=wrigleys.postgresql.org) by wrigleys.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w8FlO-00DkWc-0J for pgsql-announce@lists.postgresql.org; Thu, 02 Apr 2026 10:59:02 +0000 Content-Type: multipart/alternative; boundary="===============0933258360649753901==" MIME-Version: 1.0 Subject: CloudNativePG 1.29.0 Released! To: PostgreSQL Announce From: The CloudNativePG Contributors via PostgreSQL Announce Reply-To: gabriele.bartolini@gmail.com Date: Thu, 02 Apr 2026 10:58:19 +0000 Message-ID: <177512749944.3221088.15364328866244061324@wrigleys.postgresql.org> X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-pglister-tags: related X-pglister-tagsig: 1cddc976cb1416fa96acc6ca28b2df3e0448f06664050c30ead041b25ad463b0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --===============0933258360649753901== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The CloudNativePG Community is excited to announce the immediate availabili= ty of **CloudNativePG 1.29.0**! This minor release introduces a paradigm shift in how PostgreSQL extensions are managed on Kubernetes and brings powerful new capabilities for enterpri= se identity and network security, further establishing CloudNativePG as the standard for cloud-native PostgreSQL. We are also pleased to announce the release of maintenance versions **1.28.= 2** and **1.27.4**, the latter of which is the final planned release in the 1.2= 7.x series. We encourage users on 1.27 to plan their upgrade to 1.28 or 1.29. With the release of CloudNativePG 1.29.0, the End-of-Life (EOL) date for the **CloudNativePG 1.28.x** series is confirmed as **June 30, 2026**. --- ## Highlights in 1.29.0 ### PostgreSQL Extensions Ecosystem and Image Catalogs The headline feature of 1.29 is the integration of **Image Catalogs** with a new, dedicated ecosystem for PostgreSQL extensions. By leveraging the [postgres-extensions-containers](https://github.com/cloudnative-pg/artifact= s/tree/main/image-catalogs-extensions) project, CloudNativePG now provides a structured, automated way to distribu= te and manage extension-specific images. This approach ensures that the database engine and its modules are version-aligned, secure, and treated as a single cohesive unit. It centrali= zes the image supply chain, effectively removing the need for users to manually build and maintain complex custom PostgreSQL images just to add required functionality. ### Dynamic Network Access Control via Pod Selectors We have introduced a major enhancement to PostgreSQL network security. Using the new `podSelectorRefs` field, you can now define `pg_hba.conf` rules that dynamically resolve the ephemeral IP addresses of client pods based on label selectors. This ensures that only authorized workloads in the same namespace can connect to the database, eliminating the friction of manual IP manageme= nt or static CIDR ranges. ### Shared ServiceAccount Support CloudNativePG 1.29 now supports referencing a pre-existing `ServiceAccount`= in `Cluster` and `Pooler` resources. This enables a much smoother integration = with cloud provider IAM services. Platform engineers can now manage identity and permissions once at the infrastructure level and share them across multiple clusters. This work was contributed by Salih Bozkaya ([@bozkayasalihx](http= s://github.com/bozkayasalihx)). --- ## Notable Enhancements - **Supply Chain Security & Artifact Signing:** We have significantly strengthened the project's security posture by **signing all release artifacts** and container images. This release also includes: - **SLSA Provenance:** Added Supply-chain Levels for Software Artifacts provenance to release binaries and images. - **SBOM Generation:** Enabled Software Bill of Materials (SBOM) generation within the GoReleaser pipeline for improved dependency tra= nsparency. - **OpenSSF Integration:** Integrated the OpenSSF baseline scanner and added a `SECURITY-INSIGHTS.yaml` file to the repository to align with industry-standard security reporting. - **Advanced TLS for PgBouncer:** Added support for granular configuration = of TLS cipher suites and minimum/maximum TLS versions for both client-to-poo= ler and pooler-to-server connections. Contributed by [@alex1989hu](https://github.com/alex1989hu). Dive into the full list of changes and fixes in the [Release notes for CloudNativePG 1.29](https://cloudnative-pg.io/docs/1.29/= release_notes/v1.29/). ## Maintenance Releases: 1.28.2 & 1.27.4 In parallel with the 1.29 release, we have also shipped maintenance updates for previous stable series: - **CloudNativePG 1.28.2:** Includes various fixes and improvements backpor= ted from 1.29, including improved resilience for volume resizes and stability fixes for the `cnpg` plugin. - **CloudNativePG 1.27.4:** The final planned maintenance release for the 1.27.x series. We strongly recommend planning an upgrade to 1.28 or 1.29. We encourage all users to upgrade to the latest stable versions to benefit = from the latest features, security enhancements, and bug fixes. Follow the [upgrade instructions](https://cloudnative-pg.io/docs/1.29/insta= llation_upgrade#upgrading-to-1290-or-128x) for a smooth transition. --- ## Get Involved with the Community [Join us](https://github.com/cloudnative-pg/cloudnative-pg?tab=3Dreadme-ov-= file#communications) to help shape the future of cloud-native Postgres! If you're using CloudNativePG in production, consider [adding your organization as an adopter](https://github.com/cloudnative-pg/= cloudnative-pg/blob/main/ADOPTERS.md) to support the project's growth and evolution. Thank you for your continued support! Upgrade today and discover how CloudNativePG can elevate your PostgreSQL experience to new heights. ## About CloudNativePG [CloudNativePG](https://cloudnative-pg.io) is an open-source Kubernetes Operator specifically designed for PostgreSQL workloads. It manages the ent= ire lifecycle of a PostgreSQL cluster, including bootstrapping, configuration, = high availability, connection routing, and comprehensive backup and disaster recovery mechanisms. By leveraging PostgreSQL's native streaming replicatio= n, CloudNativePG efficiently distributes data across pods, nodes, and zones us= ing standard Kubernetes patterns, enabling seamless scaling of replicas in a Kubernetes-native manner. Originally developed and supported by [EDB](https://www.enterprisedb.com/), CloudNativePG is a CNCF Sandbox proje= ct and the sole PostgreSQL operator in this category. --===============0933258360649753901== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable CloudNativePG 1.29.0 Released!
 

CloudNativePG 1.29.0 Released!

The CloudNativePG Community is excited to a= nnounce the immediate availability of CloudNativePG 1.29.0!

This minor release introduces a paradigm sh= ift in how PostgreSQL extensions are managed on Kubernetes and brings powerful new capabilities for enterpri= se identity and network security, further establishing CloudNativePG as the standard for cloud-native PostgreSQL.

We are also pleased to announce the release= of maintenance versions 1.28.2 and 1.27.4, the latter of which is the final planned relea= se in the 1.27.x series. We encourage users on 1.27 to plan their upgrade to 1.28 or 1.29.

With the release of CloudNativePG 1.29.0, t= he End-of-Life (EOL) date for the CloudNativePG 1.28.x series is confirmed as June 3= 0, 2026.

Highlights in 1.29.0

PostgreSQL Extensions Ecosystem= and Image Catalogs

The headline feature of 1.29 is the integra= tion of Image Catalogs with a new, dedicated ecosystem for PostgreSQL extensions. By leveraging the postg= res-extensions-containers project, CloudNativePG now provides a structured, automated way to distribu= te and manage extension-specific images.

This approach ensures that the database eng= ine and its modules are version-aligned, secure, and treated as a single cohesive unit. It centrali= zes the image supply chain, effectively removing the need for users to manually build and maintain complex custom PostgreSQL images just to add required functionality.

Dynamic Network Access Control = via Pod Selectors

We have introduced a major enhancement to P= ostgreSQL network security. Using the new podSelectorRefs field, you can now define pg_hba= .conf rules that dynamically resolve the ephemeral IP addresses of client pods based on label selectors. This ensures that only authorized workloads in the same namespace can connect to the database, eliminating the friction of manual IP manageme= nt or static CIDR ranges.

Shared ServiceAccount Support

CloudNativePG 1.29 now supports referencing= a pre-existing ServiceAccount in Cluster and Pooler resources. This enables a much= smoother integration with cloud provider IAM services. Platform engineers can now manage identity and permissions once at the infrastructure level and share them across multiple clusters. This work was contributed by Salih Bozkaya (Notable Enhancements

Dive into the full list of changes and fixe= s in the Release notes for CloudNati= vePG 1.29.

Maintenance Releases: 1.28.2 &a= mp; 1.27.4

In parallel with the 1.29 release, we have = also shipped maintenance updates for previous stable series:

  • CloudNativePG 1.28.2: Incl= udes various fixes and improvements backported from 1.29, including improved resilience for volume resizes and stability fixes for the cnpg plugin.

  • CloudNativePG 1.27.4: The = final planned maintenance release for the 1.27.x series. We strongly recommend planning an upgrade to 1.28 or 1.29.=

We encourage all users to upgrade to the la= test stable versions to benefit from the latest features, security enhancements, and bug fixes.

Follow the upgrade instructions for a smooth transition.

Get Involved with the Community=

Join us to help shape the future of cloud-native Postgres!

If you're using CloudNativePG in production= , consider adding your or= ganization as an adopter to support the project's growth and evolution.

Thank you for your continued support! Upgra= de today and discover how CloudNativePG can elevate your PostgreSQL experience to new heights.

About CloudNativePG

CloudNativePG is an ope= n-source Kubernetes Operator specifically designed for PostgreSQL workloads. It manages the ent= ire lifecycle of a PostgreSQL cluster, including bootstrapping, configuration, = high availability, connection routing, and comprehensive backup and disaster recovery mechanisms. By leveraging PostgreSQL's native streaming replicatio= n, CloudNativePG efficiently distributes data across pods, nodes, and zones us= ing standard Kubernetes patterns, enabling seamless scaling of replicas in a Kubernetes-native manner. Originally developed and supported by EDB, CloudNativePG is a CNCF Sandbox project and the sole PostgreSQL operator in this category.
This email was sent to you from The CloudNativePG Contributors. It was deli= vered on their behalf by the PostgreSQL project. Any questions about the content of the message shou= ld be sent to The CloudNativePG Contributors.

You were sent this email as a subscriber of the pgsql-announce mai= linglist, for the content tag Related Open Source. To unsubscribe from further emails, or change which emails you want to receive, please click th= e personal unsubscribe link that you can find in the headers of this email, or visit https://lists.postgresql.org/unsubscribe/.
 
--===============0933258360649753901==--