Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wgPv7-006Ary-2E for pgsql-announce@arkaria.postgresql.org; Sun, 05 Jul 2026 16:42:17 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wgPu6-00Cpkj-1P for pgsql-announce@arkaria.postgresql.org; Sun, 05 Jul 2026 16:41:14 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wgPu5-00Cpjf-0x for pgsql-announce@lists.postgresql.org; Sun, 05 Jul 2026 16:41:13 +0000 Received: from mahout.postgresql.org ([2001:4800:3e1:1::227]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wgPu1-00000001f3a-40oN for pgsql-announce@lists.postgresql.org; Sun, 05 Jul 2026 16:41:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=postgresql.org; s=20171124; h=Message-ID:Date:Reply-To:From:To:Subject: MIME-Version:Content-Type:Sender:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=wZkCueR8Dq3VUiUaBuDGxywjUEzv0FcghVOJdc2FhnU=; b=Vq15EG83RIysaEQUrQi6cXiauk cCPPXfmbSGE0OLlOkM0N+Yb0YrqhB5mukL7jp4032StwFqVFC1d4zfgFhX1o+bzaRR6Exa32Ut7e5 K6M2ABDimWTHMOCKr6A6Z91lMFVe46JkKQdfuBzNu7tlYFgHzuhCrVWK+SlTulBnjuJA8nYkQ03jp 3GDEHTuV2uwiu+AZnM5Yuye+2DS2EwOUDNy6kjgI9KAgJv07vKoYqZn7HYheANtFaxq4hJogQFUAI 8ASzqRo5f9K208iRHtgdB4WdvRl7zbsYvp4OiwYjMc64w7B4jMJdYC82KQ+cJFhiYQxXBZqnT2tS9 QWGpTm9Q==; Received: from wrigleys.postgresql.org ([2a02:16a8:dc51::60]) by mahout.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wgPu0-00B9O7-2u for pgsql-announce@lists.postgresql.org; Sun, 05 Jul 2026 16:41:09 +0000 Received: from localhost ([127.0.0.1] helo=wrigleys.postgresql.org) by wrigleys.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wgPhL-00DKJm-2N for pgsql-announce@lists.postgresql.org; Sun, 05 Jul 2026 16:28:03 +0000 Content-Type: multipart/alternative; boundary="===============5625504342203415912==" MIME-Version: 1.0 Subject: credcheck v5.0 has been released To: PostgreSQL Announce From: HexaCluster via PostgreSQL Announce Reply-To: gilles@hexacluster.ai Date: Sun, 05 Jul 2026 16:27:37 +0000 Message-ID: <178326885726.108996.15962152301608591926@wrigleys.postgresql.org> X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-pglister-tags: related X-pglister-tagsig: be3d2574779f9525f683973c5205eb2ec89500e9f85150397d7e2ef3565addaf List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --===============5625504342203415912== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Bangkok, Thailand - June 21, 2026 ## PostgreSQL credcheck extension The credcheck PostgreSQL extension provides few general credential checks, = which will be evaluated during the user creation, during the password chang= e and user renaming. By using this extension, we can define a set of rules: * allow a specific set of credentials * reject a certain type of credentials * deny password that can be easily cracked * enforce use of an expiration date with a minimum of day for a password * define a password reuse policy * define the number of authentication failure allowed before a user is ba= nned * define a delay on authentication failures * force users to change their password after first login * throw a warning N days before when the password user is about to expire Release 5.0 has been published,=20 This major release adds compatibility with PostgreSQL v19 and makes password history replication-aware. It also fixes some issues reported by users since last release. - Add information about credcheck.disallow_change_password and credcheck.superuser_nocheck use. - Disable any CREATE/ALTER ROLE checks for superusers when credcheck.supe= ruser_nocheck is enabled. Upgrade require a PostgreSQL restart to reload the credcheck library. Complete list of changes and acknowledgements are available [here](https://= github.com/HexaCluster/credcheck/releases/tag/v5.0) ## Links & Credits credcheck is an open project under the PostgreSQL license maintained by [He= xaCluster](https://github.com/HexaCluster/credcheck/). Any contribution to build a better tool is welcome. You can send your ideas= , features requests or patches using the GitHub tools. **Links :** * Download: [https://github.com/HexaCluster/credcheck/releases/](https://g= ithub.com/HexaCluster/credcheck/releases/) * Support: use GitHub report tool at [https://github.com/HexaCluster/credch= eck/issues](https://github.com/HexaCluster/credcheck/issues) ## About credcheck The credcheck extension is developed and maintained by Gilles Darold at [He= xaCluster Corp](https://hexacluster.ai). If you need more information pleas= e [contact us](https://hexacluster.ai/contact-us/). Documentation at [https://github.com/HexaCluster/credcheck#readme](https://= github.com/HexaCluster/credcheck#readme) --===============5625504342203415912== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable credcheck v5.0 has been released
 

credcheck v5.0 has been released

Bangkok, Thailand - June 21, 2026

PostgreSQL credcheck extension<= /h2>

The credcheck PostgreSQL extension provides= few general credential checks, which will be evaluated during the user cre= ation, during the password change and user renaming. By using this extensio= n, we can define a set of rules:

  • allow a specifi= c set of credentials
  • reject a certai= n type of credentials
  • deny password t= hat can be easily cracked
  • enforce use of = an expiration date with a minimum of day for a password
  • define a passwo= rd reuse policy
  • define the numb= er of authentication failure allowed before a user is banned
  • define a delay = on authentication failures
  • force users to = change their password after first login
  • throw a warning= N days before when the password user is about to expire

Release 5.0 has been published,

This major release adds compatibility with = PostgreSQL v19 and makes password history replication-aware. It also fixes some issues reported by users since last release.

  • Add information= about credcheck.disallow_change_password and credcheck.superuser_nocheck use.
  • Disable any CRE= ATE/ALTER ROLE checks for superusers when credcheck.superuser_nocheck is enabled.

Upgrade require a PostgreSQL restart to rel= oad the credcheck library.

Complete list of changes and acknowledgemen= ts are available here<= /p>

Links & Credits

credcheck is an open project under the Post= greSQL license maintained by HexaCluster. Any contribution to build a better tool is welcome. You can send your ideas= , features requests or patches using the GitHub tools.

Links :

About credcheck

The credcheck extension is developed and ma= intained by Gilles Darold at HexaCluster Corp. If you need= more information please contact us.

Documentation at https://github.com/HexaCluster/credcheck#readme

This email was sent to you from HexaCluster. It was delivered on their beha= lf by the PostgreSQL project. Any questions about the content of the message shou= ld be sent to HexaCluster.

You were sent this email as a subscriber of the pgsql-announce mai= linglist, for the content tag Related Open Source. To unsubscribe from further emails, or change which emails you want to receive, please click th= e personal unsubscribe link that you can find in the headers of this email, or visit https://lists.postgresql.org/unsubscribe/.
 
--===============5625504342203415912==--