Release notes for CloudNativePG 1.27

History of user-visible changes in the 1.27 minor release of CloudNativePG.

For a complete list of changes, please refer to the commits on the release branch in GitHub.

Version 1.27.2

Release date: Dec 9, 2025

Changes

• Updated the default PostgreSQL version to 18.1-system-trixie. (#9178)

• Updated the default PgBouncer version to 1.25.1 for new Pooler deployments. (#9367)

Enhancements

• Added the PostgreSQL majorVersion to the Backup object's status for easier identification and management. (#8464)

• Added the PGBOUNCER_IMAGE_NAME operator configuration parameter to allow overriding the default PgBouncer image. This is useful for air-gapped environments or when using internal registries. (#9232)

• cnpg plugin:

  • Added a --timeout flag to the kubectl cnpg status command for configuring the timeout for filesystem operations such as calculating cluster size. The default remains 10 seconds but can be adjusted for large clusters where operations may take longer. (#9201)

  • Improved cnpg report to generate more shell-friendly file names. (#8984)

Fixes

• Improved resilience of all probe types (liveness, readiness, and startup) to transient Kubernetes API server connectivity issues. Probes now use a caching mechanism that falls back to cached cluster definitions during brief network interruptions, preventing unnecessary pod restarts and probe failures. (#9148)

• Fixed the CheckEmptyWalArchive safeguard to run correctly when restoring from a volume snapshot using CNPG-I backup/WAL plugins (e.g., plugin-barman-cloud). Previously, this check was skipped for plugin-based implementations. (#9306)

• Improved error reporting when ImageCatalog retrieval fails. The operator now emits a Warning event and logs errors for all failure types, not just NotFound errors, improving visibility into configuration issues. (#9266)

• Fixed TLS certificate verification issues when connecting to CNPG-I plugins by adding the cnpg.io/pluginServerName annotation. This allows customizing the DNS name used for certificate verification in environments where the plugin's certificate uses a different DNS name than the Service name. (#9222)

• Fixed an issue where the instance manager controller could fail to restart after an error, reporting a "controller already exists" message. The controller now uses SkipNameValidation for subsequent initialization attempts. Contributed by @mateusoliveira43. (#9123)

• Fixed incorrect WAL restore path handling in plugins when the destination path is absolute, preventing path duplication issues. Contributed by @Endevir. (#9093)

• Fixed the CREATE PUBLICATION SQL generation for multi-table publications to be backward-compatible with PostgreSQL 13+. The previously generated syntax was only valid for PostgreSQL 15+ and caused syntax errors on older versions. (#8888)

• Fixed backup failures in complex pod definitions by reliably selecting the postgres container by name instead of by index. Contributed by @Joda89. (#8964)

• cnpg plugin:

  • Fixed bugs in cnpg report log collection, especially when fetching previous logs. The collector now correctly fetches previous and current logs in separate requests and gracefully handles missing previous logs (e.g., on containers with no restart history), ensuring current logs are always collected. (#8992)

Version 1.27.1

Release date: Oct 23, 2025

Changes

• Delayed the decommissioning of native in-core support for Barman Cloud to at least version 1.29. (#8670)

• Adopted the new format of postgres-containers and postgis-containers images and image catalog artifacts, and updated the default PostgreSQL version to 18.0-system-trixie (PostgreSQL 18 is now supported). (#8578, #8760, #8558)

• Deprecated the monitoring.enablePodMonitor field in the Cluster and Pooler resources. This field will be removed in a future release. Users who rely on PodMonitor resources should create them manually instead. (#8753)

Enhancements

• Added support for overriding the PgBouncer auth_type, server_tls_sslmode, and client_tls_sslmode settings, which were previously hardcoded. Default values remain consistent with the former behavior but can now be customized when required. (#8674)

• Added a CHECKPOINT step before PostgreSQL smart and fast shutdowns to reduce shutdown duration and replica promotion time, especially on systems with a high checkpoint_timeout. (#8867)

• Added a warning in the instance manager for deprecated or unsupported OS versions, based on the official postgres-containers project. (#8601)

• Improved certificate parsing error reporting. Failures now log specific errors instead of a generic message, aiding troubleshooting. This is particularly relevant after the CVE-2025-58187 fix in Go 1.25.2 and 1.24.8, which may trigger parsing failures for invalid DNS SANs. (#8801)

• Added a check to ensure the destination WAL archive path is empty when bootstrapping a cluster using the pg_basebackup method, consistent with other bootstrap methods. (#8895)

• Added validation to prevent backups from running on hibernated clusters. Backups attempted on such clusters now fail with reason ClusterIsHibernated, following the standard prerequisite check pattern. (#8870)

• Added support for pprof profiling. Instances can now enable the pprof tool by adding the alpha.cnpg.io/enableInstancePprof annotation to the Cluster resource for advanced debugging. (#7876)

• cnpg plugin:

• Updated the Flexible I/O Tester (FIO) image to wallnerryan/fiotools-aio:v2, as provided by Ryan Wallner. (#8847)

• Enhanced the cnpg status backup command to provide more detailed status information when using a barman-cloud-based backup plugin. (#8780, #8690)

Fixes

• Fixed backup restoration failures when using custom WAL segment sizes with parallel WAL recovery. The operator no longer manages the end-of-WAL file marker during restoration, preventing errors when backups span multiple WAL segments. (#8873)

• Fixed a bug in major upgrades where a volume snapshot from a previous minor version could be incorrectly used to optimize replica creation. (#8475)

• Fixed initdb to wait for the application user secret before bootstrapping a new cluster, preventing potential race conditions. (#8663)

• Fixed quorum-based failover to work correctly in clusters with only two instances using synchronous replication. (#8680)

• Fixed configuration hash calculation to ignore internal configuration fields, preventing unnecessary reconciliations. (#8868)

• Fixed the connection retry logic in the cnpgi plugin. The reconciliation loop now detects connection pool changes correctly and uses exponential backoff to reduce "closed pool" errors. (#8554)

• Fixed volume snapshot usage during replica scaling to work with backup plugins. Previously, this optimization was only available with the in-tree backup implementation, but now clusters using backup plugins can also leverage volume snapshots when creating new replicas. (#8506)

• Fixed the Pooler templating to correctly inherit settings for the bootstrap controller init container. (#8394)

• Fixed webhook errors to use the correct API group (postgresql.cnpg.io) in Pooler and backup webhooks, ensuring consistent API error reporting. (#8485)

• Fixed a potential nil pointer dereference in the hibernation reconciler when handling errors. Contributed by @PascalBourdier. (#8756)

• Fixed an issue in the environment cache where callers could inadvertently modify shared data. The LoadEnv function now returns a copy of cached environment slices to prevent mutations from affecting the cache. (#8880)

Version 1.27.0

Release date: Aug 12, 2025

Important changes

• The default behavior of the liveness probe has been updated. An isolated primary is now forcibly shut down within the configured livenessProbeTimeout (default: 30 seconds).

Features

• Dynamic loading of PostgreSQL extensions: Introduced the .spec.postgresql.extensions stanza for mounting PostgreSQL extensions, packaged as OCI-compliant container images, as read-only and immutable volumes inside instance pods. This allows dynamic extension management without rebuilding base images. (#7991).

• Logical decoding slot synchronization in HA clusters: Added the synchronizeLogicalDecoding field under spec.replicationSlots.highAvailability to enable automatic synchronization of logical decoding slots across high-availability clusters, ensuring logical replication subscribers continue seamlessly after a publisher failover (#7931).

• Primary Isolation Check: Promoted to stable the liveness pinger experimental feature introduced in 1.26, adding the .spec.probes.liveness.isolationCheck section to enable primary isolation checks in the liveness probe by default. This improves the detection and handling of primary connectivity issues in Kubernetes environments (#7845).

Enhancements

• Introduced an opt-in experimental feature that enables quorum-based failover to improve safety and data durability during failover events. This feature, also called failover quorum, can be activated via the alpha.cnpg.io/failoverQuorum annotation. (#7572).

• Added support for user maps for predefined users such as streaming_replica, allowing the use of self-managed client certificates with different Common Names in environments with strict policies or shared CAs, while still enabling replicas to join clusters using the streaming_replica role (#7725).

• Added a new PhaseFailurePlugin phase in the Cluster status to improve observability of plugin-related failures (#7988).

• Made the Backup.spec field immutable after creation, ensuring consistency and predictability in backup operations (#7904).

• Added fqdn-uri and fqdn-jdbc-uri fields in the user secret to simplify the retrieval of fully qualified domain name-based connection strings (#7852).

• CNPG-I:

  • Added Postgres interface support to the CNPG-I operator, continuing the transition toward a plugin-based architecture (#7179).

  • Added metrics capabilities to the CNPG-I instance webserver, enabling metrics exposure directly from the instance for better observability (#8033).

Fixes

• Unblocked rollouts when migrating to the barman-cloud plugin using the switchover strategy. Former primary Pods now restart correctly after WAL archiving fails due to missing plugin support. (#8236)

Supported versions

• Kubernetes 1.33, 1.32, and 1.31
• PostgreSQL 17, 16, 15, 14, and 13
  • PostgreSQL 17.5 is the default image
  • PostgreSQL 13 support ends on November 12, 2025