Released: 9 June 2026
Highlights
With the fix of CVE-2026-44477 /
GHSA-423p-g724-fr39
in PG4K operator 1.28.3 or later, the metrics exporter no longer
authenticates as the postgres superuser. It now uses a dedicated
cnp_metrics_exporter role with pg_monitor and bdr_monitor privileges
only, closing a chain that let a low-privilege database user gain PostgreSQL
superuser. Custom monitoring queries that read user-owned tables, or use
target_databases: '*' against databases where PUBLIC CONNECT has been
revoked, need explicit GRANT statements to cnp_metrics_exporter.
Supported versions
- Kubernetes: 1.33, 1.34, and 1.35
- PostgreSQL: 18, 17, 16, 15, and 14
- The tested PG4K version is v1.28.3
- Update the default PGD image to PostgreSQL 18.4 and PGD 6.4.0 expanded (image
postgresql-pgd:18.4-pgd640-expanded-ubi9)
This release of EDB Postgres® AI for CloudNativePG™ Global Cluster includes the following:
Features
| Description | Addresses |
|---|---|
| Track pgdgroup phases updates in logs | #2172 |
| Add retry support for restore from volume snapshots | #2198 |
| Use updateStrategy for node and group services | #2221 |
| Disable WAL archive and remove EDB audit log in physical join job | #2245 |
Security Fixes
| Description | Addresses |
|---|---|
| Updated operator base image to ubi-micro v9.8 | #1514 |
| Bump the go version to v1.26.4 |
Bug Fixes
| Description | Addresses |
|---|---|
| Recognize the connection refused message as a PostgreSQL restarting signal | #2182 |
| Enhance the pgdgroupcleanup phase to ensure the `NoExecutorFound` is a final phase | #2177 |
| Update operator UBI base image to ubi 9.8 | #2251 |
| Propagate PgIdent from PGDGroup to CNP Cluster | #2277 |