EDB CloudNativePG Cluster 1.25.6 release notes v1.28.1

Released: 10 February 2025

This release of EDB CloudNativePG Cluster is built on the final community release of the 1.25.x series of CloudNativePG. EDB will continue providing LTS releases in the 1.25.x series according to our Long-Term Support policy.

This release of EDB CloudNativePG Cluster includes the following:

Enhancements

DescriptionAddresses
Added support for Azure's DefaultAzureCredential authentication mechanism for backup and recovery operations.

This can be enabled by settingazureCredentials.useDefaultAzureCredentials: true in the backup configuration, simplifying authentication in Azure environments without requiring explicit storage account keys or SAS tokens.

#9468

Bug Fixes

DescriptionAddresses
Fixed a bug where replicas could enter a crash-loop by attempting to download timeline history files from future timelines.

This occurred when stale files remained in the WAL archive from a previous cluster life, and replicas would incorrectly try to fetch them during recovery.

#9650
Fixed a race condition in `replica_cluster` setups during designated primary transitions, preventing transient "no primary" states in the replica cluster.#9601
Fixed a validation gap in Azure object store configurations where thestorageAccount was not required when using explicit credentials (such as a storage key or SAS token).

The operator now enforces that a storage account name is provided in these cases and that connectionString is mutually exclusive with other authentication parameters.

#9604
Optimized the deletion path so the operator begins cleaning up resources immediately when a cluster is marked for deletion.

This significantly reduces the time a cluster remains in Terminating status while waiting for internal reconciliation loops.

#9555
Fixed an issue where replication slots were not properly dropped from replicas when the feature was disabled or the cluster was reconfigured.

This ensures that unused slots do not cause WAL build-up on the primary.

#9381
Fixed an issue where imagePullSecrets were not added to the ServiceAccountcreated for the Pooler.

Previously, these secrets were applied to the Deployment but not the SA, which caused image pull failures in restricted environments using certain security policies.

#9427
Added a check to verify ownership before the operator deletes a PodMonitor.

This prevents the operator from accidentally deleting manually managed monitoring resources that happen to share a name with expected CNP resources. Contributed by @juliamertz.

#9340
Fixed a bug where pg_stat_archiver metrics would continue to report stale data on standby instances after a switchover.

The exporter now skips these metrics on standbys, as PostgreSQL only provides valid archiver stats on the primary.

#9411
Clarified the interpretation of timestamp formats for recovery targetTime.

Timestamps provided without an explicit timezone are now consistently interpreted as UTC. Contributed by @pchovelon.

#8937
Fixed backup status updates to prevent "resource has been modified" errors during concurrent updates.#9551
Fixed event reporting to use the correct pod name when a backup pod is not found.#9552
Improved performance of scheduled backup operations for clusters with a very high number of historical backups.#9489
Fixed error handling when removing finalizers on `Database` objects.#9431
Updated the status command to display "Disabled" when theskipWalArchiving annotation is present on a cluster.

This replaces confusing "starting up" or "unknown" states when WAL archiving is intentionally bypassed.

#9709
Fixed the `logs --follow` command to continue polling for new pods instead of exiting prematurely when all current log streams complete.#9599