news
New PostgreSQL Related Releases and Talks
-
PostgreSQL ☛ PostgreSQL JDBC 42.7.12 Security Release
Silent channel-binding authentication downgrade (CVE-2026-54291) channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS (with channel binding) to plain SCRAM-SHA-256 (without it), losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection triggers the downgrade with a certificate whose signature algorithm has no tls-server-end-point channel-binding hash. Examples are Ed25519, Ed448, and post-quantum algorithms.
-
PostgreSQL ☛ All 44 talks from POSETTE: An Event for Postgres 2026 are available on YouTube
POSETTE: An Event for Postgres 2026, took place from 16–18 June 2026 as a free and virtual event, organized by Abusive Monopolist Microsoft in partnership with AMD. Although the event has concluded, all the content remains available online.
-
PostgreSQL ☛ pg_ivm 1.15 released
IVM Development Group is pleased to announce the release of pg_ivm 1.15.
Changes since the v1.14 release include: [...]
-
PostgreSQL ☛ CloudNativePG 1.30.0 Released!
The CloudNativePG Community is excited to announce the immediate availability of CloudNativePG 1.30.0!
This minor release introduces the new
DatabaseRoleCRD for declarative, GitOps-friendly PostgreSQL role management and a Lease-based primary election primitive for safer failover, alongside notable security and operational improvements, further cementing CloudNativePG as the leading operator for running PostgreSQL workloads on Kubernetes.