{"id":4440220,"name":"github.com/cloudnative-pg/cloudnative-pg","ecosystem":"go","description":"","homepage":"https://github.com/cloudnative-pg/cloudnative-pg","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/cloudnative-pg/cloudnative-pg","keywords_array":[],"namespace":"github.com/cloudnative-pg","versions_count":121,"first_release_published_at":"2020-03-06T14:21:00.000Z","latest_release_published_at":"2026-05-08T14:32:07.000Z","latest_release_number":"v1.29.1","last_synced_at":"2026-05-31T22:02:43.239Z","created_at":"2022-05-24T15:12:38.346Z","updated_at":"2026-05-31T22:02:43.240Z","registry_url":"https://pkg.go.dev/github.com/cloudnative-pg/cloudnative-pg","install_command":"go get github.com/cloudnative-pg/cloudnative-pg","documentation_url":"https://pkg.go.dev/github.com/cloudnative-pg/cloudnative-pg#section-documentation","metadata":{},"repo_metadata":{"uuid":"468311851","full_name":"cloudnative-pg/cloudnative-pg","owner":"cloudnative-pg","description":"CloudNativePG is a Kubernetes operator that covers the full lifecycle of a PostgreSQL database cluster with a primary/standby architecture, using native streaming replication","archived":false,"fork":false,"pushed_at":"2023-04-25T15:05:40.000Z","size":17117,"stargazers_count":1172,"open_issues_count":84,"forks_count":92,"subscribers_count":17,"default_branch":"main","last_synced_at":"2023-04-25T16:25:36.619Z","etag":null,"topics":["automated-failover","business-continuity","database","database-management","devops","disaster-recovery","failover","high-availability","json-logging","k8s","kubectl-plugin","kubernetes","operator","postgres","postgresql","prometheus-exporter","replication","self-healing","sql","switchover"],"latest_commit_sha":null,"homepage":"https://cloudnative-pg.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudnative-pg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2022-03-10T11:21:32.000Z","updated_at":"2023-04-24T14:27:58.000Z","dependencies_parsed_at":"2023-01-17T09:03:21.732Z","dependency_job_id":null,"html_url":"https://github.com/cloudnative-pg/cloudnative-pg","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudnative-pg%2Fcloudnative-pg","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudnative-pg%2Fcloudnative-pg/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudnative-pg%2Fcloudnative-pg/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudnative-pg","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":119425736,"owners_count":6005042,"icon_url":"https://github.com/github.png","host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"cloudnative-pg","name":"CloudNativePG","uuid":"100373852","kind":"organization","description":"","email":null,"website":"http://cnpg.io","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/100373852?v=4","repositories_count":10,"last_synced_at":"2023-03-03T21:04:33.172Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/cloudnative-pg","created_at":"2022-11-14T05:34:19.246Z","updated_at":"2023-03-03T21:04:33.221Z","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudnative-pg","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudnative-pg/repositories"},"tags":[{"name":"v1.17.5","sha":"c9e5140b04e11abc40565c32d348a6c6df59e60b","kind":"commit","published_at":"2023-03-20T10:34:38.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.17.5","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.17.5"},{"name":"v1.19.1","sha":"cb24d23703f38360ca341f3cacb9be75dc582f9d","kind":"commit","published_at":"2023-03-20T09:45:36.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.19.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.19.1"},{"name":"v1.18.3","sha":"40d11b41c94b3e7236b6f87f432e9994c2b9953a","kind":"commit","published_at":"2023-03-20T09:43:59.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.18.3","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.18.3"},{"name":"v1.17.4","sha":"a1e21dcb843a6f34dd4e16cce6b67594ecb41bc9","kind":"commit","published_at":"2023-02-14T14:55:21.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.17.4","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.17.4"},{"name":"v1.18.2","sha":"071009e2b8c1164a09d1da1de88dbe9ecba84713","kind":"commit","published_at":"2023-02-14T14:52:45.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.18.2","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.18.2"},{"name":"v1.19.0","sha":"d9bf88dd7f496255bffd516f148f8e79dbc42c65","kind":"commit","published_at":"2023-02-14T14:48:28.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.19.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.19.0"},{"name":"v1.18.1","sha":"202661aa0b5a3c94a662c202944d197838893413","kind":"commit","published_at":"2022-12-21T11:40:27.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.18.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.18.1"},{"name":"v1.17.3","sha":"ad012002116e225841f883b3d93e4229aff5195e","kind":"commit","published_at":"2022-12-21T11:38:44.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.17.3","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.17.3"},{"name":"v1.16.5","sha":"40c68edf6091410c01cf63c53e779145639389fa","kind":"commit","published_at":"2022-12-21T11:35:20.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.16.5","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.16.5"},{"name":"v1.18.0","sha":"2f6d1cefcdce4c2fb5c372605f3c2aacd79d3f74","kind":"commit","published_at":"2022-11-10T17:56:22.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.18.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.18.0"},{"name":"v1.17.2","sha":"b71e069fc51f5e8801867bb761990227ebfc5790","kind":"commit","published_at":"2022-11-10T17:55:05.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.17.2","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.17.2"},{"name":"v1.16.4","sha":"a6e04a9db110ce920ae90b24586025e3c32fde29","kind":"commit","published_at":"2022-11-10T17:48:25.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.16.4","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.16.4"},{"name":"v1.17.1","sha":"a17b8180cf3fb13a1969740c719c487aed703b95","kind":"commit","published_at":"2022-10-06T13:42:54.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.17.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.17.1"},{"name":"v1.16.3","sha":"56947fe2120d9c548bba233deb5b316e8905c0f3","kind":"commit","published_at":"2022-10-06T13:39:56.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.16.3","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.16.3"},{"name":"v1.15.5","sha":"5f48de0f1efcd3aa003e412662ec182cb04da010","kind":"commit","published_at":"2022-10-06T13:33:42.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.15.5","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.15.5"},{"name":"v1.17.0","sha":"dbc295077408daca5e494d768e5336e3fe9ab014","kind":"commit","published_at":"2022-09-06T16:02:33.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.17.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.17.0"},{"name":"v1.15.4","sha":"7448453edecf0f7d9731ab594edb3f776d2b1b6f","kind":"commit","published_at":"2022-09-06T14:39:46.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.15.4","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.15.4"},{"name":"v1.16.2","sha":"75639361cf887330abdda925de95e4ced22cb27c","kind":"commit","published_at":"2022-09-06T14:39:20.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.16.2","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.16.2"},{"name":"v1.16.1","sha":"14600bab519613496c253674095ec5f6862bf760","kind":"commit","published_at":"2022-08-12T21:52:35.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.16.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.16.1"},{"name":"v1.15.3","sha":"e4b274f437a66e814e9320dad7c59106212ec529","kind":"commit","published_at":"2022-08-12T21:10:52.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.15.3","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.15.3"},{"name":"v1.16.0","sha":"31ffee2d852f93d7c64c73372c68451420714a38","kind":"commit","published_at":"2022-07-07T15:05:36.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.16.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.16.0"},{"name":"v1.15.2","sha":"39d003240a7da52d746ef953b5c86787ae2c2cd2","kind":"commit","published_at":"2022-07-07T13:17:33.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.15.2","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.15.2"},{"name":"v1.15.1","sha":"d092e9d05c6771ec2a141531f8c38ab8b775f022","kind":"commit","published_at":"2022-05-27T09:25:55.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.15.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.15.1"},{"name":"v1.15.0","sha":"80cfb96fbabe0b2261d99d4ae3b79cc8b1f75d8a","kind":"commit","published_at":"2022-04-21T13:49:44.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.15.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.15.0"},{"name":"v1.14.0","sha":"e65de86b35e7faf5936ec8775a7d2910819d506f","kind":"commit","published_at":"2022-03-25T17:54:37.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.14.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.14.0"},{"name":"v1.13.0","sha":"3b82b502d079c453f2840e5e1eff1a522b1d3577","kind":"commit","published_at":"2022-02-17T17:55:10.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.13.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.13.0"},{"name":"v1.12.0","sha":"3d63a564d20b5619cf87549152efab73d83f1894","kind":"commit","published_at":"2022-01-11T16:23:48.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.12.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.12.0"},{"name":"v1.11.0","sha":"d24a2771272b21cfda75fa4b95dc69fb1d919880","kind":"commit","published_at":"2021-12-15T19:52:20.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.11.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.11.0"},{"name":"v1.10.0","sha":"74ee6d921692da5d4b1b22eff3893e97ec30be5c","kind":"commit","published_at":"2021-11-11T17:51:57.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.10.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.10.0"},{"name":"v1.9.2","sha":"2f04ac6513dbea041d37508ec68f6cdcb9796e33","kind":"commit","published_at":"2021-10-15T20:30:22.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.9.2","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.9.2"},{"name":"v1.9.1","sha":"f7617399c8a716b989d9a960848e110da56fbf25","kind":"commit","published_at":"2021-09-30T17:41:40.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.9.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.9.1"},{"name":"v1.9.0","sha":"4965ee1fe74cea40da7d0d09fdfa779393ee7c22","kind":"commit","published_at":"2021-09-28T14:24:12.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.9.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.9.0"},{"name":"v1.8.0","sha":"5e633354679744c82ae452c0f07f7850102413c4","kind":"commit","published_at":"2021-09-13T21:40:45.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.8.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.8.0"},{"name":"v1.7.1","sha":"1ed91976ef0151afcbef0f16f8efbc7d9cb9e25d","kind":"commit","published_at":"2021-08-11T14:01:12.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.7.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.7.1"},{"name":"v1.7.0","sha":"a17a1a19780efd40770dcd12f82cf38017a18437","kind":"commit","published_at":"2021-07-28T14:02:16.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.7.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.7.0"},{"name":"v1.6.0","sha":"9c987d93639ab2f5bab6bff951d01e44eaf778d3","kind":"commit","published_at":"2021-07-12T08:53:45.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.6.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.6.0"},{"name":"v1.5.1","sha":"d33848bf5f40229eebf5458c3fa7a2447085353b","kind":"commit","published_at":"2021-06-17T15:54:31.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.5.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.5.1"},{"name":"v1.5.0","sha":"de513449a323c90eff5eb1c295e70592060a6827","kind":"tag","published_at":"2021-06-11T11:04:10.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.5.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.5.0"},{"name":"v1.4.0","sha":"e60eecf51e518a326f4678df1b68651f75a1168d","kind":"commit","published_at":"2021-05-18T13:27:01.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.4.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.4.0"},{"name":"v1.3.0","sha":"31b138b3a07f3c4aecefc8f032bdb92efe0a495f","kind":"commit","published_at":"2021-04-23T15:30:32.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.3.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.3.0"},{"name":"v1.2.1","sha":"46cff6b65a8dedbd802a292d21019c13b1397352","kind":"commit","published_at":"2021-04-06T16:17:32.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.2.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.2.1"},{"name":"v1.2.0","sha":"f953d1cfd959484af8cf42b990f60015598fb001","kind":"commit","published_at":"2021-03-31T16:04:56.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.2.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.2.0"},{"name":"v1.1.0","sha":"9da73780889f7f921d5e03c4ffa54500247e6306","kind":"commit","published_at":"2021-03-03T12:06:49.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.1.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.1.0"},{"name":"v1.0.0","sha":"9e08cf5dc450ad4e01f0d345a696bd008efd4262","kind":"commit","published_at":"2021-02-04T18:22:21.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v1.0.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.0.0"},{"name":"v0.8.0","sha":"68f2bd69fe09c2b1fa70dfd08c2d589bec684f64","kind":"tag","published_at":"2021-01-29T12:32:34.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.8.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.8.0"},{"name":"v0.7.0","sha":"54a60b3e0f9e6e54fd9ddb18952ef3387fcb1a8a","kind":"commit","published_at":"2020-12-31T15:05:04.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.7.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.7.0"},{"name":"v0.6.0","sha":"d8f3d808077a7eb552e96477dafe5171c1be4ce0","kind":"tag","published_at":"2020-12-04T16:51:54.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.6.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.6.0"},{"name":"v0.5.0","sha":"54fa2ad858e13be2f54799ad82cec8e6fdef056f","kind":"tag","published_at":"2020-11-20T10:49:34.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.5.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.5.0"},{"name":"v0.4.0","sha":"f2de17c10d789c1de2f7e428caefc452bb9de2fc","kind":"tag","published_at":"2020-11-04T12:50:24.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.4.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.4.0"},{"name":"v0.3.0","sha":"b01d379e924d89ae728a922b9871527b51bccdf5","kind":"tag","published_at":"2020-09-25T16:54:30.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.3.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.3.0"},{"name":"v0.2.0","sha":"e6adccaf396744dd2f8a5af2dab6478e712ce1a2","kind":"tag","published_at":"2020-08-12T13:03:38.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.2.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.2.0"},{"name":"v0.1.0","sha":"ef4af534423261ecc6ae56b0ed24e21cf5809874","kind":"tag","published_at":"2020-04-03T10:15:26.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.1.0","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.1.0"},{"name":"v0.0.1","sha":"91c389dc19a3c00ef43cc5e9a18f8da13f8ff58a","kind":"tag","published_at":"2020-03-04T17:11:43.000Z","download_url":"https://codeload.github.com/cloudnative-pg/cloudnative-pg/tar.gz/v0.0.1","html_url":"https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v0.0.1"}]},"repo_metadata_updated_at":"2023-04-25T17:01:59.104Z","dependent_packages_count":4,"downloads":null,"downloads_period":null,"dependent_repos_count":1,"rankings":{"downloads":null,"dependent_repos_count":4.716716996980181,"dependent_packages_count":3.3744975301481914,"stargazers_count":1.9539827610343379,"forks_count":2.7183396179625405,"docker_downloads_count":2.112172255601859,"average":2.975141832345422},"purl":"pkg:golang/github.com/cloudnative-pg/cloudnative-pg","advisories":[{"uuid":"GSA_kwCzR0hTQS00MjNwLWc3MjQtZnIzOc4ABWkT","url":"https://github.com/advisories/GHSA-423p-g724-fr39","title":"CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE","description":"### Impact\n\nThe CloudNativePG metrics exporter opens its PostgreSQL connection as the `postgres` superuser via the pod-local Unix socket, then demotes the session with `SET ROLE pg_monitor`. `SET ROLE` changes only `current_user`; `session_user` remains `postgres`. That residual superuser identity is the foothold for the rest of the chain.\n\nAny SQL expression evaluated inside the scrape session can invoke `RESET ROLE` to recover real superuser privileges, then use `COPY ... TO PROGRAM` to spawn an OS-level subprocess as the `postgres` user inside the primary pod. The `READ ONLY` transaction flag does not block this; it gates writes to database state, not external processes.\n\nTwo exploitation paths follow from this root cause.\n\n#### Path 1: custom metric queries with unqualified identifiers (all supported releases)\n\nA database user who owns a schema on the `search_path` of any scraped database can plant a shadow object whose name matches an unqualified identifier in a custom metric query. When the exporter next evaluates that query, the shadow expression executes inside the `session_user = postgres` scrape session, giving the attacker PostgreSQL superuser privileges and OS command execution inside the primary pod within one scrape interval (≤30 s). Exploitability requires a custom metric query that contains an unqualified relation or function reference.\n\nAlthough `search_path` shadowing of unqualified identifiers is the most direct case, the underlying bug is that any expression evaluated inside the scrape session is a superuser code path. Other exploitable shapes include user-defined functions, operators or casts resolved during the scrape, joins or subqueries against user-owned tables and views, and index expressions or RLS policies on read-touched objects.\n\n#### Path 2: stock `default-monitoring.yaml` (all supported releases, no custom metrics required)\n\nThe `pg_extensions` metric shipped in `default-monitoring.yaml` used an unqualified `current_database()` call and ran against every user database (`target_databases: '*'`). Any non-superuser who owns a user database (including the default `app` role created by `bootstrap.initdb`) could shadow `current_database()` and trigger the full escalation chain against a stock CNPG deployment on the first scrape after the shadow was planted.\n\n#### Combined impact\n\nThe chain yields privilege escalation from a low-privileged database role (e.g. the default `app` role) to PostgreSQL superuser, plus arbitrary OS command execution as the `postgres` user inside the primary pod, all within one scrape interval. A web application SQL injection vulnerability in an app backed by a CNPG cluster is therefore sufficient to pivot to database-pod RCE.\n\n#### Who is impacted\n\n- All deployments on any supported release with default monitoring enabled are affected by Path 2.\n- All deployments on any supported release that use custom metric queries containing unqualified catalog references are affected by Path 1.\n- Multi-tenant platforms that allow customers to supply or influence custom metric query bodies are at the highest risk for Path 1.\n\n### Patches\n\nThree separate patches address the vulnerability.\n\n#### Patch 1: PR #10576 \"schema-qualify catalog references in default monitoring queries and documentation samples\"\n\nSchema-qualifies all unqualified `pg_catalog` function and view references in the shipped `default-monitoring.yaml` and in documentation examples. This closes Path 2 in operator-shipped configuration and removes the unqualified-identifier attack surface from all operator-shipped metric queries. Operators who clone or copy `default-monitoring.yaml` into custom monitoring `ConfigMap`s, or have copy-pasted unqualified queries elsewhere, must re-qualify those queries themselves.\n\nBackported to all currently supported releases:\n\n- **v1.29.x** (x ≥ 1)\n- **v1.28.x** (x ≥ 3)\n\n#### Patch 2: \"dedicated `cnpg_metrics_exporter` role with `pg_ident.conf` peer mapping\"\n\nIntroduces a dedicated `cnpg_metrics_exporter` PostgreSQL role (granted `pg_monitor`, no superuser privileges) and maps it in `pg_ident.conf` via peer authentication on the local Unix socket, following the same pattern already used for `cnpg_pooler_pgbouncer`. The metrics exporter connects as this role instead of `postgres`, so `session_user` is never a superuser and `RESET ROLE` has no escalation effect. This eliminates the root cause entirely.\n\nDemoting the session at the SQL level (via `SET SESSION AUTHORIZATION pg_monitor`) is not sufficient: the privilege check for `SET SESSION AUTHORIZATION` is whether the *authenticated* user is a superuser, not the current `session_user`. With the connection still authenticated as `postgres`, any SQL in the session can run `RESET SESSION AUTHORIZATION` and recover the original superuser identity. This is the same recovery primitive as `RESET ROLE`, one layer up. Only changing the authenticated user closes the loop.\n\nWith this change in place, the original chain breaks at every step: `RESET ROLE` and `RESET SESSION AUTHORIZATION` cannot recover superuser, and `COPY ... TO PROGRAM` requires a privilege `pg_monitor` does not grant. As defense in depth, the monitoring transaction also prepends `pg_catalog` to the connection's `search_path`, so unqualified catalog identifiers cannot resolve to user-planted shadow objects.\n\nThis patch changes the connection identity but not how queries are evaluated. Custom metric queries within `pg_monitor`'s scope (catalog reads, `pg_stat_*` views, settings) continue to work without modification. Queries that previously relied on superuser-level access (reading user-owned tables not granted to `cnpg_metrics_exporter`, or superuser-only catalogs such as `pg_authid` or `pg_subscription`) will fail and need explicit `GRANT` statements to `cnpg_metrics_exporter`.\n\nThe role is created and maintained with `PASSWORD NULL`; any password set out-of-band is cleared on the next reconcile, so the role cannot be authenticated by password regardless of operator pre-creation.\n\nFor replica clusters, upgrade the source primary cluster before any replica clusters that consume from it. The `cnpg_metrics_exporter` role is created on the source primary and replicates downstream; a replica cluster upgraded first will scrape against a missing role until the source primary upgrades or the role is created manually (see the monitoring documentation).\n\nThe patch will be backported to all currently supported releases:\n\n- **v1.29.x** (x ≥ 1)\n- **v1.28.x** (x ≥ 3)\n\n### Workarounds\n\nIf upgrading immediately is not possible:\n\n1. **Schema-qualify all identifiers in custom metric queries.** Use explicit `pg_catalog.` prefixes for all catalog functions and views (e.g. `pg_catalog.current_database()`, `pg_catalog.now()`). This is a partial mitigation: it closes the `search_path`-shadowing shape in operator- and user-supplied metric bodies, but other expression shapes (user-defined functions, operators or casts; joins or subqueries on user-owned tables and views; RLS policies on read-touched objects) remain superuser code paths until Patch 2 lands.\n\n2. **Restrict database ownership.** Ensure only fully trusted roles own user databases in scraped clusters. The exploit requires the ability to plant an object on the metrics exporter's `search_path` in a scraped database, typically by owning the database (and therefore `public` via `pg_database_owner`) or by holding `CREATE` on a schema already reachable through `search_path`.\n\n    *PG \u003c15 caveat:* `public` grants `CREATE` to `PUBLIC` by default before PostgreSQL 15, so any authenticated role in a scraped database can plant a shadow object regardless of ownership.\n\n3. **Limit the scope of `target_databases: '*'` queries.** Avoid `target_databases: '*'` unless every database in the cluster, and every role that owns one, is fully trusted. Where possible, restrict `target_databases` to specific, known-safe databases.\n\n4. **Do not expose metric query SQL to untrusted users.** Multi-tenant platforms that allow customers to supply or influence custom metric query bodies should treat this as a critical trust boundary until the architectural fix is released.\n\n### References\n\n- Fix (Patch 1): PR #10576 \"schema-qualify catalog references in default monitoring queries and documentation samples\"\n- Fix (Patch 2): \"dedicated `cnpg_metrics_exporter` role with `pg_ident.conf` peer mapping\"\n- Reported by: Mehmet Ince","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2026-05-11T15:59:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.4,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H","references":["https://github.com/cloudnative-pg/cloudnative-pg/security/advisories/GHSA-423p-g724-fr39","https://github.com/cloudnative-pg/cloudnative-pg/pull/10576","https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.28.3","https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.29.1","https://github.com/advisories/GHSA-423p-g724-fr39"],"source_kind":"github","identifiers":["GHSA-423p-g724-fr39","CVE-2026-44477"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-05-11T16:00:09.139Z","updated_at":"2026-05-30T17:00:30.106Z","epss_percentage":0.00038,"epss_percentile":0.11913,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00MjNwLWc3MjQtZnIzOc4ABWkT","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00MjNwLWc3MjQtZnIzOc4ABWkT","packages":[{"ecosystem":"go","package_name":"github.com/cloudnative-pg/cloudnative-pg","versions":[{"first_patched_version":"1.29.1","vulnerable_version_range":"\u003e= 1.29.0, \u003c 1.29.1"},{"first_patched_version":"1.28.3","vulnerable_version_range":"\u003c 1.28.3"}],"purl":"pkg:go/github.com%2Fcloudnative-pg%2Fcloudnative-pg"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00MjNwLWc3MjQtZnIzOc4ABWkT/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/cloudnative-pg/cloudnative-pg","docker_dependents_count":1,"docker_downloads_count":10,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/cloudnative-pg/cloudnative-pg","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/cloudnative-pg/cloudnative-pg/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2023-05-19T06:49:51.500Z","issues_count":54,"pull_requests_count":56,"avg_time_to_close_issue":1215087.44,"avg_time_to_close_pull_request":527414.119047619,"issues_closed_count":25,"pull_requests_closed_count":42,"pull_request_authors_count":19,"issue_authors_count":31,"avg_comments_per_issue":0.8333333333333334,"avg_comments_per_pull_request":4.571428571428571,"merged_pull_requests_count":30,"bot_issues_count":3,"bot_pull_requests_count":19,"past_year_issues_count":54,"past_year_pull_requests_count":56,"past_year_avg_time_to_close_issue":1215087.44,"past_year_avg_time_to_close_pull_request":527414.119047619,"past_year_issues_closed_count":25,"past_year_pull_requests_closed_count":42,"past_year_pull_request_authors_count":19,"past_year_issue_authors_count":31,"past_year_avg_comments_per_issue":0.8333333333333334,"past_year_avg_comments_per_pull_request":4.571428571428571,"past_year_bot_issues_count":3,"past_year_bot_pull_requests_count":19,"past_year_merged_pull_requests_count":30},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcloudnative-pg%2Fcloudnative-pg/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcloudnative-pg%2Fcloudnative-pg/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcloudnative-pg%2Fcloudnative-pg/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcloudnative-pg%2Fcloudnative-pg/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcloudnative-pg%2Fcloudnative-pg/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcloudnative-pg%2Fcloudnative-pg/codemeta","maintainers":[]}