credcheck v4.7 has been released - HexaCluster via PostgreSQL Announce

public inbox for pgsql-announce@postgresql.org  
help / color / mirror / Atom feed

From: HexaCluster via PostgreSQL Announce <announce-noreply@postgresql.org>
To: PostgreSQL Announce <pgsql-announce@lists.postgresql.org>
Subject: credcheck v4.7 has been released
Date: Mon, 20 Apr 2026 01:16:02 +0000
Message-ID: <177664776247.403058.7443930351063374292@wrigleys.postgresql.org> (raw)

Antananarivo, Madagascar - April 19, 2026

## PostgreSQL credcheck extension

The credcheck PostgreSQL extension provides few general credential checks, which will be evaluated during the user creation, during the password change and user renaming. By using this extension, we can define a set of rules:

  * allow a specific set of credentials
  * reject a certain type of credentials
  * deny password that can be easily cracked
  * enforce use of an expiration date with a minimum of day for a password
  * define a password reuse policy
  * define the number of authentication failure allowed before a user is banned
  * define a delay on authentication failures
  * force users to change their password after first login
  * throw a warning N days before when the password user is about to expire

This release fixes issues reported by users since last release and adds
two new features.

  - Allow no password policy checks at all for changes done by a superuser
    enabling new GUC `credcheck.superuser_nocheck`.
  - Add feature "Disallow password change" to disallow users to change
    their password. This behavior is enabled by enabling new GUC
    `credcheck.disallow_password_change`. It returns the following message
    when a user tries to change its password:
    `ERROR:  you are not allowed to change your password.`
  - Fix `credcheck.password_valid_until` when CREATE/ALTER ROLE is called from a plpgsql block.
  - Fix password_valid_until / password_valid_max behavior.


Upgrade require a PostgreSQL restart to reload the credcheck library.

Complete list of changes and acknowledgements are available [here](https://github.com/HexaCluster/credcheck/releases/tag/v4.7)

## Links & Credits

credcheck is an open project under the PostgreSQL license maintained by [HexaCluster](https://github.com/HexaCluster/credcheck/).
Any contribution to build a better tool is welcome. You can send your ideas, features requests or patches
using the GitHub tools.

**Links :**

* Download:  [https://github.com/HexaCluster/credcheck/releases/](https://github.com/HexaCluster/credcheck/releases/)
* Support: use GitHub report tool at [https://github.com/HexaCluster/credcheck/issues](https://github.com/HexaCluster/credcheck/issues)

## About credcheck

The credcheck extension is developed and maintained by Gilles Darold at [https://hexacluster.ai](HexaCluster Corp). If you need more information please [https://hexacluster.ai/contact-us/](contact us).

Documentation at [https://github.com/HexaCluster/credcheck#readme](https://github.com/HexaCluster/credcheck#readme)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: pgsql-announce@postgresql.org
  Cc: announce-noreply@postgresql.org, pgsql-announce@lists.postgresql.org
  Subject: Re: credcheck v4.7 has been released
  In-Reply-To: <177664776247.403058.7443930351063374292@wrigleys.postgresql.org>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox