Content-Type: multipart/alternative; boundary="===============4749963812533566026=="
MIME-Version: 1.0
Subject: credcheck v4.7 has been released
To: PostgreSQL Announce <pgsql-announce@lists.postgresql.org>
From: HexaCluster via PostgreSQL Announce <announce-noreply@postgresql.org>
Reply-To: gilles@hexacluster.ai
Date: Mon, 20 Apr 2026 01:16:02 +0000
Message-ID: <177664776247.403058.7443930351063374292@wrigleys.postgresql.org>
Auto-Submitted: auto-generated
Archived-At: <https://www.postgresql.org/message-id/177664776247.403058.7443930351063374292%40wrigleys.postgresql.org>
Precedence: bulk

--===============4749963812533566026==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Antananarivo, Madagascar - April 19, 2026

## PostgreSQL credcheck extension

The credcheck PostgreSQL extension provides few general credential checks, =
which will be evaluated during the user creation, during the password chang=
e and user renaming. By using this extension, we can define a set of rules:

  * allow a specific set of credentials
  * reject a certain type of credentials
  * deny password that can be easily cracked
  * enforce use of an expiration date with a minimum of day for a password
  * define a password reuse policy
  * define the number of authentication failure allowed before a user is ba=
nned
  * define a delay on authentication failures
  * force users to change their password after first login
  * throw a warning N days before when the password user is about to expire

This release fixes issues reported by users since last release and adds
two new features.

  - Allow no password policy checks at all for changes done by a superuser
    enabling new GUC `credcheck.superuser_nocheck`.
  - Add feature "Disallow password change" to disallow users to change
    their password. This behavior is enabled by enabling new GUC
    `credcheck.disallow_password_change`. It returns the following message
    when a user tries to change its password:
    `ERROR:  you are not allowed to change your password.`
  - Fix `credcheck.password_valid_until` when CREATE/ALTER ROLE is called f=
rom a plpgsql block.
  - Fix password_valid_until / password_valid_max behavior.


Upgrade require a PostgreSQL restart to reload the credcheck library.

Complete list of changes and acknowledgements are available [here](https://=
github.com/HexaCluster/credcheck/releases/tag/v4.7)

## Links & Credits

credcheck is an open project under the PostgreSQL license maintained by [He=
xaCluster](https://github.com/HexaCluster/credcheck/).
Any contribution to build a better tool is welcome. You can send your ideas=
, features requests or patches
using the GitHub tools.

**Links :**

* Download:  [https://github.com/HexaCluster/credcheck/releases/](https://g=
ithub.com/HexaCluster/credcheck/releases/)
* Support: use GitHub report tool at [https://github.com/HexaCluster/credch=
eck/issues](https://github.com/HexaCluster/credcheck/issues)

## About credcheck

The credcheck extension is developed and maintained by Gilles Darold at [ht=
tps://hexacluster.ai](HexaCluster Corp). If you need more information pleas=
e [https://hexacluster.ai/contact-us/](contact us).

Documentation at [https://github.com/HexaCluster/credcheck#readme](https://=
github.com/HexaCluster/credcheck#readme)
--===============4749963812533566026==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable


<!doctype html>
<html>
  <head>
    <meta name=3D"viewport" content=3D"width=3Ddevice-width">
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8=
">
    <title>credcheck v4.7 has been released</title>
    <style>

    @media only screen and (max-width: 620px) {
      table[class=3Dbody] h1 {
        font-size: 28px !important;
        margin-bottom: 10px !important;
      }
      table[class=3Dbody] p,
            table[class=3Dbody] ul,
            table[class=3Dbody] ol,
            table[class=3Dbody] td,
            table[class=3Dbody] span,
            table[class=3Dbody] a {
        font-size: 16px !important;
      }
      table[class=3Dbody] .wrapper,
            table[class=3Dbody] .article {
        padding: 10px !important;
      }
      table[class=3Dbody] .content {
        padding: 0 !important;
      }
      table[class=3Dbody] .container {
        padding: 0 !important;
        width: 100% !important;
      }
      table[class=3Dbody] .main {
        border-left-width: 0 !important;
        border-radius: 0 !important;
        border-right-width: 0 !important;
      }
      table[class=3Dbody] .btn table {
        width: 100% !important;
      }
      table[class=3Dbody] .btn a {
        width: 100% !important;
      }
      table[class=3Dbody] .img-responsive {
        height: auto !important;
        max-width: 100% !important;
        width: auto !important;
      }
    }

    @media all {
      .ExternalClass {
        width: 100%;
      }
      .ExternalClass,
            .ExternalClass p,
            .ExternalClass span,
            .ExternalClass font,
            .ExternalClass td,
            .ExternalClass div {
        line-height: 100%;
      }
      .apple-link a {
        color: inherit !important;
        font-family: inherit !important;
        font-size: inherit !important;
        font-weight: inherit !important;
        line-height: inherit !important;
        text-decoration: none !important;
      }
      #MessageViewBody a {
        color: inherit;
        text-decoration: none;
        font-size: inherit;
        font-family: inherit;
        font-weight: inherit;
        line-height: inherit;
      }
      .btn-primary table td:hover {
        background-color: #34495e !important;
      }
      .btn-primary a:hover {
        background-color: #34495e !important;
        border-color: #34495e !important;
      }
    }
    </style>
  </head>
  <body class=3D"" style=3D"background-color: #f6f6f6; font-family: sans-se=
rif; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4=
; margin: 0; padding: 0; -ms-text-size-adjust: 100%; -webkit-text-size-adju=
st: 100%;">
    <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" class=3D"body" =
style=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace=
: 0pt; width: 100%; background-color: #f6f6f6;">
      <tr>
        <td style=3D"font-family: sans-serif; font-size: 14px; vertical-ali=
gn: top;">&nbsp;</td>
        <td class=3D"container" style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top; display: block; Margin: 0 auto; max-width: 580=
px; padding: 10px; width: 580px;">
          <div class=3D"content" style=3D"box-sizing: border-box; display: =
block; Margin: 0 auto; max-width: 580px; padding: 10px;">


            <span class=3D"preheader" style=3D"color: transparent; display:=
 none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden=
; mso-hide: all; visibility: hidden; width: 0;"></span>
            <table class=3D"main" style=3D"border-collapse: separate; mso-t=
able-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; =
border-radius: 3px;">


              <tr>
                <td class=3D"wrapper" style=3D"font-family: sans-serif; fon=
t-size: 14px; vertical-align: top; box-sizing: border-box; padding: 20px;">
                  <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" s=
tyle=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace:=
 0pt; width: 100%;">
                    <tr>
                      <td style=3D"font-family: sans-serif; font-size: 14px=
; vertical-align: top;">

<div>
<h1 style=3D"color: #000; font-family: sans-serif; line-height: 1.4; margin=
: 0; margin-bottom: 30px; font-size: 25px; font-weight: 300; text-align: ce=
nter">credcheck v4.7 has been released</h1>
</div>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Antananarivo, Madagascar - April 19, 2026</=
p>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">PostgreSQL credcheck extension<=
/h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">The credcheck PostgreSQL extension provides=
 few general credential checks, which will be evaluated during the user cre=
ation, during the password change and user renaming. By using this extensio=
n, we can define a set of rules:</p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px">allow a specifi=
c set of credentials</li>
<li style=3D"list-style-position: inside; margin-left: 5px">reject a certai=
n type of credentials</li>
<li style=3D"list-style-position: inside; margin-left: 5px">deny password t=
hat can be easily cracked</li>
<li style=3D"list-style-position: inside; margin-left: 5px">enforce use of =
an expiration date with a minimum of day for a password</li>
<li style=3D"list-style-position: inside; margin-left: 5px">define a passwo=
rd reuse policy</li>
<li style=3D"list-style-position: inside; margin-left: 5px">define the numb=
er of authentication failure allowed before a user is banned</li>
<li style=3D"list-style-position: inside; margin-left: 5px">define a delay =
on authentication failures</li>
<li style=3D"list-style-position: inside; margin-left: 5px">force users to =
change their password after first login</li>
<li style=3D"list-style-position: inside; margin-left: 5px">throw a warning=
 N days before when the password user is about to expire</li>
</ul>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">This release fixes issues reported by users=
 since last release and adds
two new features.</p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px">Allow no passwo=
rd policy checks at all for changes done by a superuser
    enabling new GUC <code>credcheck.superuser_nocheck</code>.</li>
<li style=3D"list-style-position: inside; margin-left: 5px">Add feature "Di=
sallow password change" to disallow users to change
    their password. This behavior is enabled by enabling new GUC
    <code>credcheck.disallow_password_change</code>. It returns the followi=
ng message
    when a user tries to change its password:
    <code>ERROR:  you are not allowed to change your password.</code></li>
<li style=3D"list-style-position: inside; margin-left: 5px">Fix <code>credc=
heck.password_valid_until</code> when CREATE/ALTER ROLE is called from a pl=
pgsql block.</li>
<li style=3D"list-style-position: inside; margin-left: 5px">Fix password_va=
lid_until / password_valid_max behavior.</li>
</ul>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Upgrade require a PostgreSQL restart to rel=
oad the credcheck library.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Complete list of changes and acknowledgemen=
ts are available <a href=3D"https://github.com/HexaCluster/credcheck/releas=
es/tag/v4.7" style=3D"color: #3498db; text-decoration: underline">here</a><=
/p>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">Links &amp; Credits</h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">credcheck is an open project under the Post=
greSQL license maintained by <a href=3D"https://github.com/HexaCluster/cred=
check/" style=3D"color: #3498db; text-decoration: underline">HexaCluster</a=
>.
Any contribution to build a better tool is welcome. You can send your ideas=
, features requests or patches
using the GitHub tools.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px"><strong>Links :</strong></p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px">Download:  <a h=
ref=3D"https://github.com/HexaCluster/credcheck/releases/" style=3D"color: =
#3498db; text-decoration: underline">https://github.com/HexaCluster/credche=
ck/releases/</a></li>
<li style=3D"list-style-position: inside; margin-left: 5px">Support: use Gi=
tHub report tool at <a href=3D"https://github.com/HexaCluster/credcheck/iss=
ues" style=3D"color: #3498db; text-decoration: underline">https://github.co=
m/HexaCluster/credcheck/issues</a></li>
</ul>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">About credcheck</h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">The credcheck extension is developed and ma=
intained by Gilles Darold at <a style=3D"color: #3498db; text-decoration: u=
nderline">https://hexacluster.ai</a>. If you need more information please <=
a style=3D"color: #3498db; text-decoration: underline">https://hexacluster.=
ai/contact-us/</a>.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Documentation at <a href=3D"https://github.=
com/HexaCluster/credcheck#readme" style=3D"color: #3498db; text-decoration:=
 underline">https://github.com/HexaCluster/credcheck#readme</a></p>

                      </td>
                    </tr>
                  </table>
                </td>
              </tr>

            </table>

            <div class=3D"footer" style=3D"clear: both; Margin-top: 10px; t=
ext-align: center; width: 100%;">
              <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" style=
=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt=
; width: 100%;">
                <tr>
                  <td class=3D"content-block" style=3D"font-family: sans-se=
rif; vertical-align: top; padding-bottom: 10px; padding-top: 10px; font-siz=
e: 12px; color: #999999; text-align: center;">
                    <span class=3D"apple-link" style=3D"color: #999999; fon=
t-size: 12px; text-align: center;">
This email was sent to you from HexaCluster. It was delivered on their beha=
lf by
the PostgreSQL project. Any questions about the content of the message shou=
ld be
sent to HexaCluster.
</span>
		    <br><br>
You were sent this email as a subscriber of the <em>pgsql-announce</em> mai=
linglist, for
the content tag Related Open Source.
To unsubscribe from
further emails, or change which emails you want to receive, please click th=
e personal unsubscribe
link that you can find in the headers of this email, or visit
<a href=3D"https://lists.postgresql.org/unsubscribe/" style=3D"color: #3498=
db; text-decoration: underline">https://lists.postgresql.org/unsubscribe/</=
a>.

                  </td>
                </tr>
              </table>
            </div>

          </div>
        </td>
        <td style=3D"font-family: sans-serif; font-size: 14px; vertical-ali=
gn: top;">&nbsp;</td>
      </tr>
    </table>
  </body>
</html>

--===============4749963812533566026==--