Content-Type: multipart/alternative;
 boundary="===============8827573605823609350=="
MIME-Version: 1.0
Subject: CloudNativePG 1.29.1 and 1.28.3 released: critical CVE fix
To: PostgreSQL Announce <pgsql-announce@lists.postgresql.org>
From: The CloudNativePG Contributors via PostgreSQL Announce
 <announce-noreply@postgresql.org>
Reply-To: gabriele.bartolini@gmail.com
Date: Fri, 15 May 2026 07:12:38 +0000
Message-ID: <177882915822.764749.15728846220382426849@wrigleys.postgresql.org>
Auto-Submitted: auto-generated
Archived-At: 
 <https://www.postgresql.org/message-id/177882915822.764749.15728846220382426849%40wrigleys.postgresql.org>
Precedence: bulk

--===============8827573605823609350==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

The CloudNativePG community is releasing **maintenance updates for all
currently supported series**: **1.29.1** and **1.28.3**.

This is a high-priority release. It addresses **[CVE-2026-44477](https://gi=
thub.com/cloudnative-pg/cloudnative-pg/security/advisories/GHSA-423p-g724-f=
r39)**
(the first CVE officially assigned against CloudNativePG, rated **Critical**
with a CVSS v4 score of **9.4**), alongside additional CVE remediations in
dependencies and the Go runtime.

On the reliability side, three independent bugs in the HA failover path are
resolved, including a label retention issue that could route writes to a fo=
rmer
primary during a network partition
([#10409](https://github.com/cloudnative-pg/cloudnative-pg/pull/10409)), a
condition that prevented failover from triggering when a node became
unreachable
([#10448](https://github.com/cloudnative-pg/cloudnative-pg/pull/10448)), an=
d a
guard against spurious failovers from transient HTTP endpoint failures
([#10445](https://github.com/cloudnative-pg/cloudnative-pg/pull/10445)). Bo=
th
releases also include a number of correctness and robustness fixes. See the
release notes for the full list.

**All users should upgrade immediately.**

---

## Security

### CVE-2026-44477: metrics exporter privilege escalation and OS RCE

The metrics exporter previously opened its PostgreSQL connection as the
`postgres` superuser and demoted the session with `SET ROLE pg_monitor`. Th=
at
demotion is insufficient: `session_user` remains `postgres`, and any SQL
evaluated inside the scrape session can call `RESET ROLE` to recover full
superuser privileges, then use `COPY ... TO PROGRAM` to spawn an arbitrary =
OS
process inside the primary pod.

Two independent paths exploit this root cause. The first requires a custom
metric query with an unqualified relation or function reference; the attack
completes within one scrape interval (=E2=89=A4 30 s). The second requires =
no custom
metrics at all: the shipped `pg_extensions` metric was sufficient to let the
default `app` role (created automatically by `bootstrap.initdb`) trigger
the full escalation chain on a completely stock deployment. The combined im=
pact
is superuser privilege escalation plus arbitrary OS command execution inside
the primary pod from a low-privileged database role.

The fix introduces a dedicated `cnpg_metrics_exporter` PostgreSQL role with
`pg_monitor` privileges only, mapped via `pg_ident.conf` peer authentication
(the same pattern used for `cnpg_pooler_pgbouncer`). The exporter now conne=
cts
as this role, so `RESET ROLE` has no escalation effect. All shipped monitor=
ing
queries have also been hardened with explicit `pg_catalog.` qualification
([#10576](https://github.com/cloudnative-pg/cloudnative-pg/pull/10576)).

For the full technical analysis, exploitation paths, workarounds and upgrade
impact, refer to the
[security advisory](https://github.com/cloudnative-pg/cloudnative-pg/securi=
ty/advisories/GHSA-423p-g724-fr39).

### Additional CVE remediations

These releases also pick up:

- **`github.com/jackc/pgx/v5` v5.9.2**: fixes `CVE-2026-33816`
  (memory-safety in `pgproto3`) and `GHSA-j88v-2chj-qfwx` (SQL injection via
  dollar-quoted string handling in the simple protocol).

- **Go 1.26.3 runtime**: fixes across `crypto/x509`, `crypto/tls`,
  `net/http`, and `net` (CVE-2026-32280, CVE-2026-32281, CVE-2026-33810,
  CVE-2026-33811, CVE-2026-33814, CVE-2026-39825), plus CVE-2026-42501 in
  `cmd/go` module-checksum validation during release builds.

- **Discoverable SBOM and provenance attestations**
  ([#10601](https://github.com/cloudnative-pg/cloudnative-pg/pull/10601)):
  attestations attached to operator images now follow the OCI 1.1 Referrers
  spec, making them automatically discoverable by standard registry tooling=
 and
  supply-chain scanners.

---

## Acknowledgement

We thank **Mehmet Ince** ([@mdisec](https://github.com/mdisec)) for
responsibly disclosing CVE-2026-44477, providing a thorough analysis of both
exploitation paths and a working proof of concept.

---

## Upgrade

Follow the upgrade instructions specific to your series:

- **1.29.x =E2=86=92 1.29.1:** [upgrade guide](https://cloudnative-pg.io/do=
cs/1.29/installation_upgrade#upgrading-to-1291-or-1283)
- **1.28.x =E2=86=92 1.28.3:** [upgrade guide](https://cloudnative-pg.io/do=
cs/1.28/installation_upgrade#upgrading-to-1291-or-1283)

For deployments with replica clusters, upgrade the source primary cluster
first. See the [security advisory](https://github.com/cloudnative-pg/cloudn=
ative-pg/security/advisories/GHSA-423p-g724-fr39)
for sequencing details.

For the complete list of changes, see the release notes:

- [Release notes for 1.29.1](https://cloudnative-pg.io/docs/1.29/release_no=
tes/v1.29/#version-1291)
- [Release notes for 1.28.3](https://cloudnative-pg.io/docs/1.28/release_no=
tes/v1.28/#version-1283)

---

## Get Involved with the Community

[Join us](https://github.com/cloudnative-pg/cloudnative-pg?tab=3Dreadme-ov-=
file#communications)
to help shape the future of cloud-native Postgres!

If you're using CloudNativePG in production, consider
[adding your organization as an adopter](https://github.com/cloudnative-pg/=
cloudnative-pg/blob/main/ADOPTERS.md)
to support the project's growth and evolution.

Thank you for your continued support!

## About CloudNativePG

[CloudNativePG](https://cloudnative-pg.io) is an open-source Kubernetes
Operator specifically designed for PostgreSQL workloads. It manages the ent=
ire
lifecycle of a PostgreSQL cluster, including bootstrapping, configuration, =
high
availability, connection routing, and comprehensive backup and disaster
recovery mechanisms. By leveraging PostgreSQL's native streaming replicatio=
n,
CloudNativePG efficiently distributes data across pods, nodes, and zones us=
ing
standard Kubernetes patterns, enabling seamless scaling of replicas in a
Kubernetes-native manner. Originally developed and supported by
[EDB](https://www.enterprisedb.com/), CloudNativePG is a CNCF Sandbox proje=
ct
and the sole PostgreSQL operator in this category.
--===============8827573605823609350==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable


<!doctype html>
<html>
  <head>
    <meta name=3D"viewport" content=3D"width=3Ddevice-width">
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8=
">
    <title>CloudNativePG 1.29.1 and 1.28.3 released: critical CVE fix</titl=
e>
    <style>

    @media only screen and (max-width: 620px) {
      table[class=3Dbody] h1 {
        font-size: 28px !important;
        margin-bottom: 10px !important;
      }
      table[class=3Dbody] p,
            table[class=3Dbody] ul,
            table[class=3Dbody] ol,
            table[class=3Dbody] td,
            table[class=3Dbody] span,
            table[class=3Dbody] a {
        font-size: 16px !important;
      }
      table[class=3Dbody] .wrapper,
            table[class=3Dbody] .article {
        padding: 10px !important;
      }
      table[class=3Dbody] .content {
        padding: 0 !important;
      }
      table[class=3Dbody] .container {
        padding: 0 !important;
        width: 100% !important;
      }
      table[class=3Dbody] .main {
        border-left-width: 0 !important;
        border-radius: 0 !important;
        border-right-width: 0 !important;
      }
      table[class=3Dbody] .btn table {
        width: 100% !important;
      }
      table[class=3Dbody] .btn a {
        width: 100% !important;
      }
      table[class=3Dbody] .img-responsive {
        height: auto !important;
        max-width: 100% !important;
        width: auto !important;
      }
    }

    @media all {
      .ExternalClass {
        width: 100%;
      }
      .ExternalClass,
            .ExternalClass p,
            .ExternalClass span,
            .ExternalClass font,
            .ExternalClass td,
            .ExternalClass div {
        line-height: 100%;
      }
      .apple-link a {
        color: inherit !important;
        font-family: inherit !important;
        font-size: inherit !important;
        font-weight: inherit !important;
        line-height: inherit !important;
        text-decoration: none !important;
      }
      #MessageViewBody a {
        color: inherit;
        text-decoration: none;
        font-size: inherit;
        font-family: inherit;
        font-weight: inherit;
        line-height: inherit;
      }
      .btn-primary table td:hover {
        background-color: #34495e !important;
      }
      .btn-primary a:hover {
        background-color: #34495e !important;
        border-color: #34495e !important;
      }
    }
    </style>
  </head>
  <body class=3D"" style=3D"background-color: #f6f6f6; font-family: sans-se=
rif; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4=
; margin: 0; padding: 0; -ms-text-size-adjust: 100%; -webkit-text-size-adju=
st: 100%;">
    <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" class=3D"body" =
style=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace=
: 0pt; width: 100%; background-color: #f6f6f6;">
      <tr>
        <td style=3D"font-family: sans-serif; font-size: 14px; vertical-ali=
gn: top;">&nbsp;</td>
        <td class=3D"container" style=3D"font-family: sans-serif; font-size=
: 14px; vertical-align: top; display: block; Margin: 0 auto; max-width: 580=
px; padding: 10px; width: 580px;">
          <div class=3D"content" style=3D"box-sizing: border-box; display: =
block; Margin: 0 auto; max-width: 580px; padding: 10px;">


            <span class=3D"preheader" style=3D"color: transparent; display:=
 none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden=
; mso-hide: all; visibility: hidden; width: 0;"></span>
            <table class=3D"main" style=3D"border-collapse: separate; mso-t=
able-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; =
border-radius: 3px;">


              <tr>
                <td class=3D"wrapper" style=3D"font-family: sans-serif; fon=
t-size: 14px; vertical-align: top; box-sizing: border-box; padding: 20px;">
                  <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" s=
tyle=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace:=
 0pt; width: 100%;">
                    <tr>
                      <td style=3D"font-family: sans-serif; font-size: 14px=
; vertical-align: top;">

<div>
<h1 style=3D"color: #000; font-family: sans-serif; line-height: 1.4; margin=
: 0; margin-bottom: 30px; font-size: 25px; font-weight: 300; text-align: ce=
nter">CloudNativePG 1.29.1 and 1.28.3 released: critical CVE fix</h1>
</div>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">The CloudNativePG community is releasing <s=
trong>maintenance updates for all
currently supported series</strong>: <strong>1.29.1</strong> and <strong>1.=
28.3</strong>.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">This is a high-priority release. It address=
es <strong><a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/secu=
rity/advisories/GHSA-423p-g724-fr39" style=3D"color: #3498db; text-decorati=
on: underline">CVE-2026-44477</a></strong>
(the first CVE officially assigned against CloudNativePG, rated <strong>Cri=
tical</strong>
with a CVSS v4 score of <strong>9.4</strong>), alongside additional CVE rem=
ediations in
dependencies and the Go runtime.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">On the reliability side, three independent =
bugs in the HA failover path are
resolved, including a label retention issue that could route writes to a fo=
rmer
primary during a network partition
(<a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/pull/10409" st=
yle=3D"color: #3498db; text-decoration: underline">#10409</a>), a
condition that prevented failover from triggering when a node became
unreachable
(<a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/pull/10448" st=
yle=3D"color: #3498db; text-decoration: underline">#10448</a>), and a
guard against spurious failovers from transient HTTP endpoint failures
(<a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/pull/10445" st=
yle=3D"color: #3498db; text-decoration: underline">#10445</a>). Both
releases also include a number of correctness and robustness fixes. See the
release notes for the full list.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px"><strong>All users should upgrade immediatel=
y.</strong></p>
<hr/>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">Security</h2>
<h3 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">CVE-2026-44477: metrics exporte=
r privilege escalation and OS RCE</h3>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">The metrics exporter previously opened its =
PostgreSQL connection as the
<code>postgres</code> superuser and demoted the session with <code>SET ROLE=
 pg_monitor</code>. That
demotion is insufficient: <code>session_user</code> remains <code>postgres<=
/code>, and any SQL
evaluated inside the scrape session can call <code>RESET ROLE</code> to rec=
over full
superuser privileges, then use <code>COPY ... TO PROGRAM</code> to spawn an=
 arbitrary OS
process inside the primary pod.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Two independent paths exploit this root cau=
se. The first requires a custom
metric query with an unqualified relation or function reference; the attack
completes within one scrape interval (=E2=89=A4 30 s). The second requires =
no custom
metrics at all: the shipped <code>pg_extensions</code> metric was sufficien=
t to let the
default <code>app</code> role (created automatically by <code>bootstrap.ini=
tdb</code>) trigger
the full escalation chain on a completely stock deployment. The combined im=
pact
is superuser privilege escalation plus arbitrary OS command execution inside
the primary pod from a low-privileged database role.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">The fix introduces a dedicated <code>cnpg_m=
etrics_exporter</code> PostgreSQL role with
<code>pg_monitor</code> privileges only, mapped via <code>pg_ident.conf</co=
de> peer authentication
(the same pattern used for <code>cnpg_pooler_pgbouncer</code>). The exporte=
r now connects
as this role, so <code>RESET ROLE</code> has no escalation effect. All ship=
ped monitoring
queries have also been hardened with explicit <code>pg_catalog.</code> qual=
ification
(<a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/pull/10576" st=
yle=3D"color: #3498db; text-decoration: underline">#10576</a>).</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">For the full technical analysis, exploitati=
on paths, workarounds and upgrade
impact, refer to the
<a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/security/adviso=
ries/GHSA-423p-g724-fr39" style=3D"color: #3498db; text-decoration: underli=
ne">security advisory</a>.</p>
<h3 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">Additional CVE remediations</h3>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">These releases also pick up:</p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px">
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px"><strong><code>github.com/jackc/pgx/v5</code=
> v5.9.2</strong>: fixes <code>CVE-2026-33816</code>
  (memory-safety in <code>pgproto3</code>) and <code>GHSA-j88v-2chj-qfwx</c=
ode> (SQL injection via
  dollar-quoted string handling in the simple protocol).</p>
</li>
<li style=3D"list-style-position: inside; margin-left: 5px">
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px"><strong>Go 1.26.3 runtime</strong>: fixes a=
cross <code>crypto/x509</code>, <code>crypto/tls</code>,
  <code>net/http</code>, and <code>net</code> (CVE-2026-32280, CVE-2026-322=
81, CVE-2026-33810,
  CVE-2026-33811, CVE-2026-33814, CVE-2026-39825), plus CVE-2026-42501 in
  <code>cmd/go</code> module-checksum validation during release builds.</p>
</li>
<li style=3D"list-style-position: inside; margin-left: 5px">
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px"><strong>Discoverable SBOM and provenance at=
testations</strong>
  (<a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/pull/10601" =
style=3D"color: #3498db; text-decoration: underline">#10601</a>):
  attestations attached to operator images now follow the OCI 1.1 Referrers
  spec, making them automatically discoverable by standard registry tooling=
 and
  supply-chain scanners.</p>
</li>
</ul>
<hr/>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">Acknowledgement</h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">We thank <strong>Mehmet Ince</strong> (<a h=
ref=3D"https://github.com/mdisec" style=3D"color: #3498db; text-decoration:=
 underline">@mdisec</a>) for
responsibly disclosing CVE-2026-44477, providing a thorough analysis of both
exploitation paths and a working proof of concept.</p>
<hr/>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">Upgrade</h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Follow the upgrade instructions specific to=
 your series:</p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px"><strong>1.29.x =
=E2=86=92 1.29.1:</strong> <a href=3D"https://cloudnative-pg.io/docs/1.29/i=
nstallation_upgrade#upgrading-to-1291-or-1283" style=3D"color: #3498db; tex=
t-decoration: underline">upgrade guide</a></li>
<li style=3D"list-style-position: inside; margin-left: 5px"><strong>1.28.x =
=E2=86=92 1.28.3:</strong> <a href=3D"https://cloudnative-pg.io/docs/1.28/i=
nstallation_upgrade#upgrading-to-1291-or-1283" style=3D"color: #3498db; tex=
t-decoration: underline">upgrade guide</a></li>
</ul>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">For deployments with replica clusters, upgr=
ade the source primary cluster
first. See the <a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/=
security/advisories/GHSA-423p-g724-fr39" style=3D"color: #3498db; text-deco=
ration: underline">security advisory</a>
for sequencing details.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">For the complete list of changes, see the r=
elease notes:</p>
<ul style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal;=
 margin: 0; margin-bottom: 15px">
<li style=3D"list-style-position: inside; margin-left: 5px"><a href=3D"http=
s://cloudnative-pg.io/docs/1.29/release_notes/v1.29/#version-1291" style=3D=
"color: #3498db; text-decoration: underline">Release notes for 1.29.1</a></=
li>
<li style=3D"list-style-position: inside; margin-left: 5px"><a href=3D"http=
s://cloudnative-pg.io/docs/1.28/release_notes/v1.28/#version-1283" style=3D=
"color: #3498db; text-decoration: underline">Release notes for 1.28.3</a></=
li>
</ul>
<hr/>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">Get Involved with the Community=
</h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px"><a href=3D"https://github.com/cloudnative-p=
g/cloudnative-pg?tab=3Dreadme-ov-file#communications" style=3D"color: #3498=
db; text-decoration: underline">Join us</a>
to help shape the future of cloud-native Postgres!</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">If you're using CloudNativePG in production=
, consider
<a href=3D"https://github.com/cloudnative-pg/cloudnative-pg/blob/main/ADOPT=
ERS.md" style=3D"color: #3498db; text-decoration: underline">adding your or=
ganization as an adopter</a>
to support the project's growth and evolution.</p>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px">Thank you for your continued support!</p>
<h2 style=3D"color: #000; font-family: sans-serif; font-weight: 400; line-h=
eight: 1.4; margin: 0; margin-bottom: 30px">About CloudNativePG</h2>
<p style=3D"font-family: sans-serif; font-size: 14px; font-weight: normal; =
margin: 0; margin-bottom: 15px"><a href=3D"https://cloudnative-pg.io" style=
=3D"color: #3498db; text-decoration: underline">CloudNativePG</a> is an ope=
n-source Kubernetes
Operator specifically designed for PostgreSQL workloads. It manages the ent=
ire
lifecycle of a PostgreSQL cluster, including bootstrapping, configuration, =
high
availability, connection routing, and comprehensive backup and disaster
recovery mechanisms. By leveraging PostgreSQL's native streaming replicatio=
n,
CloudNativePG efficiently distributes data across pods, nodes, and zones us=
ing
standard Kubernetes patterns, enabling seamless scaling of replicas in a
Kubernetes-native manner. Originally developed and supported by
<a href=3D"https://www.enterprisedb.com/" style=3D"color: #3498db; text-dec=
oration: underline">EDB</a>, CloudNativePG is a CNCF Sandbox project
and the sole PostgreSQL operator in this category.</p>

                      </td>
                    </tr>
                  </table>
                </td>
              </tr>

            </table>

            <div class=3D"footer" style=3D"clear: both; Margin-top: 10px; t=
ext-align: center; width: 100%;">
              <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" style=
=3D"border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt=
; width: 100%;">
                <tr>
                  <td class=3D"content-block" style=3D"font-family: sans-se=
rif; vertical-align: top; padding-bottom: 10px; padding-top: 10px; font-siz=
e: 12px; color: #999999; text-align: center;">
                    <span class=3D"apple-link" style=3D"color: #999999; fon=
t-size: 12px; text-align: center;">
This email was sent to you from The CloudNativePG Contributors. It was deli=
vered on their behalf by
the PostgreSQL project. Any questions about the content of the message shou=
ld be
sent to The CloudNativePG Contributors.
</span>
		    <br><br>
You were sent this email as a subscriber of the <em>pgsql-announce</em> mai=
linglist, for
the content tag Related Open Source.
To unsubscribe from
further emails, or change which emails you want to receive, please click th=
e personal unsubscribe
link that you can find in the headers of this email, or visit
<a href=3D"https://lists.postgresql.org/unsubscribe/" style=3D"color: #3498=
db; text-decoration: underline">https://lists.postgresql.org/unsubscribe/</=
a>.

                  </td>
                </tr>
              </table>
            </div>

          </div>
        </td>
        <td style=3D"font-family: sans-serif; font-size: 14px; vertical-ali=
gn: top;">&nbsp;</td>
      </tr>
    </table>
  </body>
</html>

--===============8827573605823609350==--