Version 3.0

2024-12-31 - Version 3.0.0

This release adds a new feature to exclude a list of users from being banned
and fixes bugs reported by users since last release.

• Fix ban count with ssl.
• Fix compilation with PG11.
• Add new configuration variable to exclude some users from being banned.
  With credcheck.whitelist_auth_failure you can set a whitelist of usernames
  that must be excluded from this behavior. Example of use:
  credcheck.whitelist_auth_failure = 'appuser1,appuser2'
  Thanks to Kennycwc for the feature request.
• Update regression test expected output.
• Add a note about the \password command. Thanks to tsoulabail for the report.
• Fix test for password reuse.
• Fix pg_banned_role.roleid value. Thanks to Julien Rouhaud for the patch.
• Move the project under HexaCluster GitHub account.
• Update copyright year.

Version 2.8

2024-08-03 - Version 2.8.0

This release adds the compatibility with PostgreSQL 17. Upgrade require a
PostgreSQL restart to reload the credcheck library.

• Remove call to tuplestore_donestoring() for compatibility with PG v17.
• Show actual setted parameters in error messages. Thanks to coroneltortuga
  for the feature request.

v2.7

2024-04-25 - Version 2.7.0

This release is maintenance a release to fix a problem with pgBackRest backup.

• Change location of the pg_password_history file that used to be stored in
  the PGDATA/global/ subdirectory and now saved directly in the PGDATA. The
  old location was generating a checksum warning by pgBackRest. Thanks to
  glushakov for the report.

Backward compatibility is preserved, the file will be relocated automatically.

Version 2.6.0

2024-01-30 - Version 2.6.0

This release is the a quick maintenance release to fix path of pg_config
in Makefile and an errata in the previous upgrade filename. Thanks to Devrim
Gunduz for the report.

Please refer to v2.4.0 for the origin ChangeLog.

Version 2.5.0

2024-01-30 - Version 2.5.0

This release is a quick maintenance release to fix compilation issue with
PostgreSQL prior 15.0 on custom variable prefix restriction. Thanks to Devrim
Gunduz for the report.

Version 2.4.0

2024-01-30 - Version 2.4.0

This release is a maintenance release to fix a major issue with the backup of the
history file with pgBackRest and adds an authentication delay feature.

• Add authentication delay feature to be able to add a pause on authentication
  failure. Setting credcheck.auth_delay_ms causes the server to pause for a
  given number of milliseconds before reporting authentication failure. This
  makes brute-force attacks on database passwords more difficult.
  This patch is purely a copy/paste from the auth_delay extension to avoid
  loading other extension. See https://www.postgresql.org/docs/current/auth-delay.html
  for more information about the origin of this feature.
• Force size of file $PGDATA/global/pg_password_history to be a multiple of 8192
  to fix pgBackRest error caused by the error message: "page misalignment in file
  /.../global/pg_password_history: file size 2604 is not divisible by page size 8192"
  Thanks to did16 for the report.

Version 2.3.0

2023-11-03 - Version 2.3.0

This release is a maintenance release to fix a major issue with the whitelist feature.

• Fix crash when length of the credcheck.whitelist value was > NAMEDATALEN. Thanks to zobnin for the report.

Extension upgrade requires a PostgreSQL restart to reload the credcheck library.

Version 2.2.0

2023-09-16 - Version 2.2.0

This release adds a new feature, fixes a major bug with null password and fixes
some issues reported by users since last release.

• Add new GUC variable credcheck.whitelist that can be used to set a comma separated list of username to exclude from the password policy check. For example: credcheck.whitelist = 'admin,supuser' will disable any credcheck policy for the user named admin and supuser. Thanks to Nikolai for the feature request.
• Add -Wno-ignored-attributes to CPPFLAGS to avoid compilation warning on pg_vsnprintf call.
• Fix PG crash when password was set to NULL. Thanks to ragaoua for the report.
• Suppress "MD5 password cleared because of role rename" messages. This makes the tests pass on PG12 and 13. Thanks to Christoph Berg for the patch.
• Use pg_regress' variant comparison files mechanism. Instead of manually selecting the tests to run on PG13 in the Makefile, simply let pg_regress choose the matching output file from .out and _1.out. Thanks to Christoph Berg for the patch.
• Add missing file credcheck--2.1.0.sql. Thanks to Jeff Janes for the report.

Extension upgrade requires a PostgreSQL restart to reload the credcheck library.

Version 2.1

2023-07-15 - Version 2.1.0

This release adds a two new features and fix issues reported by users
since last release.

• Add custom configuration variable credcheck.encrypted_password
  allowed to allow the use of encrypted password in CREATE or
  ALTER ROLE statement. Default is to not allow encrypted password
  and to fire an error. Thanks to ragaoua for the feature request.
• Add the possibility to check the easiness of a password by the use of
  the cracklib tool. This work is simply a integration of a copy/paste
  from the passwordcheck extension available in the contrib/ directory.
  Credits to the author Laurenz Albe.
• Fix failure count issue when ssl is disabled. Thanks to yinzhishu for
  the report.

Upgrade require a PostgreSQL restart to reload the credcheck library.

v2.0

2023-06-10 - Version 2.0.0

This release adds a major feature called Authentication Failure Ban and
the compatibility with PostgreSQL 16. Upgrade require a PostgreSQL restart
to reload the credcheck library.

• Add "Authentication failure ban" new feature

  PostgreSQL doesn't have any mechanism to limit the number of authentication
  failure attempt before the user being banned. With the credcheck extension,
  after an amount of authentication failure defined by configuration directive
  credcheck.max_auth_failure the user can be banned and never connect anymore
  even if it gives the right password later. This feature requires that the
  credcheck extension to be added to to shared_preload_libraries configuration
  option.

  All users authentication failures are registered in shared memory with the
  timestamps of when the user have been banned. The authentication failures
  history is saved into memory only, that mean that the history is lost at
  PostgreSQL restart. I have not seen the interest for the moment to restore
  the cache at startup.

  The authentication failure cache size is set to 1024 records by default and
  can be adjusted using the credcheck.auth_failure_cache_size configuration
  directive. Change of this GUC require a PostgreSQL restart.

  Two settings allow to control the behavior of this feature:

  • credcheck.max_auth_failure: number of authentication failure allowed
    for a user before being banned.
  • credcheck.reset_superuser : force superuser to not be banned or reset
    a banned superuser when set to true.

  The default value for the first setting is 0 which means that authentication
  failure ban feature is disabled. The default value for the second setting is
  false which means that postgres superuser can be banned.

  In case the postgres superuser was banned, he can not logged anymore. If
  there is no other superuser account that can be used to reset the record of
  the banned superuser, set the credcheck.reset_superuserconfiguration directive
  to true into postgresql.conf file and send the SIGHUP signal to the PostgreSQL
  process pid so that it will reread the configuration. Next time the superuser will
  try to connect, its authentication failure cache entry will be removed.
  Thanks to Gabriel Leroux for the feature request.

• Fix Makefile for PG 16. Thanks to Devrim Gunduz for the report.

• Add missing SQL file for version 1.2.0