cloudnative-pg · mnencia · Feb 5, 2026 · Feb 5, 2026
@@ -984,7 +984,7 @@ _Appears in:_
 
 | Field | Description | Required | Default | Validation |
 | --- | --- | --- | --- | --- |
-| `name` _string_ | The name of the extension, required | True |  | MinLength: 1 <br />Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` <br /> |
+| `name` _string_ | The name of the extension, required | True |  | MinLength: 1 <br />Pattern: `^[a-z0-9]([-a-z0-9_]*[a-z0-9])?$` <br /> |
 | `image` _[ImageVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#imagevolumesource-v1-core)_ | The image containing the extension, required | True |  |  |
 | `extension_control_path` _string array_ | The list of directories inside the image which should be added to extension_control_path.<br />If not defined, defaults to "/share". |  |  |  |
 | `dynamic_library_path` _string array_ | The list of directories inside the image which should be added to dynamic_library_path.<br />If not defined, defaults to "/lib". |  |  |  |

@@ -137,9 +137,17 @@ spec:
 
 The `name` field is **mandatory** and **must be unique within the cluster**, as
 it determines the mount path (`/extensions/foo` in this example). It must
-consist of *lowercase alphanumeric characters or hyphens (`-`)* and must start
+consist of *lowercase alphanumeric characters, underscores (`_`) or hyphens (`-`)* and must start
 and end with an alphanumeric character.
 
+:::note
+Extension names containing underscores (e.g., `pg_ivm`) are converted to use
+hyphens (e.g., `pg-ivm`) for Kubernetes volume names to comply with RFC 1123
+DNS label requirements. Do not use extension names that become identical after
+sanitization (e.g., `pg_ivm` and `pg-ivm` both sanitize to `pg-ivm`). The
+webhook validation will prevent such conflicts.
+:::
+
 The `image` stanza follows the [Kubernetes `ImageVolume` API](https://kubernetes.io/docs/tasks/configure-pod-container/image-volumes/).
 The `reference` must point to a valid container registry path for the extension
 image.

@@ -14,12 +14,12 @@ title: Installation and upgrades
 The operator can be installed like any other resource in Kubernetes,
 through a YAML manifest applied via `kubectl`.
 
-You can install the [latest operator manifest](https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.28/releases/cnpg-1.28.0.yaml)
+You can install the [latest operator manifest](https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.28/releases/cnpg-1.28.1.yaml)
 for this minor release as follows:
 
 ```sh
 kubectl apply --server-side -f \
-  https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.28/releases/cnpg-1.28.0.yaml
+  https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.28/releases/cnpg-1.28.1.yaml
 ```
 
 You can verify that with:

@@ -38,11 +38,11 @@ them in your systems.
 
 #### Debian packages
 
-For example, let's install the 1.28.0 release of the plugin, for an Intel based
+For example, let's install the 1.28.1 release of the plugin, for an Intel based
 64 bit server. First, we download the right `.deb` file.
 
 ```sh
-wget https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.28.0/kubectl-cnpg_1.28.0_linux_x86_64.deb \
+wget https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.28.1/kubectl-cnpg_1.28.1_linux_x86_64.deb \
   --output-document kube-plugin.deb
 ```
 
@@ -53,17 +53,17 @@ $ sudo dpkg -i kube-plugin.deb
 Selecting previously unselected package cnpg.
 (Reading database ... 6688 files and directories currently installed.)
 Preparing to unpack kube-plugin.deb ...
-Unpacking cnpg (1.28.0) ...
-Setting up cnpg (1.28.0) ...
+Unpacking cnpg (1.28.1) ...
+Setting up cnpg (1.28.1) ...
 ```
 
 #### RPM packages
 
-As in the example for `.rpm` packages, let's install the 1.28.0 release for an
+As in the example for `.rpm` packages, let's install the 1.28.1 release for an
 Intel 64 bit machine. Note the `--output` flag to provide a file name.
 
 ```sh
-curl -L https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.28.0/kubectl-cnpg_1.28.0_linux_x86_64.rpm \
+curl -L https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.28.1/kubectl-cnpg_1.28.1_linux_x86_64.rpm \
   --output kube-plugin.rpm
 ```
 
@@ -77,7 +77,7 @@ Dependencies resolved.
  Package            Architecture         Version                   Repository                  Size
 ====================================================================================================
 Installing:
- cnpg               x86_64               1.28.0                  @commandline                20 M
+ cnpg               x86_64               1.28.1                  @commandline                20 M
 
 Transaction Summary
 ====================================================================================================
@@ -306,9 +306,9 @@ sandbox-3  0/604DE38  0/604DE38  0/604DE38  0/604DE38   00:00:00   00:00:00   00
 Instances status
 Name       Current LSN  Replication role  Status  QoS         Manager Version  Node
 ----       -----------  ----------------  ------  ---         ---------------  ----
-sandbox-1  0/604DE38    Primary           OK      BestEffort  1.28.0           k8s-eu-worker
-sandbox-2  0/604DE38    Standby (async)   OK      BestEffort  1.28.0           k8s-eu-worker2
-sandbox-3  0/604DE38    Standby (async)   OK      BestEffort  1.28.0           k8s-eu-worker
+sandbox-1  0/604DE38    Primary           OK      BestEffort  1.28.1           k8s-eu-worker
+sandbox-2  0/604DE38    Standby (async)   OK      BestEffort  1.28.1           k8s-eu-worker2
+sandbox-3  0/604DE38    Standby (async)   OK      BestEffort  1.28.1           k8s-eu-worker
 ```
 
 If you require more detailed status information, use the `--verbose` option (or
@@ -362,9 +362,9 @@ sandbox-primary  primary  1              1                1
 Instances status
 Name       Current LSN  Replication role  Status  QoS         Manager Version  Node
 ----       -----------  ----------------  ------  ---         ---------------  ----
-sandbox-1  0/6053720    Primary           OK      BestEffort  1.28.0           k8s-eu-worker
-sandbox-2  0/6053720    Standby (async)   OK      BestEffort  1.28.0           k8s-eu-worker2
-sandbox-3  0/6053720    Standby (async)   OK      BestEffort  1.28.0           k8s-eu-worker
+sandbox-1  0/6053720    Primary           OK      BestEffort  1.28.1           k8s-eu-worker
+sandbox-2  0/6053720    Standby (async)   OK      BestEffort  1.28.1           k8s-eu-worker2
+sandbox-3  0/6053720    Standby (async)   OK      BestEffort  1.28.1           k8s-eu-worker
 ```
 
 With an additional `-v` (e.g. `kubectl cnpg status sandbox -v -v`), you can
@@ -640,12 +640,12 @@ Archive:  report_operator_<TIMESTAMP>.zip
 
 ```output
 ====== Beginning of Previous Log =====
-2023-03-28T12:56:41.251711811Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting CloudNativePG Operator","version":"1.28.0","build":{"Version":"1.28.0+dev107","Commit":"cc9bab17","Date":"2023-03-28"}}
+2023-03-28T12:56:41.251711811Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting CloudNativePG Operator","version":"1.28.1","build":{"Version":"1.28.1+dev107","Commit":"cc9bab17","Date":"2023-03-28"}}
 2023-03-28T12:56:41.251851909Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting pprof HTTP server","addr":"0.0.0.0:6060"}
   <snipped …>
 
 ====== End of Previous Log =====
-2023-03-28T12:57:09.854306024Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting CloudNativePG Operator","version":"1.28.0","build":{"Version":"1.28.0+dev107","Commit":"cc9bab17","Date":"2023-03-28"}}
+2023-03-28T12:57:09.854306024Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting CloudNativePG Operator","version":"1.28.1","build":{"Version":"1.28.1+dev107","Commit":"cc9bab17","Date":"2023-03-28"}}
 2023-03-28T12:57:09.854363943Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting pprof HTTP server","addr":"0.0.0.0:6060"}
 ```
 

@@ -11,6 +11,119 @@ For a complete list of changes, please refer to the
 [commits](https://github.com/cloudnative-pg/cloudnative-pg/commits/release-1.27)
 on the release branch in GitHub.
 
+## Version 1.27.3
+
+**Release date:** Feb 5, 2026
+
+### Enhancements
+
+- Added support for Azure's `DefaultAzureCredential` authentication mechanism
+  for backup and recovery operations. This can be enabled by setting
+  `azureCredentials.useDefaultAzureCredentials: true` in the backup
+  configuration, simplifying authentication in Azure environments without
+  requiring explicit storage account keys or SAS tokens.
+  ([#9468](https://github.com/cloudnative-pg/cloudnative-pg/pull/9468)) <!-- 1.27 1.25 -->
+
+- Added support for PostgreSQL extension names containing underscores (e.g.,
+  `pg_ivm`, `pg_stat_statements`). Extension names with underscores are
+  automatically sanitized to use hyphens for Kubernetes volume names while
+  preserving the original name in mount paths. Webhook validation prevents
+  naming conflicts after sanitization. Contributed by @shusaan.
+  ([#9386](https://github.com/cloudnative-pg/cloudnative-pg/pull/9386)) <!-- 1.27 -->
+
+### Fixes
+
+- Fixed a critical issue where the `TimelineID` in the cluster status was not
+  reset to 1 after a major version upgrade. Because `pg_upgrade` initializes a
+  new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt
+  to restore incompatible history files from object storage, leading to fatal
+  "requested timeline is not a child of this server's history" errors.
+  ([#9830](https://github.com/cloudnative-pg/cloudnative-pg/pull/9830)) <!-- 1.27 -->
+
+- Fixed a bug where replicas could enter a crash-loop by attempting to download
+  timeline history files from future timelines. This occurred when stale files
+  remained in the WAL archive from a previous cluster life, and replicas would
+  incorrectly try to fetch them during recovery.
+  ([#9650](https://github.com/cloudnative-pg/cloudnative-pg/pull/9650)) <!-- 1.27 1.25 -->
+
+- Fixed a race condition in `replica_cluster` setups during designated primary
+  transitions, preventing transient "no primary" states in the replica cluster.
+  ([#9601](https://github.com/cloudnative-pg/cloudnative-pg/pull/9601)) <!-- 1.27 1.25 -->
+
+- The backup controller now uses the unique instance session ID to detect
+  instance manager restarts. This prevents the operator from incorrectly
+  assuming a backup is still progressing if the underlying container has crashed
+  and restarted, which previously led to orphaned backup objects.
+  ([#9370](https://github.com/cloudnative-pg/cloudnative-pg/pull/9370)) <!-- 1.27 -->
+
+- Fixed a validation gap in Azure object store configurations where the
+  `storageAccount` was not required when using explicit credentials (such as a
+  storage key or SAS token). The operator now enforces that a storage account
+  name is provided in these cases and that `connectionString` is mutually
+  exclusive with other authentication parameters.
+  ([#9604](https://github.com/cloudnative-pg/cloudnative-pg/pull/9604)) <!-- 1.27 1.25 -->
+
+- Optimized the deletion path so the operator begins cleaning up resources
+  immediately when a cluster is marked for deletion. This significantly reduces
+  the time a cluster remains in `Terminating` status while waiting for internal
+  reconciliation loops.
+  ([#9555](https://github.com/cloudnative-pg/cloudnative-pg/pull/9555)) <!-- 1.27 1.25 -->
+
+- Fixed an issue where replication slots were not properly dropped from
+  replicas when the feature was disabled or the cluster was reconfigured.
+  This ensures that unused slots do not cause WAL build-up on the primary.
+  ([#9381](https://github.com/cloudnative-pg/cloudnative-pg/pull/9381)) <!-- 1.27 1.25 -->
+
+- Fixed an issue where `imagePullSecrets` were not added to the `ServiceAccount`
+  created for the `Pooler`. Previously, these secrets were applied to the
+  Deployment but not the SA, which caused image pull failures in restricted
+  environments using certain security policies.
+  ([#9427](https://github.com/cloudnative-pg/cloudnative-pg/pull/9427)) <!-- 1.27 1.25 -->
+
+- Added a check to verify ownership before the operator deletes a `PodMonitor`.
+  This prevents the operator from accidentally deleting manually managed
+  monitoring resources that happen to share a name with expected CNPG
+  resources. Contributed by @juliamertz.
+  ([#9340](https://github.com/cloudnative-pg/cloudnative-pg/pull/9340)) <!-- 1.27 1.25 -->
+
+- Fixed a bug where `pg_stat_archiver` metrics would continue to report stale
+  data on standby instances after a switchover. The exporter now skips these
+  metrics on standbys, as PostgreSQL only provides valid archiver stats on the
+  primary.
+  ([#9411](https://github.com/cloudnative-pg/cloudnative-pg/pull/9411)) <!-- 1.27 1.25 -->
+
+- Clarified the interpretation of timestamp formats for recovery `targetTime`.
+  Timestamps provided without an explicit timezone are now consistently
+  interpreted as UTC. Contributed by @pchovelon.
+  ([#8937](https://github.com/cloudnative-pg/cloudnative-pg/pull/8937)) <!-- 1.27 1.25 -->
+
+- Fixed backup status updates to prevent "resource has been modified" errors
+  during concurrent updates.
+  ([#9551](https://github.com/cloudnative-pg/cloudnative-pg/pull/9551)) <!-- 1.27 1.25 -->
+
+- Fixed event reporting to use the correct pod name when a backup pod is not
+  found.
+  ([#9552](https://github.com/cloudnative-pg/cloudnative-pg/pull/9552)) <!-- 1.27 1.25 -->
+
+- Improved performance of scheduled backup operations for clusters with a very
+  high number of historical backups.
+  ([#9489](https://github.com/cloudnative-pg/cloudnative-pg/pull/9489)) <!-- 1.27 1.25 -->
+
+- Fixed error handling when removing finalizers on `Database` objects.
+  ([#9431](https://github.com/cloudnative-pg/cloudnative-pg/pull/9431)) <!-- 1.27 1.25 -->
+
+- `cnpg` plugin:
+
+    - Updated the `status` command to display "Disabled" when the
+      `skipWalArchiving` annotation is present on a cluster. This replaces
+      confusing "starting up" or "unknown" states when WAL archiving is
+      intentionally bypassed.
+      ([#9709](https://github.com/cloudnative-pg/cloudnative-pg/pull/9709)) <!-- 1.27 1.25 -->
+
+    - Fixed the `logs --follow` command to continue polling for new pods instead
+      of exiting prematurely when all current log streams complete.
+      ([#9599](https://github.com/cloudnative-pg/cloudnative-pg/pull/9599)) <!-- 1.27 1.25 -->
+
 ## Version 1.27.2
 
 **Release date:** Dec 9, 2025