update generated release notes

Author: github-actions[bot]

product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_25_6_rel_notes.mdx

@@ -6,7 +6,7 @@ originalFilePath: product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.25
 editTarget: originalFilePath
 ---
 
-Released: 10 February 2025
+Released: 10 February 2026
 
 This release of EDB CloudNativePG Cluster is built on the final community release of the 1.25.x series of CloudNativePG. 
 EDB will continue providing LTS releases in the 1.25.x series according to our [Long-Term Support

product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_25_7_rel_notes.mdx

@@ -0,0 +1,122 @@
+---
+# IMPORTANT: Do not edit this file directly - it is generated from yaml source.
+title: EDB CloudNativePG Cluster 1.25.7 release notes
+navTitle: Version 1.25.7
+originalFilePath: product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.25.7_rel_notes.yml
+editTarget: originalFilePath
+---
+
+Released: 2 April 2026
+
+This release of EDB CloudNativePG Cluster is built on the final community release of the 1.25.x series of CloudNativePG. 
+EDB will continue providing LTS releases in the 1.25.x series according to our [Long-Term Support
+policy](/postgres_for_kubernetes/1/#long-term-support). 
+
+!!! Warning EDB CloudNativePG Cluster 1.25 reaches End-of-Life in June 2026.
+
+ Users are encouraged to start planning their upgrade to a newer minor
+ version before that date.
+
+ !!!
+
+This release of EDB CloudNativePG Cluster includes the following:
+
+## Enhancements
+
+<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody>
+<tr><td><details><summary>Improved the <code>Pooler</code> CRD with support for granular configuration of TLS
+cipher suites and minimum/maximum TLS versions.
+</summary><hr/><p>This enables administrators
+to meet strict security compliance requirements for pooler-to-client and
+pooler-to-server connections.
+Contributed by @alex1989hu.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9571">#9571</a></td></tr>
+<tr><td><details><summary>Improved role management by verifying the instance is the primary before
+each reconciliation cycle
+</summary><hr/><p>...avoiding unnecessary reconciliation attempts and spurious error messages on read-only replicas.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9971">#9971</a></td></tr>
+<tr><td>The operator now honors the `primaryUpdateMethod` when adding new PVCs to a
+cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is
+respected during storage expansion or additions.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9720">#9720</a></td></tr>
+</tbody></table>
+
+
+## Security Fixes
+
+<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody>
+<tr><td>Security best practices integration**: integrated the OpenSSF baseline
+scanner and added a `SECURITY-INSIGHTS.yaml` file to the repository to align
+with industry-standard security reporting.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10054">#10054</a>, <a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10062">#10062</a></td></tr>
+<tr><td><details><summary>SLSA provenance and SBOMs**: added SLSA (Supply-chain Levels for Software
+Artifacts) provenance to release binaries and container images.
+</summary><hr/><p>Additionally,
+enabled Software Bill of Materials (SBOM) generation within the GoReleaser
+pipeline for improved dependency transparency.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10048">#10048</a>, <a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10074">#10074</a></td></tr>
+<tr><td>Password leak prevention**: fixed a potential security risk where PostgreSQL
+could leak role passwords in the logs during specific reconciliation phases.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9950">#9950</a></td></tr>
+</tbody></table>
+
+
+## Changes
+
+<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody>
+<tr><td>Updated the default PostgreSQL version to 18.3 (image `18.3-standard-ubi9`).
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10090">#10090</a></td></tr>
+</tbody></table>
+
+
+## Bug Fixes
+
+<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody>
+<tr><td><details><summary>Fixed an issue where replicas would get stuck in a <code>Pending</code> state if the
+<code>VolumeSnapshot</code> used for the initial bootstrap had been deleted.
+</summary><hr/><p>The operator now validates snapshot existence before use; if a snapshot is missing,
+it attempts to use the next available candidate or falls back to
+<code>pg_basebackup</code>.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10192">#10192</a></td></tr>
+<tr><td>Prevented the "supervised primary" rollout strategy from consuming all
+available rollout slots, which previously caused delays in scheduled updates.
+Contributed by @ermakov-oleg.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9977">#9977</a></td></tr>
+<tr><td>Fixed an issue where certain hot-standby parameter changes were not being
+correctly applied to replica clusters.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9952">#9952</a></td></tr>
+<tr><td><details><summary>Fixed webhook validation of bootstrap recovery sources to accept external
+clusters configured with <code>ConnectionParameters</code> (for <code>pg_basebackup</code>-based
+recovery).
+</summary><hr/><p>Previously, these were incorrectly rejected unless a Barman
+object store or CNPG-i plugin was also configured.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10268">#10268</a></td></tr>
+<tr><td>When hibernating a non-healthy cluster, the operator now reports a
+`WaitingForHealthy` condition, making the deferred hibernation state visible
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10193">#10193</a></td></tr>
+<tr><td><details><summary>Fixed fencing to work correctly even when the target pod does not exist.
+</summary><hr/><p>Fencing operates on a cluster-level annotation and should not depend on pod
+existence; instance name validation is now performed only in the <code>cnp fencing on</code> command.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10035">#10035</a></td></tr>
+<tr><td>Fixed the cluster and pooler service reconcilers to correctly handle changes
+to all spec fields when using the patch update strategy. The reconciler now
+uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields
+(such as `loadBalancerClass`) from being inadvertently removed.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10190">#10190</a>, <a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10311">#10311</a></td></tr>
+<tr><td>Fixed a race condition in the deprecated in-tree Barman Cloud backup
+implementation affecting parallel WAL restore, where prefetched files could
+be read while still being downloaded, causing PostgreSQL recovery to fail
+with "invalid checkpoint record" errors.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10285">#10285</a></td></tr>
+<tr><td><details><summary>Fixed the timeline history file validation to also apply to plugin-based WAL restore.
+</summary><hr/><p>Previously, the protection introduced in
+<a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9650">#9650</a> only
+covered in-tree restores, allowing plugins to bypass the check and download
+future timeline history files, causing timeline mismatch errors on replicas.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9849">#9849</a></td></tr>
+<tr><td>The cnp plugin now correctly propagates ImagePullSecrets to the
+  `pgbench` Job pod template.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10174">#10174</a></td></tr>
+</tbody></table>
+
+

product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_27_3_rel_notes.mdx

@@ -6,7 +6,7 @@ originalFilePath: product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.27
 editTarget: originalFilePath
 ---
 
-Released: 10 February 2025
+Released: 10 February 2026
 
 This release of EDB CloudNativePG Cluster includes the following:
 

product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_27_4_rel_notes.mdx

@@ -0,0 +1,141 @@
+---
+# IMPORTANT: Do not edit this file directly - it is generated from yaml source.
+title: EDB CloudNativePG Cluster 1.27.4 release notes
+navTitle: Version 1.27.4
+originalFilePath: product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.27.4_rel_notes.yml
+editTarget: originalFilePath
+---
+
+Released: 31 March 2026
+
+This release of EDB CloudNativePG Cluster includes the following:
+
+## Highlights
+
+Updated the deprecation notice for native (in-tree) Barman Cloud support to
+reflect that it will now be removed in EDB Postgres for Kubernetes 1.30.0, rather than
+1.29.0. Users are still encouraged to migrate to the Barman Cloud Plugin.
+([#10167](https://github.com/cloudnative-pg/cloudnative-pg/pull/10167))
+
+## Enhancements
+
+<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody>
+<tr><td><details><summary>Improved the <code>Pooler</code> CRD with support for granular configuration of TLS
+cipher suites and minimum/maximum TLS versions.
+</summary><hr/><p>This enables administrators
+to meet strict security compliance requirements for pooler-to-client and
+pooler-to-server connections.
+Contributed by @alex1989hu.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9571">#9571</a></td></tr>
+<tr><td><details><summary>Improved the reliability of major upgrades by setting <code>BackoffLimit=0</code> on the
+upgrade job, preventing unnecessary retries of a failed <code>pg_upgrade</code>.
+</summary><hr/><p>The operator now automatically deletes the failed job when a user reverts the
+container image, allowing the cluster to restart gracefully on the original
+version.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10104">#10104</a>, <a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10298">#10298</a></td></tr>
+<tr><td><details><summary>Improved role management by verifying the instance is the primary before
+each reconciliation cycle
+</summary><hr/><p>...avoiding unnecessary reconciliation attempts and spurious error messages on read-only replicas.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9971">#9971</a></td></tr>
+<tr><td>The operator now honors the `primaryUpdateMethod` when adding new PVCs to a
+cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is
+respected during storage expansion or additions.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9720">#9720</a></td></tr>
+</tbody></table>
+
+
+## Security Fixes
+
+<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody>
+<tr><td>Security best practices integration**: integrated the OpenSSF baseline
+scanner and added a `SECURITY-INSIGHTS.yaml` file to the repository to align
+with industry-standard security reporting.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10054">#10054</a>, <a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10062">#10062</a></td></tr>
+<tr><td><details><summary>SLSA provenance and SBOMs**: added SLSA (Supply-chain Levels for Software
+Artifacts) provenance to release binaries and container images.
+</summary><hr/><p>Additionally,
+enabled Software Bill of Materials (SBOM) generation within the GoReleaser
+pipeline for improved dependency transparency.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10048">#10048</a>, <a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10074">#10074</a></td></tr>
+<tr><td>Password leak prevention**: fixed a potential security risk where PostgreSQL
+could leak role passwords in the logs during specific reconciliation phases.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9950">#9950</a></td></tr>
+</tbody></table>
+
+
+## Changes
+
+<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody>
+<tr><td>Updated the default PostgreSQL version to 18.3 (image `18.3-standard-ubi9`).
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10090">#10090</a></td></tr>
+</tbody></table>
+
+
+## Bug Fixes
+
+<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody>
+<tr><td><details><summary>Fixed an issue where fencing annotations could not be processed when the WAL
+disk was full
+</summary><hr/><p>...because the disk space check blocked the instance manager from
+starting. The check is now performed later in the lifecycle loop, after
+fencing is evaluated.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10302">#10302</a></td></tr>
+<tr><td><details><summary>Fixed an issue where replicas would get stuck in a <code>Pending</code> state if the
+<code>VolumeSnapshot</code> used for the initial bootstrap had been deleted.
+</summary><hr/><p>The operator now validates snapshot existence before use; if a snapshot is missing,
+it attempts to use the next available candidate or falls back to
+<code>pg_basebackup</code>.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10192">#10192</a></td></tr>
+<tr><td>Prevented the "supervised primary" rollout strategy from consuming all
+available rollout slots, which previously caused delays in scheduled updates.
+Contributed by @ermakov-oleg.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9977">#9977</a></td></tr>
+<tr><td>Fixed an issue where certain hot-standby parameter changes were not being
+correctly applied to replica clusters.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9952">#9952</a></td></tr>
+<tr><td>Fixed a bug in the CNPG-I reconciler hook that could lead to skipping
+subsequent plugins when a "continue" result was returned.
+Contributed by @sharifmshaker.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9978">#9978</a></td></tr>
+<tr><td>Fixed a deadlock scenario that occurred when attempting to resize a
+filesystem on a PVC that was not currently attached to a Pod.
+Contributed by @jmealo.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9981">#9981</a></td></tr>
+<tr><td><details><summary>Fixed webhook validation of bootstrap recovery sources to accept external
+clusters configured with <code>ConnectionParameters</code> (for <code>pg_basebackup</code>-based
+recovery).
+</summary><hr/><p>Previously, these were incorrectly rejected unless a Barman
+object store or CNPG-i plugin was also configured.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10268">#10268</a></td></tr>
+<tr><td>Volume names for extensions and tablespaces are now prefixed to avoid naming
+collisions with standard cluster volumes.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9973">#9973</a></td></tr>
+<tr><td>When hibernating a non-healthy cluster, the operator now reports a
+`WaitingForHealthy` condition, making the deferred hibernation state visible
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10193">#10193</a></td></tr>
+<tr><td><details><summary>Fixed fencing to work correctly even when the target pod does not exist.
+</summary><hr/><p>Fencing operates on a cluster-level annotation and should not depend on pod
+existence; instance name validation is now performed only in the <code>cnp fencing on</code> command.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10035">#10035</a></td></tr>
+<tr><td>Fixed the cluster and pooler service reconcilers to correctly handle changes
+to all spec fields when using the patch update strategy. The reconciler now
+uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields
+(such as `loadBalancerClass`) from being inadvertently removed.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10190">#10190</a>, <a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10311">#10311</a></td></tr>
+<tr><td>Fixed a race condition in the deprecated in-tree Barman Cloud backup
+implementation affecting parallel WAL restore, where prefetched files could
+be read while still being downloaded, causing PostgreSQL recovery to fail
+with "invalid checkpoint record" errors.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10285">#10285</a></td></tr>
+<tr><td><details><summary>Fixed the timeline history file validation to also apply to plugin-based WAL restore.
+</summary><hr/><p>Previously, the protection introduced in
+<a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9650">#9650</a> only
+covered in-tree restores, allowing plugins to bypass the check and download
+future timeline history files, causing timeline mismatch errors on replicas.</p>
+</details></td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/9849">#9849</a></td></tr>
+<tr><td>The cnp plugin now correctly propagates ImagePullSecrets to the
+  `pgbench` Job pod template.
+</td><td><a href="https://github.com/cloudnative-pg/cloudnative-pg/pull/10174">#10174</a></td></tr>
+</tbody></table>
+
+

product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_28_1_rel_notes.mdx

@@ -6,7 +6,7 @@ originalFilePath: product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.28
 editTarget: originalFilePath
 ---
 
-Released: 10 February 2025
+Released: 10 February 2026
 
 This release of EDB Postgres® AI for CloudNativePG™ Cluster includes the following: