docs: import CloudNativePG main

Author: cnpg-bot

website/docs/index.md

@@ -64,7 +64,7 @@ container images for both the operator and PostgreSQL (the operand).
 
 The CloudNativePG operator container images are available on the
 [`cloudnative-pg` project's GitHub Container Registry](https://github.com/cloudnative-pg/cloudnative-pg/pkgs/container/cloudnative-pg)
-in three different flavors:
+in two different flavors:
 
 - Debian 12 distroless
 - Red Hat UBI 9 micro (suffix `-ubi9`)

website/docs/installation_upgrade.md

@@ -267,22 +267,16 @@ removed before installing the new one. This won't affect user data but
 only the operator itself.
 
 
-### Upgrading to 1.28.0 or 1.27.x
+### Upgrading to 1.29.0 or 1.28.x
 
 :::info[Important]
     We strongly recommend that all CloudNativePG users upgrade to version
-    1.28.0, or at least to the latest stable version of your current minor release
-    (e.g., 1.27.x).
+    1.29.0, or at least to the latest stable version of your current minor release
+    (e.g., 1.28.x).
 :::
 
 ### Upgrading to 1.27 from a previous minor version
 
-:::info[Important]
-    We strongly recommend that all CloudNativePG users upgrade to version
-    1.27.0, or at least to the latest stable version of your current minor release
-    (e.g., 1.26.1).
-:::
-
 Version 1.27 introduces a change in the default behavior of the
 [liveness probe](instance_manager.md#liveness-probe): it now enforces the
 [shutdown of an isolated primary](instance_manager.md#primary-isolation)
@@ -299,65 +293,6 @@ spec:
         enabled: false
 ```
 
-### Upgrading to 1.26 from a previous minor version
-
-:::warning
-    Due to changes in the startup probe for the manager component
-    ([#6623](https://github.com/cloudnative-pg/cloudnative-pg/pull/6623)),
-    upgrading the operator will trigger a restart of your PostgreSQL clusters,
-    even if in-place updates are enabled (`ENABLE_INSTANCE_MANAGER_INPLACE_UPDATES=true`).
-    Your applications will need to reconnect to PostgreSQL after the upgrade.
-:::
-
-#### Deprecation of backup metrics and fields in the `Cluster` `.status`
-
-With the transition to a backup and recovery agnostic approach based on CNPG-I
-plugins in CloudNativePG, which began with version 1.26.0 for Barman Cloud, we
-are starting the deprecation period for the following fields in the `.status`
-section of the `Cluster` resource:
-
-- `firstRecoverabilityPoint`
-- `firstRecoverabilityPointByMethod`
-- `lastSuccessfulBackup`
-- `lastSuccessfulBackupByMethod`
-- `lastFailedBackup`
-
-The following Prometheus metrics are also deprecated:
-
-- `cnpg_collector_first_recoverability_point`
-- `cnpg_collector_last_failed_backup_timestamp`
-- `cnpg_collector_last_available_backup_timestamp`
-
-:::warning
-    If you have migrated to a plugin-based backup and recovery solution such as
-    Barman Cloud, these fields and metrics are no longer synchronized and will
-    not be updated. Users still relying on the in-core support for Barman Cloud
-    and volume snapshots can continue to use these fields for the time being.
-:::
-
-Under the new plugin-based approach, multiple backup methods can operate
-simultaneously, each with its own timeline for backup and recovery. For
-example, some plugins may provide snapshots without WAL archiving, while others
-support continuous archiving.
-
-Because of this flexibility, maintaining centralized status fields in the
-`Cluster` resource could be misleading or confusing, as they would not
-accurately represent the state across all configured backup methods.
-For this reason, these fields are being deprecated.
-
-Instead, each plugin is responsible for exposing its own backup status
-information and providing metrics back to the instance manager for monitoring
-and operational awareness.
-
-#### Declarative Hibernation in the `cnpg` plugin
-
-In this release, the `cnpg` plugin for `kubectl` transitions from an imperative
-to a [declarative approach for cluster hibernation](declarative_hibernation.md).
-The `hibernate on` and `hibernate off` commands are now convenient shortcuts
-that apply declarative changes to enable or disable hibernation.
-The `hibernate status` command has been removed, as its purpose is now
-fulfilled by the standard `status` command.
-
 ## Verifying release assets
 
 CloudNativePG cryptographically signs all official release assets. Verifying these

website/docs/preview_version.md

@@ -20,15 +20,16 @@ intended for public testing prior to the final release.
 
 ## Current Preview Version
 
-<!--
 There are currently no preview versions available.
--->
+
+<!--
 The current preview version is **1.29.0-rc1**.
 
 For more information on the current preview version and how to test, please view the links below:
 
 - [Announcement](https://cloudnative-pg.io/releases/cloudnative-pg-1-29.0-rc1-released/)
 - [Documentation](https://cloudnative-pg.io/docs/preview/)
+-->
 
 ## Purpose of Release Candidates
 

website/docs/release_notes.md

@@ -9,16 +9,16 @@ title: Release notes
 
 History of user-visible changes for CloudNativePG, classified for each minor release.
 
-- [CloudNativePG 1.29 - Release Candidate](release_notes/v1.29.md) (preview)
+- [CloudNativePG 1.29](release_notes/v1.29.md)
 - [CloudNativePG 1.28](release_notes/v1.28.md)
-- [CloudNativePG 1.27](release_notes/v1.27.md)
 
 For information on the community support policy for CloudNativePG, please
 refer to ["Supported releases"](supported_releases.md).
 
 Older releases:
 
-- [CloudNativePG 1.26](release_notes/v1.26.md)
+- [CloudNativePG 1.27](release_notes/v1.27.md)
+- [CloudNativePG 1.26](release_notes/old/v1.26.md)
 - [CloudNativePG 1.25](release_notes/old/v1.25.md)
 - [CloudNativePG 1.24](release_notes/old/v1.24.md)
 - [CloudNativePG 1.23](release_notes/old/v1.23.md)

website/docs/release_notes/v1.26.md website/docs/release_notes/old/v1.26.mdwebsite/docs/release_notes/v1.26.md renamed to website/docs/release_notes/old/v1.26.md

@@ -11,6 +11,163 @@ For a complete list of changes, please refer to the
 [commits](https://github.com/cloudnative-pg/cloudnative-pg/commits/release-1.27)
 on the release branch in GitHub.
 
+## Version 1.27.4
+
+**Release date:** Mar 31, 2026
+
+:::warning
+    This is the final release in the 1.27.x series.
+    Users are strongly encouraged to upgrade to a newer minor version, as 1.27
+    is no longer supported.
+:::
+
+### Important changes
+
+- Updated the deprecation notice for native (in-tree) Barman Cloud support to
+  reflect that it will now be removed in CloudNativePG 1.30.0, rather than
+  1.29.0. Users are still encouraged to migrate to the Barman Cloud Plugin.
+  ([#10167](https://github.com/cloudnative-pg/cloudnative-pg/pull/10167)) <!-- 1.28 1.27 -->
+
+### Enhancements
+
+- Improved the `Pooler` CRD with support for granular configuration of TLS
+  cipher suites and minimum/maximum TLS versions. This enables administrators
+  to meet strict security compliance requirements for pooler-to-client and
+  pooler-to-server connections.
+  Contributed by @alex1989hu.
+  ([#9571](https://github.com/cloudnative-pg/cloudnative-pg/pull/9571)) <!-- 1.28 1.27 1.25 -->
+
+- Improved the reliability of major upgrades by setting `BackoffLimit=0` on the
+  upgrade job, preventing unnecessary retries of a failed `pg_upgrade`. The
+  operator now automatically deletes the failed job when a user reverts the
+  container image, allowing the cluster to restart gracefully on the original
+  version.
+  ([#10104](https://github.com/cloudnative-pg/cloudnative-pg/pull/10104),
+  [#10298](https://github.com/cloudnative-pg/cloudnative-pg/pull/10298)) <!-- 1.28 1.27 -->
+
+- Improved role management by verifying the instance is the primary before
+  each reconciliation cycle, avoiding unnecessary reconciliation attempts and
+  spurious error messages on read-only replicas.
+  ([#9971](https://github.com/cloudnative-pg/cloudnative-pg/pull/9971)) <!-- 1.28 1.27 1.25 -->
+
+- Extended the CRD schemas for `Cluster`, `ImageCatalog`, and
+  `ClusterImageCatalog` to accept the `extensions`, `bin_path`, and `env`
+  fields introduced in 1.29. The operator ignores these fields on older
+  versions, but accepting them in the schema allows users to share a single
+  manifest across clusters running different CNPG versions.
+  ([#10131](https://github.com/cloudnative-pg/cloudnative-pg/pull/10131),
+  [#10387](https://github.com/cloudnative-pg/cloudnative-pg/pull/10387)) <!-- 1.28 1.27 -->
+
+- The operator now honors the `primaryUpdateMethod` when adding new PVCs to a
+  cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is
+  respected during storage expansion or additions.
+  ([#9720](https://github.com/cloudnative-pg/cloudnative-pg/pull/9720)) <!-- 1.28 1.27 -->
+
+### Security and Supply Chain
+
+- **Security best practices integration**: integrated the OpenSSF baseline
+  scanner and added a `SECURITY-INSIGHTS.yaml` file to the repository to align
+  with industry-standard security reporting.
+  ([#10054](https://github.com/cloudnative-pg/cloudnative-pg/pull/10054), <!-- 1.28 1.27 1.25 -->
+  [#10062](https://github.com/cloudnative-pg/cloudnative-pg/pull/10062)) <!-- 1.28 1.27 1.25 -->
+
+- **SLSA provenance and SBOMs**: added SLSA (Supply-chain Levels for Software
+  Artifacts) provenance to release binaries and container images. Additionally,
+  enabled Software Bill of Materials (SBOM) generation within the GoReleaser
+  pipeline for improved dependency transparency.
+  ([#10048](https://github.com/cloudnative-pg/cloudnative-pg/pull/10048), <!-- 1.28 1.27 1.25 -->
+  [#10074](https://github.com/cloudnative-pg/cloudnative-pg/pull/10074)) <!-- 1.28 1.27 1.25 -->
+
+- **Password leak prevention**: fixed a potential security risk where PostgreSQL
+  could leak role passwords in the logs during specific reconciliation phases.
+  ([#9950](https://github.com/cloudnative-pg/cloudnative-pg/pull/9950)) <!-- 1.28 1.27 1.25 -->
+
+### Changes
+
+- Updated the default PostgreSQL version to 18.3 (image `18.3-system-trixie`).
+  ([#10090](https://github.com/cloudnative-pg/cloudnative-pg/pull/10090)) <!-- 1.28 1.27 1.25 -->
+
+### Fixes
+
+- Fixed an issue where fencing annotations could not be processed when the WAL
+  disk was full, because the disk space check blocked the instance manager from
+  starting. The check is now performed later in the lifecycle loop, after
+  fencing is evaluated.
+  ([#10302](https://github.com/cloudnative-pg/cloudnative-pg/pull/10302)) <!-- 1.28 1.27 -->
+
+- Fixed an issue where replicas would get stuck in a `Pending` state if the
+  `VolumeSnapshot` used for the initial bootstrap had been deleted. The
+  operator now validates snapshot existence before use; if a snapshot is missing,
+  it attempts to use the next available candidate or falls back to
+  `pg_basebackup`.
+  ([#10192](https://github.com/cloudnative-pg/cloudnative-pg/pull/10192)) <!-- 1.28 1.27 1.25 -->
+
+- Prevented the "supervised primary" rollout strategy from consuming all
+  available rollout slots, which previously caused delays in scheduled updates.
+  Contributed by @ermakov-oleg.
+  ([#9977](https://github.com/cloudnative-pg/cloudnative-pg/pull/9977)) <!-- 1.28 1.27 1.25 -->
+
+- Fixed an issue where certain hot-standby parameter changes were not being
+  correctly applied to replica clusters.
+  ([#9952](https://github.com/cloudnative-pg/cloudnative-pg/pull/9952)) <!-- 1.28 1.27 1.25 -->
+
+- Fixed a bug in the CNPG-I reconciler hook that could lead to skipping
+  subsequent plugins when a "continue" result was returned.
+  Contributed by @sharifmshaker.
+  ([#9978](https://github.com/cloudnative-pg/cloudnative-pg/pull/9978)) <!-- 1.28 1.27 -->
+
+- Fixed a deadlock scenario that occurred when attempting to resize a
+  filesystem on a PVC that was not currently attached to a Pod.
+  Contributed by @jmealo.
+  ([#9981](https://github.com/cloudnative-pg/cloudnative-pg/pull/9981)) <!-- 1.28 1.27 -->
+
+- Fixed webhook validation of bootstrap recovery sources to accept external
+  clusters configured with `ConnectionParameters` (for `pg_basebackup`-based
+  recovery). Previously, these were incorrectly rejected unless a Barman
+  object store or CNPG-i plugin was also configured.
+  ([#10268](https://github.com/cloudnative-pg/cloudnative-pg/pull/10268)) <!-- 1.28 1.27 1.25 -->
+
+- Volume names for extensions and tablespaces are now prefixed to avoid naming
+  collisions with standard cluster volumes.
+  ([#9973](https://github.com/cloudnative-pg/cloudnative-pg/pull/9973)) <!-- 1.28 1.27 -->
+
+- When hibernating a non-healthy cluster, the operator now reports a
+  `WaitingForHealthy` condition, making the deferred hibernation state visible
+  through `cnpg status`.
+  ([#10193](https://github.com/cloudnative-pg/cloudnative-pg/pull/10193)) <!-- 1.28 1.27 1.25 -->
+
+- Fixed fencing to work correctly even when the target pod does not exist.
+  Fencing operates on a cluster-level annotation and should not depend on pod
+  existence; instance name validation is now performed only in the `cnpg
+  fencing on` command.
+  ([#10035](https://github.com/cloudnative-pg/cloudnative-pg/pull/10035)) <!-- 1.28 1.27 1.25 -->
+
+- Fixed the cluster and pooler service reconcilers to correctly handle changes
+  to all spec fields when using the patch update strategy. The reconciler now
+  uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields
+  (such as `loadBalancerClass`) from being inadvertently removed.
+  ([#10190](https://github.com/cloudnative-pg/cloudnative-pg/pull/10190),
+  [#10311](https://github.com/cloudnative-pg/cloudnative-pg/pull/10311)) <!-- 1.28 1.27 1.25 -->
+
+- Fixed a race condition in the deprecated in-tree Barman Cloud backup
+  implementation affecting parallel WAL restore, where prefetched files could
+  be read while still being downloaded, causing PostgreSQL recovery to fail
+  with "invalid checkpoint record" errors.
+  ([#10285](https://github.com/cloudnative-pg/cloudnative-pg/pull/10285)) <!-- 1.28 1.27 1.25 -->
+
+- Fixed the timeline history file validation to also apply to plugin-based WAL
+  restore. Previously, the protection introduced in
+  [#9650](https://github.com/cloudnative-pg/cloudnative-pg/pull/9650) only
+  covered in-tree restores, allowing plugins to bypass the check and download
+  future timeline history files, causing timeline mismatch errors on replicas.
+  ([#9849](https://github.com/cloudnative-pg/cloudnative-pg/pull/9849)) <!-- 1.28 1.27 1.25 -->
+
+- `cnpg` plugin:
+
+    - The cnpg plugin now correctly propagates ImagePullSecrets to the
+      `pgbench` Job pod template.
+      ([#10174](https://github.com/cloudnative-pg/cloudnative-pg/pull/10174)) <!-- 1.28 1.27 1.25 -->
+
 ## Version 1.27.3
 
 **Release date:** Feb 5, 2026