CloudNativePG 1.29.1 and 1.28.3 released: critical CVE fix (opens in new tab)

The CloudNativePG community is releasing maintenance updates for all currently supported series: 1.29.1 and 1.28.3. This is a high-priority release. It addresses CVE-2026-44477 (the first CVE officially assigned against CloudNativePG, rated Critical with a CVSS v4 score of 9.4), alongside additional CVE remediations in dependencies and the Go runtime. On the reliability side, three independent bugs in the HA failover path are resolved, including a label retention issue that could route writes...