credcheck v4.6 has been releasedGrenoble, France - Febuary 23, 2026 PostgreSQL credcheck extensionThe credcheck PostgreSQL extension provides few general credential checks, which will be evaluated during the user creation, during the password change and user renaming. By using this extension, we can define a set of rules: - allow a specific set of credentials
- reject a certain type of credentials
- deny password that can be easily cracked
- enforce use of an expiration date with a minimum of day for a password
- define a password reuse policy
- define the number of authentication failure allowed before a user is banned
- define a delay on authentication failures
- force users to change their password after first login
- throw a warning N days before when the password user is about to expire
Release 4.6 has been published, it is a security fix release. If you are running v4.5 please upgrade as soon as possible. - Fix security issue with
ALTER ROLE current_role that allow to change superusers password. - Fix event trigger for password expiration warning when time diff are negative values.
- Disable the login event trigger when
credcheck.password_valid_warning is not defined or set to 0.
If you are using the password expiration warning feature you should execute the event_trigger.sql in each database where it is defined. Upgrade require a PostgreSQL restart to reload the credcheck library. Complete list of changes and acknowledgements are available here Links & Creditscredcheck is an open project under the PostgreSQL license maintained by HexaCluster. Any contribution to build a better tool is welcome. You can send your ideas, features requests or patches using the GitHub tools. Links : About credcheckThe credcheck extension is developed and maintained by Gilles Darold at https://hexacluster.ai. If you need more information please https://hexacluster.ai/contact-us/. Documentation at https://github.com/HexaCluster/credcheck#readme |