diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v1.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v1.0.md new file mode 100644 index 0000000000000..96a7ce3b1ea2a --- /dev/null +++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v1.0.md @@ -0,0 +1,61 @@ +# pg_tde 1.0 ({{date.GA10}}) + +The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)](../index/index.md) to PostgreSQL and enables you to keep sensitive data safe and secure. + +[Get Started](../install.md){.md-button} + +## Release Highlights + +* **`pg_tde` 1.0 is now GA (Generally Available)** + +And **stable** for encrypting relational data in PostgreSQL using [Transparent Data Encryption (TDE)](../index/index.md). This milestone brings production-level data protection to PostgreSQL workloads. + +* **WAL encryption is still in Beta** + +The WAL encryption feature is currently still in beta and is not effective unless explicitly enabled. **It is not yet production ready.** Do **not** enable this feature in production environments. + +## Upgrade considerations + +`pg_tde` {{tdeversion}} is **not** backward compatible with previous `pg_tde` versions, like Release Candidate 2, due to significant changes in code. This means you **cannot** directly upgrade from one version to another. You must do **a clean installation** of `pg_tde`. + +## Known issues + +* The default `mlock` limit on Rocky Linux 8 for ARM64-based architectures equals the memory page size and is 64 Kb. This results in the child process with `pg_tde` failing to allocate another memory page because the max memory limit is reached by the parent process. + +To prevent this, you can change the `mlock` limit to be at least twice bigger than the memory page size: + +* temporarily for the current session using the `ulimit -l ` command. +* set a new hard limit in the `/etc/security/limits.conf` file. To do so, you require the superuser privileges. + +Adjust the limits with caution since it affects other processes running in your system. + +## Changelog + +### New Features + +- [PG-1257](https://perconadev.atlassian.net/browse/PG-1257) – Added SQL function to remove the current principal key + +### Improvements + +- [PG-1617](https://perconadev.atlassian.net/browse/PG-1617) – Removed relation key cache +- [PG-1635](https://perconadev.atlassian.net/browse/PG-1635) – User-facing TDE functions now return void +- [PG-1605](https://perconadev.atlassian.net/browse/PG-1605) – Removed undeclared dependencies for `pg_tde_grant_database_key_management_to_role()` + +### Bugs Fixed + +- [PG-1581](https://perconadev.atlassian.net/browse/PG-1581) – Fixed PostgreSQL crashes on table access when KMIP key is unavailable after restart +- [PG-1583](https://perconadev.atlassian.net/browse/PG-1583) – Fixed a crash when dropping the `pg_tde` extension with CASCADE after changing the key provider file +- [PG-1585](https://perconadev.atlassian.net/browse/PG-1585) – Fixed the vault provider re-addition that failed after server restart with a new token +- [PG-1592](https://perconadev.atlassian.net/browse/PG-1592) – Improve error logs when Server Key Info is requested without being created +- [PG-1593](https://perconadev.atlassian.net/browse/PG-1593) – Fixed runtime failures when invalid Vault tokens are allowed during key provider creation +- [PG-1600](https://perconadev.atlassian.net/browse/PG-1600) – Fixed Postmaster error when dropping a table with an unavailable key provider +- [PG-1606](https://perconadev.atlassian.net/browse/PG-1606) – Fixed missing superuser check in role grant function leads to misleading errors +- [PG-1607](https://perconadev.atlassian.net/browse/PG-1607) – Improved CA parameter order and surrounding documentation for clearer interpretation +- [PG-1608](https://perconadev.atlassian.net/browse/PG-1608) – Updated and fixed global key configuration parameters in documentation +- [PG-1613](https://perconadev.atlassian.net/browse/PG-1613) – Tested and improved the `pg_tde_change_key_provider` CLI utility +- [PG-1637](https://perconadev.atlassian.net/browse/PG-1637) – Fixed unused keys in key files which caused issues after OID wraparound +- [PG-1651](https://perconadev.atlassian.net/browse/PG-1651) – Fixed the CLI tool when working with Vault key export/import +- [PG-1652](https://perconadev.atlassian.net/browse/PG-1652) – Fixed when the server fails to find encryption keys after CLI-based provider change +- [PG-1662](https://perconadev.atlassian.net/browse/PG-1662) – Fixed the creation of inconsistent encryption status when altering partitioned tables +- [PG-1663](https://perconadev.atlassian.net/browse/PG-1663) – Fixed the indexes on partitioned tables which were not encrypted +- [PG-1700](https://perconadev.atlassian.net/browse/PG-1700) – Fixed the error hint when the principal key is missing diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes.md index f5306753eaa77..7a5175285dc82 100644 --- a/contrib/pg_tde/documentation/docs/release-notes/release-notes.md +++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes.md @@ -2,6 +2,8 @@ `pg_tde` extension brings in [Transparent Data Encryption (TDE)](../index/index.md) to PostgreSQL and enables you to keep sensitive data safe and secure. +* [Percona Transparent Database Encryption for PostgreSQL 1.0 ({{date.GA10}})](release-notes-v1.0.md) +* [pg_tde Release Candidate 2 (RC2) ({{date.RC2}})](rc2.md) * [pg_tde Release Candidate 2 (RC2) ({{date.RC2}})](rc2.md) * [pg_tde Release Candidate ({{date.RC}})](rc.md) * [pg_tde Beta2 (2024-12-16)](beta2.md) diff --git a/contrib/pg_tde/documentation/mkdocs.yml b/contrib/pg_tde/documentation/mkdocs.yml index 51e45a2b4a833..eca6171c87aab 100644 --- a/contrib/pg_tde/documentation/mkdocs.yml +++ b/contrib/pg_tde/documentation/mkdocs.yml @@ -163,14 +163,14 @@ nav: - "Features": features.md - "Overview": - "What is Transparent Data Encryption (TDE)?": - - "TDE Overview": index/index.md - - "TDE Benefits": index/how-tde-helps.md - - "How TDE Works": index/how-does-tde-work.md - - "Encrypted Data Scope": index/tde-encrypts.md - - "Table Access Methods and TDE": index/table-access-method.md + - "TDE overview": index/index.md + - "TDE benefits": index/how-tde-helps.md + - "How TDE works": index/how-does-tde-work.md + - "Encrypted data scope": index/tde-encrypts.md + - "Table access methods and TDE": index/table-access-method.md - "Limitations of TDE": index/tde-limitations.md - - "Versions and Supported PostgreSQL Deployments": index/supported-versions.md - - "Get Started": + - "Versions and supported PostgreSQL deployments": index/supported-versions.md + - "Get started": - "1. Install pg_tde": install.md - "1.1 Via apt": apt.md - "1.2 Via yum": yum.md @@ -189,7 +189,7 @@ nav: - "Technical Reference": - "Overview": advanced-topics/index.md - "Architecture": architecture/index.md - - "GUC Variables": variables.md + - "GUC variables": variables.md - "Functions": functions.md - "Streaming Replication with tde_heap": replication.md - "TDE Operations": @@ -204,8 +204,9 @@ nav: - "Decrypt an Encrypted Table": how-to/decrypt.md - "Restore an encrypted pg_tde backup": how-to/restore-backups.md - faq.md - - "Release Notes": + - "Release notes": - "pg_tde release notes": release-notes/release-notes.md + - release-notes/release-notes-v1.0.md - release-notes/rc2.md - release-notes/rc.md - release-notes/beta2.md diff --git a/contrib/pg_tde/documentation/variables.yml b/contrib/pg_tde/documentation/variables.yml index 9d4aa480f8364..2938e44a53a96 100644 --- a/contrib/pg_tde/documentation/variables.yml +++ b/contrib/pg_tde/documentation/variables.yml @@ -1,9 +1,11 @@ #Variables used throughout the docs -release: 'RC2' +tdeversion: '1.0' +release: '1.0' pgversion17: '17.5' -tdebranch: TDE_REL_17_STABLE +tdebranch: release-17.5.2 date: + GA10: '2025-06-30' RC2: '2025-05-29' RC: '2025-03-27'