From b3e4113e237b7dbf8c8721e8b24daf3bd807714a Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Tue, 22 Jul 2025 17:14:29 +0300 Subject: [PATCH 1/2] add 2.0 release note - initial document - add new date variable for 2.0 release --- .../docs/release-notes/release-notes-v2.0.md | 30 +++++++++++++++++++ contrib/pg_tde/documentation/variables.yml | 1 + 2 files changed, 31 insertions(+) create mode 100644 contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md new file mode 100644 index 0000000000000..5f7069364f977 --- /dev/null +++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md @@ -0,0 +1,30 @@ +# pg_tde 2.0 ({{date.2.0}}) + +The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)](../index/index.md) to PostgreSQL and enables you to keep sensitive data safe and secure. + +[Get Started](../install.md){.md-button} + +## Release Highlights + +* **WAL encryption is still in Beta** + +The WAL encryption feature is currently still in beta and is not effective unless explicitly enabled. **It is not yet production ready.** Do **not** enable this feature in production environments. + +## Known issues + +* The default `mlock` limit on Rocky Linux 8 for ARM64-based architectures equals the memory page size and is 64 Kb. This results in the child process with `pg_tde` failing to allocate another memory page because the max memory limit is reached by the parent process. + +To prevent this, you can change the `mlock` limit to be at least twice bigger than the memory page size: + +* temporarily for the current session using the `ulimit -l ` command. +* set a new hard limit in the `/etc/security/limits.conf` file. To do so, you require the superuser privileges. + +Adjust the limits with caution since it affects other processes running in your system. + +## Changelog + +### New Features + +### Improvements + +### Bugs Fixed diff --git a/contrib/pg_tde/documentation/variables.yml b/contrib/pg_tde/documentation/variables.yml index 2938e44a53a96..81e2ae6599089 100644 --- a/contrib/pg_tde/documentation/variables.yml +++ b/contrib/pg_tde/documentation/variables.yml @@ -6,6 +6,7 @@ pgversion17: '17.5' tdebranch: release-17.5.2 date: + 2.0: '2025-08-15' GA10: '2025-06-30' RC2: '2025-05-29' RC: '2025-03-27' From e9b80129271fdb9e7799f8a45e2b1708b4c2bbca Mon Sep 17 00:00:00 2001 From: Dragos Andriciuc Date: Tue, 29 Jul 2025 15:58:30 +0300 Subject: [PATCH 2/2] add more information in features, improvements and bug fixes, update highlights with WAL GA --- .../docs/release-notes/release-notes-v2.0.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md index 5f7069364f977..873022d6eb093 100644 --- a/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md +++ b/contrib/pg_tde/documentation/docs/release-notes/release-notes-v2.0.md @@ -6,9 +6,9 @@ The `pg_tde` by Percona extension brings in [Transparent Data Encryption (TDE)]( ## Release Highlights -* **WAL encryption is still in Beta** +* **WAL encryption is now Generally Available (GA)** -The WAL encryption feature is currently still in beta and is not effective unless explicitly enabled. **It is not yet production ready.** Do **not** enable this feature in production environments. +The WAL (Write-Ahead Logging) encryption feature is now fully supported and production-ready, it adds secure logging to `pg_tde`, expanding Percona's PostgreSQL encryption coverage by enabling secure, transparent encryption of write-ahead logs using the same key infrastructure as data encryption. ## Known issues @@ -25,6 +25,13 @@ Adjust the limits with caution since it affects other processes running in your ### New Features +- [PG-1037](https://perconadev.atlassian.net/browse/PG-1037) Make `pg_rewind` work with encrypted WAL + ### Improvements +- PG-1497 WAL encryption GA epic tracking issue + ### Bugs Fixed + +- [PG-1391](https://perconadev.atlassian.net/browse/PG-1391) Prevent WAL key mismatches on replicas after `pg_basebackup` +- [PG-1452](https://perconadev.atlassian.net/browse/PG-1452) `pg_tde_change_key_provider` did not work without `-D` flag even if `PGDATA` was set