Changelog

The following are recent changes in the Crunchy Bridge product. Each is marked as to whether it applies to a core Postgres feature, a UI change in the Crunchy dashboard, an update to our docs, an update to the Crunchy CLI (command line interface), or a change to the platform's REST API.

feature

Extended periods for metric views

Cluster metrics in the Dashboard support two new time ranges of 1 week and 30 days, significantly increasing the allowable lookback period. Extended periods are facilitated by a histogram-based aggregates system that makes ranging over long durations less costly to carry out.

feature

Folder view for Saved Queries

Saved queries can now be sorted into folders to help organize them. Queries can either be top level, or stored one level deep in a folder. Nested folders are not currently supported as of this release.

feature

Automatic weekly statistics reset

Clusters can opt-in to have their statistics reset on a weekly basis with pg_stat_statements_reset() run automatically at the beginning of Sunday UTC. This helps keep query-related database insights more relevant by regularly pruning stale information. Enable the feature on a cluster's Settings page and looking for the Reset statistics weekly toggle. New clusters have it enabled by default.

feature

You can connect a cluster to AWS PrivateLink, GCP Private Service Connect, or Azure Private Link from the cluster Networking tab. See additional details in the Private Link docs.

feature

Self-service VPC peering

You can create network peering connections from inside the dashboard in the Team Settings → Networks for AWS and GCP. See additional details in the VPC peering docs.

feature

GCP storage rate increase

The price of storage on GCP has changed from $0.10 per GB to $0.23 per GB, effective February 1st, and will apply to both existing and newly provisioned clusters. The price change in Bridge is due to an increase in disk pricing on GCP.

postgres

pgvector version 0.6.0 is now available

The pgvector extension has been updated to v0.6.0 and now supports parallel index builds for HNSW. Existing clusters can use the Refresh Instance button from the Settings tab to receive the update.

For full release notes, please review the pgvector changelog.

feature

Account notification settings

The kinds of notifications received from Crunchy Bridge are now configurable in Dashboard under Account Settings → Notifications, allowing users to opt out of being emailed on actions they're not interested in.

Most notifications are configurable, but some related to account security (e.g. email changed or password changed) are not.

feature

Cluster groups with Citus support

Cluster groups are now available with support Citus Postgres extension that enables horizontal scalability with distributed storage and queries, along with columnar storage.

Create a cluster group in the Crunchy Dashboard under Team Settings → Cluster Groups, then add clusters to it from the same page.

feature

Saved queries can now return up to 50,000 rows

Saved Queries in the Dashboard or API can now return up to 50,000 rows in their CSV and JSON results, up from the previous maximum of 10,000. As before, there's a limit on query results of 10 MB.

CSV or JSON must be used to get the extended result set. The maximum number of rows returned in the web UI is 1,000.

feature

A new `standard-4` instance is now available on AWS

A new standard-4 is now available to provision on AWS, coming with 4 GB of memory and 1 vCPU, with baseline IOPS of 2,500 and a maximum of 20,000.

standard-4 is available at a base price point of $70.

postgres

`pg_uuidv7` extension now available

The pg_uuidv7 extension is now available for your Postgres clusters.

pg_uuidv7 adds support for creating and using version 7 UUIDs in Postgres.

postgres

`postgresql_panonymizer` extension now available

The postgresql_anonymizer extension is now available for your Postgres clusters.

postgresql_anonymizer is an extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database.

feature

Custom OpenID Connect providers

Bridge accounts can now be created by registering a custom OpenID Connect provider, enabling access to a wider variety of identity providers and self-hosted providers. Go to OpenID Connect provider registration, verify your provider's domain, fill in client details, then complete a successful login with it to be redirected back to Bridge.

OpenID Connect providers must support the WebFinger protocol so that Bridge can verify the identity of a user with a provider before it's allowed to be added.

feature

Accounts with SSO enabled can remove a password credential

Passwords that are associated with both an SSO (single sign-on) provider and a password credential can now remove the latter to help better shore up the security of their account and that of teams they're members of. Passwords are considered more susceptible to attacks like credential stuffing, and the use of SSO gives administrators a faster and more definitive way of widely managing membership. Removing a password is a one-way operation. After removal, a password can't be added back.

Team administrators can go to the Members page of their teams and look for "SSO-only" badges to see which members only authenticate via SSO versus which also have a password, and may wish to ask the latter to remove their password.

Accounts can remove their password by visiting Account Settings → Authentication and looking for the "Remove Password" section. If there isn't one, no password is set.

feature

Teams can be configured to allow automatic joining via SSO

Teams can now be configured so that they allow other accounts to join them automatically, as long as they're authenticated with the same SSO (single sign-on) provider and domain. For example, a team could be configured so that as long as a new account is authenticated through Google and have a @crunchydata.com email address, the account could join the team themselves without going through the traditional team member invite loop.

Automatic joining can be configured for a team under Team Settings → General.

Teams can be joined under Account Settings → Join Team.

postgres

Postgres 16 is now default

With Postgres 16 available since September and 16.1 now released with fixes for three CVEs and 55 bugs (some of which affected previous versions as well), we've made it the default major version for newly created clusters.

postgres

pgvector 0.5.1 is now available

The pgvector extension has been updated to v0.5.1. Existing clusters can use the Refresh Instance button from the Settings tab to receive the update.

For full release notes, please review the pgvector changelog.

postgres

New Postgres servers will get a `random_page_cost` of 1.1

Postgres' random_page_cost setting specifies the rough estimate of random reads compared to sequential ones, and helps the planner decide whether to prefer index lookups to sequential scans. Postgres' default value of 4 was originally set in 2005, a time when spinning mechanical disks were much more prolific than the SSDs generally in use today. Our testing on the three major clouds showed roughly a 5-8% cost difference between sequential and random reads, suggesting that the default random_page_cost was much too high for these environments. New Postgres servers will get a value of 1.1 instead of 4.

dashboard

Security badges for MFA and SSO-only in team member list

The list of team members for each team now shows badges indicating whether each team member has MFA (multi-factor authentication) enabled and whether their account authenticates exclusively by SSO (single sign-on) and doesn't have a password credential. This allows admins to vet the security compliance of members on their teams and reach out to those who should shore up their security posture.

dashboard

Redesigned Dashboard layout

Redesigned the layout to improve usability of navigating around the Bridge Dashboard. Includes: - Persistent team links in top navigation bar. - Cluster dropdown that supports changing to clusters in other teams. - Some navigation moves to the left sidebar where more space is available instead of staying soley vertical.

postgres

`timescaledb` extension now available

timescaledb is now available for your Postgres cluster.

timescaledb provides automatic partitioning of time-series data, events, and analytics.

postgres

`pglogical` extension now available

pglogical is now available for your Postgres cluster.

pglogical provides logical streaming replication for PostgreSQL, using a publish/subscribe model.

dashboard

Disk usage metrics

The metrics page now includes disk usage, which visualizes database sizes, log size, and WAL size.

dashboard

Saved Queries SQL Assistant

Write plain text descriptions of queries and our AI-powered SQL Assistant can generate the corresponding SQL. Opt-in to share your schema for more accurate queries.

dashboard

Saved Queries in Dashboard

Introducing Saved Queries: Create shareable SQL queries that run against a cluster. Export Saved Queries to JSON and CSV, or embed directly into Google Sheets.

dashboard

Production check in Dashboard

Ever wondered if your database cluster is ready for production use? There is now a production check link under 'Cluster Overview' in the Dashboard that provides detailed recommendations.

postgres

Postgres 15 is now default

With three patch versions of Postgres 15 now released, and having been GA since October 2022, we've made it the default major version for newly created clusters.

postgres

Postgres 12 has been retired

To encourage users to use more modern versions of Postgres, it's no longer generally possible to provision new clusters on Postgres 12. Teams that already have Postgres 12 clusters may continue to do so for the time being, but we'd encourage them to start looking into upgrading major versions as well.

dashboard

Command palette v1

We have added an experimental command palette to the Dashboard. It currently supports a series of quick navigation commands for teams and clusters, and can be opened using the ⌘ + K (or Ctrl + K for windows). More coming soon.

postgres

`clickhouse_fdw` and `pg_repack` extensions now available

Two new extensions are now available for your Postgres cluster.

The clickhouse_fdw extension allows you to connect and interact with a foreign ClickHouse database.

The pg_repack extension allows you to remove bloat and restore the physical order of clustered indexes without holding exclusive locks.

feature

Personal teams are now normal teams

Every new Bridge account automatically has a new team created for its personal use. Previously, this team appeared as Personal in the Bridge Dashboard, and although it behaved similarly to normal teams, it had some limitations like that no additional team members could be added to it.

Personal teams have been changed so they're now just normal teams that behave the same as every other team. They now appear in Dashboard with a name like Joe's team or Jane's team depending on the name of the owner, but can be renamed to anything.

feature

Multi-factor authentication

Crunchy Bridge now supports TOTP (time-based one-time password) and WebAuthn (biometric and Yubikey) multi-factor authentication (MFA) to better secure your account. It can be enabled from My Account → Authentication.

SSO-based (single sign-on) accounts can also enable MFA to be required on sensitive operations like creating a new API key.

postgres

`mongo_fdw` and `postgresql-hll` extensions are now available

Two new extensions are now available for your Postgres cluster.

The mongo_fdw extension allows you to connect and interact with a foreign MongoDB database.

The postgresql-hll extension enables the data structure and data type for HyperLogLog.

api

Event `role.password_revealed` has been deprecated

The event role.password_revealed has been retired and is no longer generated. Our findings that were many users would reveal credentials programmatically and generate these in quantities large enough to drown out other events in the audit log, making it less useful. We'd encourage users to use role-based credentials instead to improve visibility into who has database credentials.

postgres

Improved logging defaults for Postgres

We have modified our default logging configuration for Postgres including log_min_duration_statement, log_statement, log_lock_waits, log_min_messages and log_temp_files.

They provide you with better visiblity into how your database is behaving and performing.

dashboard

Can create multiple API Keys

We have updated our API Key functionality to allow you to create multiple keys. Keys also have an optional expiration date. This feature can be found in your account settings.

api

Email on API key creation

Account owners are now alerted by email when a new API key is added to their account. Normally it's safe to ignore these notifications, but they provide a notice of possible suspicious activity in case the API key was not created by the account holder.

postgres

pgvector and mysql_fdw extensions are now available

Two new extensions are now availble for your Postgres cluster.

The pgvector extension enables similarity search.

The mysql_fdw extension allows to connect and interact with a foreign MySQL database.

dashboard

Personal team certificate available in Dashboard

Every Crunchy Bridge account has a Personal team by default.

The root certificate for this personal team can now be downloaded via the dashboard. This certificate can be used locally to secure and verify connections to your personal team cluster(s).

postgres

hypopg and pg_ivm extensions now available

Two new extensions are now availble for your Postgres cluster.

The hypopg extension allows for the creation of hypothetical indexes. These can be useful for testing indexes without actually creating them.

The pg_ivm extension allows for incremental updating of materialized views. With this approach, incremental changes are computed and applied, rather than the entirety of the contents.

docs

Remove schedule maintenance endpoint

An unfinished endpoint for scheduling a cluster maintenance was accidentally leaked in to the docs. We've removed this endpoint documentation. User's should instead use POST /clusters/:id/upgrade endpoint utilizing the starting_from parameter to explicitly schedule a cluster maintenance for a specific time.

feature

Create replicas of replicas

The API now allows creating replicas of replicas.

This feature can be useful to ensure that before detaching an existing read replica that it has it's own replicas in place and available to handle traffic.

feature

Tailscale

It is now possible to connect a cluster to your Tailscale network. Connections can be configured in your cluster on the Networking tab.

feature

Additional region support

Clusters can now be provisioned in AWS EU-West-2 (London) and GCP Asia-Southeast1 (Singapore) regions.

postgres

Postgres 15 is now available

Postgres 15 is now available. The new major features improved sorting performance, the MERGE command, and adds more capabilities for observing the state of the database. See the release notes for more details.

dashboard

Added Vacuum Stats and Table Size Insights

We have added two more cluster insight views: - Vacuum statistics - Table sizes

You can find these insights in your cluster under the Insights tab.

dashboard

Application specific connection instructions

We have added application specific instructions for connecting to your cluster. We launched with support for: - Prisma (Javascript) - Rails (Ruby) - Laravel (PHP) - Phoenix (Elixir) - Spring (Java) - Django (Python)

You can find these in a new Connection tab on existing clusters.

dashboard

Database Insights

Get insight data on your database directly in your dashboard.

Cache Hit Ratio, Index Hit Ratio, Read %, and more.

dashboard

See active roles on a cluster

Crunchy Bridge users may use the Cluster > Roles page to see which users have a role on the primary cluster and read replicas.

docs

Postgres Playground Launched

Learn Postgres interactively in your browser with a series of helpful tutorials from the basics of querying in psql to more advanced lessons on optimizing performance. Check out the Postgres Playground today!

feature

Invoice emails contain PDF attachments

Invoice emails that go out on the first day of the month now contain a PDF rendering of the invoice as an attachment. Aside from being more convenient to reference (and forward) without logging in, we expect this to be helpful for archival purposes.

feature

Terraform provider now available

Crunchy Bridge users who use Hashicorp's Terraform tool for provisioning infrastructure can now include Crunchy Bridge clusters among their managed resources by using the newly released crunchybridge provider.

The initial release includes support for creating, deleting, scaling up, and other cluster updates. The connection string to managed clusters can easily be configured as parameters to other Terraform modules.

Visit the documentation for the Crunchy Bridge provider to get started.

feature

Protected clusters

Clusters can now be set to "protected" by managers and admins, which makes them undestroyable unless protection is removed first. Protection can be enabled from a cluster's overview page by selecting "Cluster Actions" → "Enable Protection".

It can also be enabled from the API by setting is_protected on the update cluster endpoint.

api

API key authentication

As a developer convenience, API keys can now be used as a Bearer token in the Authentication header to authenticate with the API key directly, rather than having to produce an access tokens first. We still recommend the use of shorter-lived access tokens to reduce the chances of exposure for security-critical programs.

See getting started with the API for more information.

postgres

Postgres 14 is now default, again

Now that Postgres 14.4 which addresses a major bug in Postgres' INDEX and REINDEX CONCURRENTLY commands has been available for some time and showing good results, Postgres 14 is once again the default version provisioned with new Bridge clusters.

api

Signed access tokens

Access tokens are now ephemeral signed objects rather than records persisted to the database. Procuring and authenticating with them stays identical to before.

A side effect of signing is that access tokens are now longer. For best results, continue treating an access token's secret as an opaque string that may be of variable length.

Since procuring an access token is now cheaper in terms of database load, we've removed the rate limit on creating them.