The following are recent changes in the Crunchy Bridge product. Each is marked as to whether it applies to a core Postgres feature, a UI change in the Crunchy dashboard, an update to our docs, an update to the Crunchy CLI (command line interface), or a change to the platform's REST API.
pg_hint_plan extension is now available
The pg_hint_plan
extension is now available to newly created clusters. Using 'hints' in SQL comments, pg_hint_plan
can adjust the execution plan of statements.
ALTER SYSTEM parameters available in Dashboard
The postgres
superuser has several configuration options through the ALTER SYSTEM
statement. These present challenges as they do not persist on failover and are not applied to standby machines. You can now change Postgres configuration parameters in the cluster settings to work around these limitations. Direct use of ALTER SYSTEM
will soon be disabled in favor of this safer configuration method.
Extended periods for metric views
Cluster metrics in the Dashboard support two new time ranges of 1 week and 30 days, significantly increasing the allowable lookback period. Extended periods are facilitated by a histogram-based aggregates system that makes ranging over long durations less costly to carry out.
Folder view for Saved Queries
Saved queries can now be sorted into folders to help organize them. Queries can either be top level, or stored one level deep in a folder. Nested folders are not currently supported as of this release.
Automatic weekly statistics reset
Clusters can opt-in to have their statistics reset on a weekly basis with pg_stat_statements_reset()
run automatically at the beginning of Sunday UTC. This helps keep query-related database insights more relevant by regularly pruning stale information. Enable the feature on a cluster's Settings page and looking for the Reset statistics weekly toggle. New clusters have it enabled by default.
Self-service Private Link
You can connect a cluster to AWS PrivateLink, GCP Private Service Connect, or Azure Private Link from the cluster Networking tab. See additional details in the Private Link docs.
Self-service VPC peering
You can create network peering connections from inside the dashboard in the Team Settings → Networks for AWS and GCP. See additional details in the VPC peering docs.
pgBouncer 1.22.0 now available
pgBouncer 1.22.0 is now available, including improvements to prepared statements support. Existing clusters can use the Refresh Instance button from the Settings tab to get it.
PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 now available
PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are now available, containing patches for CVE-2024-0985.
For full details, please review the PostgreSQL release notes.
GCP storage rate increase
The price of storage on GCP has changed from $0.10 per GB to $0.23 per GB, effective February 1st, and will apply to both existing and newly provisioned clusters. The price change in Bridge is due to an increase in disk pricing on GCP.
Bridge CLI v3.5.0 release
The bridge CLI tool (cb
) v3.5.0 has been released.
See official release for more information.
pgvector version 0.6.0 is now available
The pgvector
extension has been updated to v0.6.0 and now supports parallel index builds for HNSW. Existing clusters can use the Refresh Instance button from the Settings tab to receive the update.
For full release notes, please review the pgvector changelog.
Bridge CLI v3.4.4 release
The bridge CLI tool (cb
) v3.4.4 has been released.
See official release for more information.
Crunchy Bridge available in the Okta integration network
Crunchy Bridge is now available as part of the Okta integration network, which allows Okta to be configured as an OpenID Connect application for use with single sign-on. See documentation for how to configure Okta.
Bridge CLI v3.4.3 release
The bridge CLI tool (cb
) v3.4.3 has been released.
See official release for more information.
Bridge CLI v3.4.2 release
The bridge CLI tool (cb
) v3.4.2 has been released.
See official release for more information.
High-memory instances for GCP
High-memory instances memory-16
through memory-864
are now available for Bridge clusters provisioned under GCP (Google Cloud Platform). Instances are based on GCP's n2-highmem-*
machine types.
Account notification settings
The kinds of notifications received from Crunchy Bridge are now configurable in Dashboard under Account Settings → Notifications, allowing users to opt out of being emailed on actions they're not interested in.
Most notifications are configurable, but some related to account security (e.g. email changed or password changed) are not.
Cluster groups with Citus support
Cluster groups are now available with support Citus Postgres extension that enables horizontal scalability with distributed storage and queries, along with columnar storage.
Create a cluster group in the Crunchy Dashboard under Team Settings → Cluster Groups, then add clusters to it from the same page.
Saved queries can now return up to 50,000 rows
Saved Queries in the Dashboard or API can now return up to 50,000 rows in their CSV and JSON results, up from the previous maximum of 10,000. As before, there's a limit on query results of 10 MB.
CSV or JSON must be used to get the extended result set. The maximum number of rows returned in the web UI is 1,000.
Bridge CLI v3.4.1 release
The bridge CLI tool (cb
) v3.4.1 has been released.
See official release for more information.
A new `standard-4` instance is now available on AWS
A new standard-4
is now available to provision on AWS, coming with 4 GB of memory and 1 vCPU, with baseline IOPS of 2,500 and a maximum of 20,000.
standard-4
is available at a base price point of $70.
`pg_uuidv7` extension now available
The pg_uuidv7
extension is now available for your Postgres clusters.
pg_uuidv7
adds support for creating and using version 7 UUIDs in Postgres.
`postgresql_panonymizer` extension now available
The postgresql_anonymizer
extension is now available for your Postgres clusters.
postgresql_anonymizer
is an extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database.
`timescaledb` extension now available for Postgres 16
timescaledb
is now available for Postgres 16 clusters.
Custom OpenID Connect providers
Bridge accounts can now be created by registering a custom OpenID Connect provider, enabling access to a wider variety of identity providers and self-hosted providers. Go to OpenID Connect provider registration, verify your provider's domain, fill in client details, then complete a successful login with it to be redirected back to Bridge.
OpenID Connect providers must support the WebFinger protocol so that Bridge can verify the identity of a user with a provider before it's allowed to be added.
Accounts with SSO enabled can remove a password credential
Passwords that are associated with both an SSO (single sign-on) provider and a password credential can now remove the latter to help better shore up the security of their account and that of teams they're members of. Passwords are considered more susceptible to attacks like credential stuffing, and the use of SSO gives administrators a faster and more definitive way of widely managing membership. Removing a password is a one-way operation. After removal, a password can't be added back.
Team administrators can go to the Members page of their teams and look for "SSO-only" badges to see which members only authenticate via SSO versus which also have a password, and may wish to ask the latter to remove their password.
Accounts can remove their password by visiting Account Settings → Authentication and looking for the "Remove Password" section. If there isn't one, no password is set.
Teams can be configured to allow automatic joining via SSO
Teams can now be configured so that they allow other accounts to join them automatically, as long as they're authenticated with the same SSO (single sign-on) provider and domain. For example, a team could be configured so that as long as a new account is authenticated through Google and have a @crunchydata.com
email address, the account could join the team themselves without going through the traditional team member invite loop.
Automatic joining can be configured for a team under Team Settings → General.
Teams can be joined under Account Settings → Join Team.
Postgres 16 is now default
With Postgres 16 available since September and 16.1 now released with fixes for three CVEs and 55 bugs (some of which affected previous versions as well), we've made it the default major version for newly created clusters.
PostgreSQL 16.1, 15.5, 14.10, 13.13, and 12.17 now available
Postgres 16.1, 15.5, 14.10, 13.13, and 12.17 are now available, containing patches for CVE-2023-5868, CVE-2023-5869, and CVE-2023-5870.
For full details, please review the PostgreSQL release notes.
pgvector 0.5.1 is now available
The pgvector
extension has been updated to v0.5.1. Existing clusters can use the Refresh Instance button from the Settings tab to receive the update.
For full release notes, please review the pgvector changelog.
New Postgres servers will get a `random_page_cost` of 1.1
Postgres' random_page_cost
setting specifies the rough estimate of random reads compared to sequential ones, and helps the planner decide whether to prefer index lookups to sequential scans. Postgres' default value of 4 was originally set in 2005, a time when spinning mechanical disks were much more prolific than the SSDs generally in use today. Our testing on the three major clouds showed roughly a 5-8% cost difference between sequential and random reads, suggesting that the default random_page_cost
was much too high for these environments. New Postgres servers will get a value of 1.1 instead of 4.
Security badges for MFA and SSO-only in team member list
The list of team members for each team now shows badges indicating whether each team member has MFA (multi-factor authentication) enabled and whether their account authenticates exclusively by SSO (single sign-on) and doesn't have a password credential. This allows admins to vet the security compliance of members on their teams and reach out to those who should shore up their security posture.
Saved queries can now return up to 10,000 rows
Saved Queries in the Dashboard or API can now return up to 10,000 rows in their results, up from the previous maximum of 1,000.
pgBouncer 1.21.0 now available - "the one with prepared statements"
The pgBouncer connection pooler recently announced support for a much requested feature: prepared statements. New Crunchy Bridge clusters now have pgBouncer 1.21.0 available. Existing clusters can use the Refresh Instance button from the Settings tab to get it.
Provide your own encryption key for cluster data (BYOK)
It is now possible to provide your own encryption key for cluster data, otherwise known as Bring Your Own Key. See details in our docs.
Postgres version now visible in backups list
The list of cluster backups now shows the version of Postgres in use at the time the backup was run.
Audit logs now available for replicas
It is now possible to view audit logs for replicas in the dashboard.
Postgres 16 is now available
Postgres 16 is now available. Changes include improved logical replication, I/O monitoring and improved JSON functions. See the release notes for more details.
Backups and forks are now available across Postgres version upgrades
Backups and forks are now available across Postgres version upgrades, allowing safer upgrade operations and continous access to all your backups.
Redesigned Dashboard layout
Redesigned the layout to improve usability of navigating around the Bridge Dashboard. Includes: - Persistent team links in top navigation bar. - Cluster dropdown that supports changing to clusters in other teams. - Some navigation moves to the left sidebar where more space is available instead of staying soley vertical.
Bridge CLI v3.4.0 release
The bridge CLI tool (cb
) v3.4.0 has been released.
See official release for more information.
`timescaledb` extension now available
timescaledb
is now available for your Postgres cluster.
timescaledb
provides automatic partitioning of time-series data, events, and analytics.
Metrics data visualization improvements
Metric data visualizations now have better tooltips, legends, labels, and more.
Postgres versions 15.4, 14.9, 13.12, and 12.16 now available
Postgres 15.4, 14.9, 13.12, and 12.16 are now available, containing patches for CVE-2023-39417 and CVE-2023-39418.
For full details, please review the PostgreSQL release notes.
`pglogical` extension now available
pglogical
is now available for your Postgres cluster.
pglogical
provides logical streaming replication for PostgreSQL, using a publish/subscribe model.
Disk usage metrics
The metrics page now includes disk usage, which visualizes database sizes, log size, and WAL size.
Support for range types in query API and saved queries
The query API and saved queries in Dashboard now support Postgres range types in query results, such that they're formatted similarly to clients like psql.
Saved Queries SQL Assistant
Write plain text descriptions of queries and our AI-powered SQL Assistant can generate the corresponding SQL. Opt-in to share your schema for more accurate queries.
Saved Queries in Dashboard
Introducing Saved Queries: Create shareable SQL queries that run against a cluster. Export Saved Queries to JSON and CSV, or embed directly into Google Sheets.
Production check in Dashboard
Ever wondered if your database cluster is ready for production use? There is now a production check link under 'Cluster Overview' in the Dashboard that provides detailed recommendations.
Postgres 15 is now default
With three patch versions of Postgres 15 now released, and having been GA since October 2022, we've made it the default major version for newly created clusters.
Postgres 12 has been retired
To encourage users to use more modern versions of Postgres, it's no longer generally possible to provision new clusters on Postgres 12. Teams that already have Postgres 12 clusters may continue to do so for the time being, but we'd encourage them to start looking into upgrading major versions as well.
Additional Azure region support
Clusters can now be provisioned in Azure West US 3 (Arizona) region.
Command palette v1
We have added an experimental command palette to the Dashboard. It currently supports a series of quick navigation commands for teams and clusters, and can be opened using the ⌘ + K (or Ctrl + K for windows). More coming soon.
Bridge CLI v3.3.3 release
The bridge CLI tool (cb
) v3.3.3 has been released.
See official release for more information.
Postgres versions 15.3, 14.8, 13.11, and 12.15 now available
Postgres 15.3, 14.8, 13.11, and 12.15 are now available, containing patches that address CVE-2454 and CVE-2455.
For full release notes, please review the PostgreSQL release notes.
`clickhouse_fdw` and `pg_repack` extensions now available
Two new extensions are now available for your Postgres cluster.
The clickhouse_fdw
extension allows you to connect and interact with a foreign ClickHouse database.
The pg_repack
extension allows you to remove bloat and restore the physical order of clustered indexes without holding exclusive locks.
Bridge CLI v3.3.2 release
The bridge CLI tool (cb
) v3.3.2 has been released.
See official release for more information.
Bridge CLI v3.3.0 release
The bridge CLI tool (cb
) v3.3.0 has been released.
See official release for more information.
Personal teams are now normal teams
Every new Bridge account automatically has a new team created for its personal use. Previously, this team appeared as Personal
in the Bridge Dashboard, and although it behaved similarly to normal teams, it had some limitations like that no additional team members could be added to it.
Personal teams have been changed so they're now just normal teams that behave the same as every other team. They now appear in Dashboard with a name like Joe's team
or Jane's team
depending on the name of the owner, but can be renamed to anything.
Multi-factor authentication
Crunchy Bridge now supports TOTP (time-based one-time password) and WebAuthn (biometric and Yubikey) multi-factor authentication (MFA) to better secure your account. It can be enabled from My Account → Authentication.
SSO-based (single sign-on) accounts can also enable MFA to be required on sensitive operations like creating a new API key.
`mongo_fdw` and `postgresql-hll` extensions are now available
Two new extensions are now available for your Postgres cluster.
The mongo_fdw
extension allows you to connect and interact with a foreign MongoDB database.
The postgresql-hll
extension enables the data structure and data type for HyperLogLog.
Event `role.password_revealed` has been deprecated
The event role.password_revealed
has been retired and is no longer generated. Our findings that were many users would reveal credentials programmatically and generate these in quantities large enough to drown out other events in the audit log, making it less useful. We'd encourage users to use role-based credentials instead to improve visibility into who has database credentials.
Improved logging defaults for Postgres
We have modified our default logging configuration for Postgres including log_min_duration_statement
, log_statement
, log_lock_waits
, log_min_messages
and log_temp_files
.
They provide you with better visiblity into how your database is behaving and performing.
Bridge CLI v3.2.0 release
The bridge CLI tool (cb
) v3.2.0 has been released.
See official release for more information.
Can create multiple API Keys
We have updated our API Key functionality to allow you to create multiple keys. Keys also have an optional expiration date. This feature can be found in your account settings.
Email on API key creation
Account owners are now alerted by email when a new API key is added to their account. Normally it's safe to ignore these notifications, but they provide a notice of possible suspicious activity in case the API key was not created by the account holder.
Postgres 15.2 and Postgres 14.7 are now available
Postgres 15.2 and Postgres 14.7 are now available.
For full release notes, please review the PostgreSQL release notes.
pgvector and mysql_fdw extensions are now available
Two new extensions are now availble for your Postgres cluster.
The pgvector
extension enables similarity search.
The mysql_fdw
extension allows to connect and interact with a foreign MySQL database.
Replica destroy endpoint deprecated
The destroy replica endpoint has been deprecated in favor of the normal destroy cluster endpoint. Behavior is identical except without the requirement to also include the ID of the parent cluster in the URL.
Clusters now have a metrics page
We have added a page to visualize metrics for your cluster. This feature can be found in Cluster > Metrics.
Personal team certificate available in Dashboard
Every Crunchy Bridge account has a Personal team by default.
The root certificate for this personal team can now be downloaded via the dashboard. This certificate can be used locally to secure and verify connections to your personal team cluster(s).
hypopg and pg_ivm extensions now available
Two new extensions are now availble for your Postgres cluster.
The hypopg
extension allows for the creation of hypothetical indexes. These can be useful for testing indexes without actually creating them.
The pg_ivm
extension allows for incremental updating of materialized views. With this approach, incremental changes are computed and applied, rather than the entirety of the contents.
Remove schedule maintenance endpoint
An unfinished endpoint for scheduling a cluster maintenance was accidentally leaked in to the docs. We've removed this endpoint documentation. User's should instead use POST /clusters/:id/upgrade
endpoint utilizing the starting_from
parameter to explicitly schedule a cluster maintenance for a specific time.
Create replicas of replicas
The API now allows creating replicas of replicas.
This feature can be useful to ensure that before detaching an existing read replica that it has it's own replicas in place and available to handle traffic.
Bridge CLI v3.1.0 release
The bridge CLI tool (cb
) v3.1.0 has been released.
See official release for more information.
Rotate passwords from DB roles from Dashboard
The roles table now has an option to rotate the password for each role. This will work for default roles like postgres
as well as all user roles.
Tailscale
It is now possible to connect a cluster to your Tailscale network. Connections can be configured in your cluster on the Networking tab.
Additional region support
Clusters can now be provisioned in AWS EU-West-2 (London) and GCP Asia-Southeast1 (Singapore) regions.
Bridge CLI v3.0.0 release
The bridge CLI tool (cb
) v3.0.0 has been released.
See official release for more information.
New Graviton-based `hobby-0` and `hobby-1` instances available on AWS
New smaller plans hobby-0
and hobby-1
are available to provision on AWS, coming with 512 MB and 1 GB of memory respectively. These are based on EC2's T4g instances, which are powered by ARM-based Graviton 2 processors.
hobby-0
is available at a base price point of $9 ($10 with a 10 GB disk), the lowest ever for a Bridge plan.
Postgres 15 is now available
Postgres 15 is now available. The new major features improved sorting performance, the MERGE
command, and adds more capabilities for observing the state of the database. See the release notes for more details.
Google Marketplace now available
Crunchy Bridge can now be provisioned directly through Google Marketplace to take advantage of its consolidated billing. See Crunchy Bridge on Google Marketplace.
Added Vacuum Stats and Table Size Insights
We have added two more cluster insight views: - Vacuum statistics - Table sizes
You can find these insights in your cluster under the Insights tab.
Added Hasura connection instructions
Get connection instructions for Hasura Cloud in your cluster.
You will find the instructions under the Connection tab.
Application specific connection instructions
We have added application specific instructions for connecting to your cluster. We launched with support for: - Prisma (Javascript) - Rails (Ruby) - Laravel (PHP) - Phoenix (Elixir) - Spring (Java) - Django (Python)
You can find these in a new Connection tab on existing clusters.
Database Insights
Get insight data on your database directly in your dashboard.
Cache Hit Ratio, Index Hit Ratio, Read %, and more.
Bridge CLI v2.2.1 release
The bridge CLI tool (cb
) v2.2.1 has been released.
See official release for more information.
See active roles on a cluster
Crunchy Bridge users may use the Cluster > Roles page to see which users have a role on the primary cluster and read replicas.
Bridge CLI v2.2.0 release
The bridge CLI tool (cb
) v2.2.0 has been released.
See official release for more information.
Postgres Playground Launched
Learn Postgres interactively in your browser with a series of helpful tutorials from the basics of querying in psql to more advanced lessons on optimizing performance. Check out the Postgres Playground today!
Invoice emails contain PDF attachments
Invoice emails that go out on the first day of the month now contain a PDF rendering of the invoice as an attachment. Aside from being more convenient to reference (and forward) without logging in, we expect this to be helpful for archival purposes.
Terraform provider now available
Crunchy Bridge users who use Hashicorp's Terraform tool for provisioning infrastructure can now include Crunchy Bridge clusters among their managed resources by using the newly released crunchybridge provider.
The initial release includes support for creating, deleting, scaling up, and other cluster updates. The connection string to managed clusters can easily be configured as parameters to other Terraform modules.
Visit the documentation for the Crunchy Bridge provider to get started.
Protected clusters
Clusters can now be set to "protected" by managers and admins, which makes them undestroyable unless protection is removed first. Protection can be enabled from a cluster's overview page by selecting "Cluster Actions" → "Enable Protection".
It can also be enabled from the API by setting is_protected
on the update cluster endpoint.
Create and access physical backups on AWS and Azure
Clusters running on AWS and Azure can now have a physical backup started via the API or Dashboard. Once complete, the physical backup files can be accessed directly.
API key authentication
As a developer convenience, API keys can now be used as a Bearer
token in the Authentication
header to authenticate with the API key directly, rather than having to produce an access tokens first. We still recommend the use of shorter-lived access tokens to reduce the chances of exposure for security-critical programs.
See getting started with the API for more information.
Postgres 14 is now default, again
Now that Postgres 14.4 which addresses a major bug in Postgres' INDEX
and REINDEX CONCURRENTLY
commands has been available for some time and showing good results, Postgres 14 is once again the default version provisioned with new Bridge clusters.
Signed access tokens
Access tokens are now ephemeral signed objects rather than records persisted to the database. Procuring and authenticating with them stays identical to before.
A side effect of signing is that access tokens are now longer. For best results, continue treating an access token's secret as an opaque string that may be of variable length.
Since procuring an access token is now cheaper in terms of database load, we've removed the rate limit on creating them.
Azure Marketplace integration now available
Crunchy Bridge can now be provisioned directly through your Azure Marketplace account if you would like to consolidate billing.
The availability of Crunchy Bridge on Azure Marketplace now provides users with a fully managed Postgres service from the Postgres experts at Crunchy Data.