DuckDB 1.5.3 & Quack Protocol; CloudNativePG 1.30 Roles & TLS
Today's Highlights
This week, DuckDB rolls out version 1.5.3 with substantial extension upgrades and introduces 'Quack', a new client-server protocol for distributed operations. We also highlight CloudNativePG 1.30's new declarative roles and passwordless TLS, enhancing PostgreSQL management on Kubernetes.
DuckDB 1.5.3: Not an Ordinary Patch Release (DuckDB Blog)
Source: https://duckdb.org/2026/05/20/announcing-duckdb-153.html
DuckDB has unveiled version 1.5.3, a release that, while officially designated as a patch, delivers a significant expansion of capabilities primarily through its robust extension ecosystem. Unlike typical minor updates focused solely on bug fixes, 1.5.3 emphasizes upgrading and enhancing bundled extensions, which in turn introduces a wealth of new features to users. This strategic approach allows DuckDB to rapidly iterate and integrate advanced functionalities, ranging from improved data ingestion methods to more sophisticated analytical processing tools, directly into the user experience without requiring a full major version cycle.
The release underscores DuckDB's commitment to continuous innovation through modularity, ensuring that its embedded analytical database remains at the forefront of performance and versatility. Developers leveraging DuckDB will find new options and improved stability across various use cases, making it even more powerful for in-process analytics. This includes updates to clients and server-side components for other ecosystem tools. This release serves as a clear indication that for DuckDB, "patch" can often mean a substantial leap forward in practical functionality for its growing user base. Users are encouraged to update to explore these new extension-driven features.
Comment: This release is a great example of how DuckDB uses its extension ecosystem to deliver significant new features, even in a 'patch' version. It's a clear signal to keep an eye on their extensions for ongoing innovation.
Quack: The DuckDB Client-Server Protocol (DuckDB Blog)
Source: https://duckdb.org/2026/05/12/quack-remote-protocol.html
DuckDB has introduced "Quack," an innovative client-server protocol designed to enable seamless communication and interaction between multiple DuckDB instances. This development marks a significant evolution for DuckDB, traditionally known as a high-performance, embedded analytical database operating within a single process. With Quack, DuckDB transcends its embedded origins by supporting true client-server deployments, facilitating capabilities such as multiple concurrent writers and remote data access, which were previously challenging to achieve.
The protocol itself is engineered for simplicity and efficiency, adhering to DuckDB's core philosophy of delivering robust performance with minimal overhead. By allowing DuckDB instances to talk to each other, Quack unlocks new architectural patterns for data pipelines, distributed analytics, and cloud-native applications where data sharing and scalability across different processes or machines are critical. This strategic enhancement broadens DuckDB's applicability, making it a viable and compelling option for scenarios that demand more than an in-process solution, while still leveraging its renowned speed and ease of use. Developers can now explore more flexible deployment models, integrating DuckDB into complex data ecosystems with greater agility and control.
Comment: Quack is a game-changer, especially for anyone wanting to scale DuckDB beyond a single embedded process or integrate it more tightly into existing client-server architectures. It opens up many new distributed use cases.
CNPG Recipe 25 - Declarative Roles and Passwordless TLS in CloudNativePG 1.30 (Planet PostgreSQL)
Source: https://postgr.es/p/9op
CloudNativePG 1.30, the leading Kubernetes operator for PostgreSQL, has rolled out a new version packed with features aimed at streamlining database management and enhancing security within cloud-native environments. A standout addition is the DatabaseRole Custom Resource Definition (CRD), which fundamentally changes how PostgreSQL roles are managed. This CRD empowers application development teams to declaratively define and manage their PostgreSQL user credentials directly within Kubernetes. This shift promotes a GitOps-friendly workflow, where database access configurations are version-controlled and deployed alongside applications, reducing manual intervention and improving consistency.
Beyond role management, CloudNativePG 1.30 significantly boosts security with its new built-in TLS client certificate issuance capabilities. This feature enables passwordless TLS connections between applications and PostgreSQL clusters. By automating the issuance and management of client certificates, the operator eliminates the need for shared passwords, a common security vulnerability. This not only strengthens the security posture of PostgreSQL deployments on Kubernetes but also simplifies the operational burden associated with certificate lifecycle management. These combined features make CloudNativePG 1.30 an even more robust and developer-friendly solution for deploying and managing highly available, secure PostgreSQL databases in a Kubernetes ecosystem, aligning perfectly with modern cloud-native best practices.
Comment: For Kubernetes users, declarative roles and built-in passwordless TLS in CloudNativePG 1.30 are huge wins for security and operational simplicity when managing PostgreSQL. This simplifies credential management significantly.
Top comments (0)