Release notes v2.4.0
Release highlights
- Version name: ClusterControl 2.4.0
- State: Latest (long-term support)
- First release date: March 9th, 2026
- Maintenance status: Active
- Total maintenance builds: 8
- Last release date: N/A
- PostgreSQL new user management GUI
- Prometheus monitoring endpoints are secured with basic authentication and TLS encryption by default, protecting metrics data in transit.
- Faster cluster info retrieval through a new caching layer. Users managing large numbers of clusters should notice faster page loads and API responses.
- CMON controller pool for ClusterControl scalability
- ClusterControl MCP Server. See Reference Manual → MCP Server and Tutorials → Managing Clusters using ClusterControl MCP.
- Incremental PostgreSQL backups with
pg_basebackup.
- HAProxy node discovery now uses internal hostnames by default, reducing false alarms and improving reliability in environments where database nodes are registered by internal or data hostnames.
- Improved Kubernetes secret handling reliability.
- ClusterControl now automatically downloads, verifies, and refreshes expired MongoDB GPG keys, including support for MongoDB Enterprise. This prevents deployment and maintenance failures caused by expired signing keys.
- Support MaxScale 24.x.
- Rebuild Replication Slave feature to rebuild a replica cluster for cluster-to-cluster Galera replication.
- Drop support for new cluster deployments for MongoDB-related clusters 6.0 and older.
- CMON HA support is deprecated, in favour of CMON controller pool.
- CMON Controller Pool does not support HA setup yet. This will be included in the upcoming release.
- Follow standard upgrade procedures as outlined in the documentation.
Maintenance Release: June 15th, 2026
-
Build:
- s9s-tools-1.9.2026061509 (ClusterControl CLI)
-
New & Improved:
- List binlog backups from the CLI. A new
s9s backup --list-binlog-backupscommand lists binary-log backups — previously the CLI only listed full and incremental backups. Output now includes the originating host, PID, and a human-readable creation time, making it suitable for per-cluster binlog usage reporting and accounting. - Delete local backups after a successful cloud upload. The s9s backup
--delete-after-uploadoption is now available, so scheduled backups that upload to cloud storage can automatically free local disk space once the upload completes. - PostgreSQL: Configure
summarize_walfrom the CLI. Thenodecommand now accepts--summarize-walto trigger a Configure WAL operation. Turning this on enables incremental pg_basebackup backups (the setting is OFF by default). - Set a cluster read-write from the CLI. A new
--set-read-writeoption lets you switch cluster/node access mode directly from s9s. - NDB Cluster: tune data memory at deploy time.
s9s cluster --createfor NDB now accepts--ndb-data-memory-ratioto sizeDataMemoryas a proportion of host RAM.
- List binlog backups from the CLI. A new
-
Fixed:
- PostgreSQL user management: deleting a user with no database objects now works. Previously, deleting a user that owned no objects could fail with an error; the CLI now forwards the correct delete flag so the user is removed cleanly.
pool-controllers --assignmenthelp and documentation corrected — the inline help text and man-page examples now match the actual option behavior.
Maintenance Release: June 8th, 2026
-
Build:
- clustercontrol-controller-2.4.0-20548
- clustercontrol-mcc-2.4.0-875
- clustercontrol2-2.4.0-2307
- clustercontrol-proxy-2.4.0-187
-
Improvements:
- ProxySQL v3 can now be selected as the load balancer when deploying or adding ProxySQL on MySQL 8.0/8.4 clusters, both from the controller and the deployment UI. (CLUS-7082, CLUS-7631)
- Added a copy button next to hostnames in the node list, making it easier to grab a node's address. (CLUS-7614)
- Exposed several previously hardcoded controller timers and behaviors as
cmon.cnfkeys — includingcluster_info_cache_refresh_intervalandenable_orphan_shutdown— giving operators of large fleets finer control over refresh and cleanup intervals. (CLUS-7584)
-
Bug Fixes:
- Backups
- Fixed a misleading "PgBackRest configuration is invalid" alarm that appeared under the Node component after a database node went down, even when the pgBackRest configuration was valid. (CLUS-7460)
- Monitoring & Deployment
- Fixed the system log being flooded every second with
[email protected]messages on database nodes behind an HAProxy load balancer. (CLUS-6629) - The ClusterControl proxy now supports configuring the
X-Frame-Optionsresponse header, and includes a reliability fix for pooled-controller setups (errors are no longer silently swallowed). (proxy build 2.4.0-187)
- Fixed the system log being flooded every second with
- Replication & Stability
- Fixed a CMON segfault that could occur while running DSL advisor scripts on environments with many clusters. (CLUS-7649)
- Fixed a CMON crash that could occur when a scheduled backup ran concurrently with other cluster activity. (CLUS-7562)
- Fixed some clusters failing to load in large ("pool mode") deployments managing 100+ clusters, including a heap-corruption mitigation in the process-spawn path (now using
posix_spawn). (CLUS-7578, CLUS-7621) - Fixed MSSQL Always On clusters firing a spurious "failover to new primary" during cluster bootstrap, before the availability group had finished forming. (CLUS-7632)
- Fixed missing alarms when a replication slave thread breaks in a cross-cluster replication setup, so the outage is now alerted as expected. (CLUS-7409)
- UI
- Fixed being unable to select cloud credentials in the relevant wizards. (CLUS-7615)
- Backups
Maintenance Release: May 27th, 2026
-
Build:
- clustercontrol-controller-2.4.0-19927
-
Bug fixes:
- Monitoring & Deployment
- Fixed Redis metrics not appearing on the dashboard for clusters deployed without TLS. The
redis_exporterwas being configured to connect over TLS (rediss://) even when Redis itself was running in plain TCP mode, so the exporter could not connect and no metrics were collected. The exporter connection now matches the cluster's actual TLS setting. (CLUS-7548)
- Fixed Redis metrics not appearing on the dashboard for clusters deployed without TLS. The
- Monitoring & Deployment
Maintenance Release: May 25th, 2026
-
Build:
- clustercontrol-controller-2.4.0-19892
- clustercontrol-mcc-2.4.0-856
- clustercontrol2-2.4.0-2291
-
Bug fixes:
- Backups
- Fixed a broken Percona Backup for MongoDB (PBM) noarch repo URL in the
percona.pbm.repotemplate, which causeddnfmetadata download failures on Rocky Linux 8 during PBM agent installation. (CLUS-7518)
- Fixed a broken Percona Backup for MongoDB (PBM) noarch repo URL in the
- Security & Access Control
- Hardened read-only user enforcement: read-only accounts can no longer terminate running database queries from the UI, and the controller now rejects
deleteAccountrequests originating from read-only users. (CLUS-7244, CLUS-7311) - Improved password masking in error reports so that credentials are properly redacted across all reported code paths when masking is enabled. (CLUS-6958)
- Hardened read-only user enforcement: read-only accounts can no longer terminate running database queries from the UI, and the controller now rejects
- Monitoring & Deployment
- Fixed offline installation of Redis Cluster, which previously still required downloading the
remirepository package from the internet. (CLUS-7493)
- Fixed offline installation of Redis Cluster, which previously still required downloading the
- Replication & Stability
- Fixed the "retry SSH connection" action not working for nodes in sharded Valkey/Redis clusters. (CLUS-7199)
- Fixed Galera cluster auto-rename producing
~1twice instead of incrementing to~2, and resolved display inconsistencies in the resulting cluster name. The renamed value is now persisted to the cluster config. (CLUS-7512) - Fixed a MariaDB Galera race where cmon DDL operations during cluster deployment could randomly hit
errno 1950(out-of-order GTID) undergtid_strict_mode. The cluster-securing step now setssql_log_bin=0alongsidewsrep_on=0so the local binlog seqno no longer advances past the wsrep-coordinated cluster seqno. (CLUS-7513)
- UI
- Dashboards now keep refreshing when the first Prometheus fetch returns empty results, instead of stalling on freshly-deployed Prometheus servers. (CLUS-7396)
- Restored the "Rebuild Replication Slave" action in the UI for cross-cluster asynchronous replication topologies. (CLUS-7405)
- Backups
Maintenance Release: May 13th, 2026
-
Build:
- clustercontrol-controller-2.4.0-19549
- clustercontrol-mcc-2.4.0-842
- clustercontrol2-2.4.0-2278
-
Improvements:
- MaxScale 24.x Support — ClusterControl now supports MaxScale 24.x while preserving backward compatibility with earlier versions. Supported distributions include AlmaLinux 8/9, CentOS 9, Debian 11/12, Rocky Linux 8/9, and Ubuntu 22/24. (CLUS-7444)
- Cross-cluster Replication — Added the missing “Rebuild Replication Slave” action for Galera nodes participating in cross-cluster asynchronous replication topologies. (CLUS-7405)
-
Bug fixes:
- Backups & Restore
- PostgreSQL point-in-time recovery (PITR) no longer behaves differently between the first and subsequent base backups; stale
recovery_targetvalues are no longer carried over from previous PITR attempts. (CLUS-4899) - Galera cluster restore from a mysqldump-based backup no longer breaks replica nodes. The restore now runs with
wsrep_on=OFFand forces SST on secondaries afterwards so all nodes converge on the restored data. (CLUS-6440, CLUS-7478) - ClusterControl no longer leaves thousands of leftover temporary directories under
STAGING_DIRwhen backup schedules run frequently — temporary files are now swept and empty parents removed after each operation. (CLUS-7422)
- PostgreSQL point-in-time recovery (PITR) no longer behaves differently between the first and subsequent base backups; stale
- Replication & Clustering
- The “retry SSH connection” action now functions correctly on sharded Valkey/Redis clusters. (CLUS-7199)
- Re-adding a previously removed node to a sharded Valkey cluster no longer fails because of
CLUSTER FORGETtemporarily blacklisting the node ID — ClusterControl now waits and retries until the rejoining node is accepted. (CLUS-7404) - MariaDB semi-synchronous replication setup no longer fails due to use of MySQL 8 variable names (
rpl_semi_sync_source); MariaDB’s master/slave conventions (rpl_semi_sync_master) are now used correctly. (CLUS-7387) - MariaDB audit logs generated by the
server_auditplugin are now included in Error Reports. (CLUS-7283)
- Security & Access Control
- View-only users can no longer terminate database queries from the UI. The backend now also rejects
deleteAccountrequests for read-only callers, ensuring consistent enforcement regardless of how the API is invoked. (CLUS-7244, CLUS-7311)
- View-only users can no longer terminate database queries from the UI. The backend now also rejects
- Monitoring & Deployment
- Agent-based Prometheus monitoring deployment no longer fails on hosts with strict umask settings —
/etc/prometheus/prometheus.ymlis now created with the correctprometheus:prometheusownership across all save paths. (CLUS-7396)
- Agent-based Prometheus monitoring deployment no longer fails on hosts with strict umask settings —
- UI
- Monitoring dashboards now populate within seconds of agent-based monitoring deployment instead of remaining on “No Data” until manually refreshed. (CLUS-7396)
- Stability
- Fixed false “HAProxy Disconnected” alarms for PostgreSQL replica nodes registered on HAProxy’s read-write listening port. (CLUS-6857)
- Fixed the HAProxy version being incorrectly displayed in the ClusterControl GUI due to overly greedy parsing of
haproxy -voutput. (CLUS-6889) - Fixed a memory leak in the cluster information cache that could grow over long-running CMON sessions. (CLUS-7292)
- Backups & Restore
New Release: May 4th, 2026
- Build:
- clustercontrol-mcp-1.0.0-5
We’re excited to announce the release of ClusterControl MCP, a new integration that lets you manage your database clusters in plain English, directly from Claude Desktop, Claude Code, OpenAI Codex, or any MCP-compatible AI client. No dashboards, no SQL, no API calls.
This release ships with 69 tools and 20 MCP resources/templates covering:
- Cluster inventory, topology & health
- Jobs, alarms & performance diagnosis
- Backups, restores & backup schedules
- Maintenance windows & database user management
- ProxySQL, schema advisors, audit logs & configuration
- CMON controller logs and collected host log files
- Built-in dry-run safety for all write operations
- Sensitive output handling - PII and SQL text hidden by default with opt-in flags
- MCP task support for long-running operations
See Reference Manual → MCP Server and Tutorials → Managing Clusters using ClusterControl MCP.
Maintenance Release: April 26th, 2026
- Build:
- clustercontrol-controller-2.4.0-18992
- clustercontrol-mcc-2.4.0-825
- clustercontrol2-2.4.0-2264
This release introduces first-class support for incremental PostgreSQL backups using pg_basebackup — including streaming directly to S3, point-in-time recovery from an incremental chain, and new WAL-summarization controls exposed end-to-end from the Backup Wizard through to the controller. Valkey (Sentinel and Sharded) now supports Promote Replica action, matching the existing Redis workflow. The release also resolves a collection of customer-reported issues across PostgreSQL user management, certificate issuance, MySQL user creation, view-only permissions, and cluster-switching stability.
-
New features:
- Incremental PostgreSQL backups with pg_basebackup (streaming to S3): End-to-end support for
pg_basebackup --incremental, including the controls, wizard flow, and restore paths needed to use it in production:- Backup Wizard —
pg_basebackupincris now a selectable backup method for PostgreSQL 17+. The wizard warns if the selected host has WAL summarization disabled, and ensuressummarize_wal=trueis set on the target before submitting the backup. (CLUS-7196, CLUS-7212, CLUS-7223) - Configure WAL — the node-level "Configure WAL" action lets you turn
summarize_walON or OFF and refreshes the node state immediately. (CLUS-7196, CLUS-7280) - Under the hood — incremental backups run via
pg_basebackup --incremental, support thesummarize_walsetting across the full workflow, and stream directly to S3 (removing the local-disk capacity requirement). (CLUS-6563, CLUS-7084, CLUS-7086, CLUS-7213) - Backup manifests are now uploaded separately from the tarball for both full and incremental
pg_basebackupbackups, enabling cleaner storage and retrieval. (CLUS-7195) - Restore an incremental backup chain — ClusterControl automatically retrieves the full chain, reconstructs it with
pg_combinebackup, and restores the combined data. (CLUS-7085, CLUS-7218, CLUS-7220, CLUS-7221) - Point-in-time recovery (PITR) from an incremental
pg_basebackupbackup. (CLUS-7224) - Create a new cluster directly from an incremental
pg_basebackupbackup. (CLUS-7225) - Replica compatibility — incremental
pg_basebackupnow works correctly on a replica even when the primary hassummarize_waldisabled. (CLUS-7281)
- Backup Wizard —
- Promote Replica for Valkey / Redis: Valkey (Sentinel and Sharded) and Redis clusters now support promoting a replica to primary from the node's action menu. A confirmation dialog guards against accidental promotion. (CLUS-6951, CLUS-7285)
- Incremental PostgreSQL backups with pg_basebackup (streaming to S3): End-to-end support for
-
Improvements:
- PostgreSQL backups dynamically raise
wal_keep_sizebefore runningpg_basebackupto prevent failure when WAL files are recycled mid-backup; the original value is restored on the target node afterward. (CLUS-7075) - Galera package detection has been updated to work with the new Percona repository API, keeping Galera version selection accurate for new deployments and upgrades. (CLUS-7331)
- PostgreSQL backups dynamically raise
-
Bug fixes:
- Backups
- Incremental
pg_basebackupnow succeeds after a priorpg_basebackuprestore, so repeated backup/restore cycles work as expected. (CLUS-7300) - Creating an incremental
pg_basebackupbackup for a newly added replica node now succeeds. (CLUS-7364) Added safeguards to prevent incrementalpg_basebackupfrom failing when attempted on a fresh timeline after a restore. (CLUS-7383) - The controller is no longer offered as a backup storage host in pool mode for cluster types where it should be disabled, and selecting the controller as storage now correctly sets the
cc_storageflag on the backup job. (CLUS-6986)
- Incremental
- User Management
- Creating a new PostgreSQL user in User Management v2 now works reliably. Grants and revokes are always applied at the database level as expected. (CLUS-7231)
- Deleting a PostgreSQL user that owns no objects no longer fails — privileges are now explicitly revoked before the user is dropped. (CLUS-7232)
- Cluster permission level no longer unexpectedly switches from Read-Only to Custom in User Management when new clusters are added; existing non-custom teams are now correctly reflected on new clusters. (CLUS-7077)
- Fixed a syntax error when creating a MySQL user with "No privileges" selected. (CLUS-7076)
- Security & Access Control:
- View-only users can no longer kill a database query — execution permissions on the
qm_killprocessand qm_purge actions have been tightened. (CLUS-7244) - View-only users can no longer delete database users. The DB Users screen now correctly enforces read-only access across Galera, MySQL Replication, and PostgreSQL Streaming Replication clusters. (CLUS-7290)
- Credential passwords are now consistently masked in error reports when the masking option is enabled — previously some passwords could leak through unmasked. (CLUS-6958)
- View-only users can no longer kill a database query — execution permissions on the
- Certificates
- A previously created Certificate Authority can now be selected as the issuer when generating server or client certificates. Selecting the CA from the side menu no longer replaces it with a self-signed certificate. (CLUS-7252)
- Replication & Stability
- Adding a PostgreSQL replica to a cluster under load no longer times out, and the
wal_keeppre-flight warning has been corrected for PostgreSQL 13 and later. (CLUS-7277) - Fixed a UI crash that could occur when switching from PostgreSQL user management to a Valkey cluster that had failed. (CLUS-7365)
- Adding a PostgreSQL replica to a cluster under load no longer times out, and the
- Backups
Maintenance Release: April 7th, 2026
-
Build:
- clustercontrol-controller-2.4.0-18485
- clustercontrol-mcc-2.4.0-784
- clustercontrol2-2.4.0-2241
-
Controller:
- Simpler monitoring setup with shared Prometheus hosts. When using a shared Prometheus instance, the controller now reuses existing credentials. This reduces manual configuration and lowers the chance of misconfiguring monitoring authentication. (CLUS-7024)
- Improved reliability of Prometheus authentication on shared hosts - Fixes have been made to how basic authentication is handled for Prometheus on shared hosts, eliminating intermittent authentication issues in some environments. (CLUS-7024)
- More reliable Percona XtraDB Cluster deployments on Ubuntu - An issue that could cause Percona XtraDB Cluster deployments to fail on Ubuntu has been resolved. Deployments on supported Ubuntu versions should now complete as expected. (CLUS-7041)
- Clearer handling of unreachable MySQL hosts - The controller now treats “unknown host” errors from MySQL as connection issues. This improves error messages and behavior when a MySQL host cannot be reached or is misconfigured. (CLUS-7193)
- Safer default MySQL performance collection - A low-level performance collection option has been removed from the default MySQL configuration to reduce unnecessary overhead on instances where that extra detail is not needed. (CLUS-7243)
- More consistent data directory layout for CCX - Data directories for CCX instances are now standardized. This helps avoid confusion about where data is stored and reduces risk from misconfigured paths.
-
UI:
- Cleaner PostgreSQL role creation form - When creating roles in PostgreSQL User Management, the password expiry option is now only shown when it actually applies. This reduces clutter and makes the role creation flow clearer. (CLUS-7074)
- PgBouncer settings visible again - The PgBouncer configuration is now correctly shown under Manage → Configuration, so you can once again view and adjust connection pooling settings from the UI. (CLUS-7052)
Maintenance Release: March 24th, 2026
-
Build:
- clustercontrol-controller-2.4.0-18342
- clustercontrol-mcc-2.4.0-774
- clustercontrol2-2.4.0-2231
-
Controller:
-
Bugfixes:
- Fixed an issue where the
outgoing_messagestable could fill up unnecessarily in CCX deployments. (CLUS-7145) - Prevented automatic database schema upgrades in CCX environments to avoid unintended side effects. (CLUS-7158)
- Cluster migration no longer aborts when a cluster has no SSL certificate files under
/var/lib/cmon/ca. (CLUS-7112) - Fixed missing adapter checks in secure file handling that could cause incorrect results when checking for the existence of configuration files. (CLUS-7163)
- Exceptions thrown during Kubernetes configuration checks and job execution are now properly caught and handled, preventing unexpected crashes. (CLUS-7164)
- Fixed a regression that prevented editing of MySQL database users. (CLUS-7071)
- Fixed PgBouncer deployment failures when PostgreSQL nodes are running on a non-default port. (CLUS-6998)
- Fixed Cluster Load metric options on the Overview Page appearing clickable but having no effect. (CLUS-6975)
- Fixed the “Rows per Page” control in the ProxySQL UI not correctly updating the number of displayed rows. (CLUS-6973)
- Sorting by “Hits” in the ProxySQL Rules view now sorts numerically instead of alphabetically, ensuring accurate ordering. (CLUS-6974)
- Fixed an issue where login was attempted before the Kubernetes operator ping completed, causing intermittent login failures. (CLUS-6764)
- Fixed an extra space in the connection pool example string that could cause unexpected issues. (CLUS-7083)
- Fixed an issue where the
-
Improvements
- PostgreSQL Backup Reliability - Updated
pg_basebackupto use the stream WAL method for more reliable base backups. (CLUS-7172) - Kubernetes Secret Migration - ClusterControl now automatically migrates cluster configuration files to Kubernetes Secrets before the daemon starts, improving security posture in Kubernetes environments. (CLUS-7171)
- Monitoring Exporter Updates - Several monitoring exporters have been updated to newer versions for improved compatibility and observability. (CLUS-7080)
- User Management - The “Disable Login” button has been renamed to “Disable User” for clarity, and user locking (login/nologin) is now supported. (CLUS-6712)
- Audit Logging - Audit logging has been added to user management, along with general improvements to the user details view. (CLUS-6713)
- Controller Retry - A retry option is now available in the Add Controller job action menu, making it easier to recover from failed controller additions. (CLUS-7044)
- File migration events are now logged at INFO level instead of WARNING, reducing noise in operational logs. (CLUS-7112)
- Redis/Valkey and MSSQL log files are now included in Error Reports for more complete diagnostics. (CLUS-7007)
- PostgreSQL Backup Reliability - Updated
-
-
GUI:
- Long cluster names are now displayed in full in the left-side navigation menu. (CLUS-7078)
- Long SQL queries in the ProxySQL UI now wrap automatically, making them easier to read without horizontal scrolling. (CLUS-6976)
- Granular controller access with CIDR /32 - You can now use a /32 CIDR mask to restrict access to a specific controller IP address. A helpful tooltip has been added to guide you through this setting. (CLUS-7018)
Initial Release: March 9th, 2026
- Build:
- clustercontrol-controller-2.4.0-18159
- clustercontrol-mcc-2.4.0-759
- clustercontrol2-2.4.0-2223
- s9s-tools 1.9.2026021709
We’re pleased to announce the release of ClusterControl v2.4.0 LTS which adds support for:
Scaling ClusterControl with CMON Controller Pool - GA Release
Scalable pool of controllers, designed for demanding, multi‑site and high‑growth environments. This work improves scalability, resilience, and day‑2 operations when managing many clusters.
- Activate/Deactivate CMON Controller Pool on an existing controller, enabling gradual adoption and rollback
- Horizontal Scaling: Automatically add and remove controllers
- Shared CMON configurations using NFS
- Integrated UI/UX when enabling CMON Controller Pool
- HA setup is currently not available - will be included in the upcoming release.
PostgreSQL DB User Management (v2)
We’re continuing to enhance PostgreSQL user management in ClusterControl to make day‑to‑day operations simpler and safer.
- Improvements to user creation, role assignment, and permission management
-
Create, edit, and assign PostgreSQL roles directly from ClusterControl
- This helps standardize access patterns across databases and reduces manual psql work
-
View and edit database, schema, and table‑level permissions
- This will provide a clearer overview of who can access what, and simplify adjustments to fine‑grained permissions
-
Manage PostgreSQL authentication methods and password policies
- Enforce security standards for database users at scale
-
Improved support for automatic client authentication (
pg_hba.conf) changes and synchronization when new users are created.- Reduces configuration drift and lowers the risk of connectivity issues after user creation
-
UI and UX refinements across the board - Make complex permission and user-management flows easier to understand and operate.