The releases on this page are testing releases, not supported or intended for production environments. The new features and bug fixes noted on this page may not yet be documented across CockroachDB’s documentation.
- CockroachDB self-hosted: All v24.3 testing binaries and Docker images are available for download.
- CockroachDB Advanced: v24.3 testing releases are not yet available.
- CockroachDB Standard and Basic: v24.3 testing releases are not available.
When v24.3 becomes Generally Available (GA), a new v24.3.0 section on this page will describe key features and additional upgrade considerations.
CockroachDB v24.3 is in active development, and the following testing releases are intended for testing and experimentation only, and are not qualified for production environments or eligible for support or uptime SLA commitments. When CockroachDB v24.3 is Generally Available (GA), production releases will also be announced on this page.
- For details about release types, naming, and licensing, refer to the Releases page.
- Be sure to also review the Release Support Policy.
- After downloading a supported CockroachDB binary, learn how to install CockroachDB or upgrade your cluster.
Get future release notes emailed to you:
v24.3.0-beta.3
Release Date: November 5, 2024
Downloads
CockroachDB v24.3.0-beta.3 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-beta.3.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.3.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.3.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.3.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-beta.3.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.3.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.3.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.3.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-beta.3.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-beta.3.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.3
Source tag
To view or download the source code for CockroachDB v24.3.0-beta.3 on Github, visit v24.3.0-beta.3 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-beta.2...v24.3.0-beta.3
Security updates
- Client authentication errors using LDAP now log more details to help with troubleshooting authentication and authorization issues. #133812
SQL changes
- Physical Cluster Replication reader catalogs now bypass AOST timestamps using the
bypass_pcr_reader_catalog_aost
session variable, which can be used to modify cluster settings within the reader. #133876
Operational changes
- Added a timer for inner changefeed sink client flushes. #133288
- Rows replicated by Logical Data Replication in
immediate
mode are now considered in the decision to recompute SQL table statistics. #133591 - The new cluster setting
kvadmission.flow_controller.token_reset_epoch
can be used to refill replication admission control v2 tokens. This is an advanced setting. Use it only after consultation with your account team. #133294 - The new cluster setting
goschedstats.always_use_short_sample_period.enabled
, when set totrue
, helps to prevent unnecessary queueing due to CPU [admission control](/docs/v24.3/admission-control.htmls. #133585
DB Console changes
- In Database pages, the Refresh tooltip now includes details about the progress of cache updates and when the job started. #133351
Bug fixes
- Fixed a bug where changefeed sink) timers were not correctly registered with the metric system. #133288
Fixed a bug that could cause new connections to fail with the following error after upgrading:
ERROR: invalid value for parameter "vectorize": "unknown(1)" SQLSTATE: 22023 HINT: Available values: off,on,experimental_always
. To encounter this bug, the cluster must have:- Run on version v21.1 at some point in the past
- Run
SET CLUSTER SETTING sql.defaults.vectorize = 'on';
while running v21.1. - Not set
sql.defaults.vectorize
after upgrading past v21.1 4. - Subsequently upgraded to v24.2.upgraded all the way to v24.2.
To detect this bug, run the following query:
SELECT * FROM system.settings WHERE name = 'sql.defaults.vectorize
If the command returns
1
instead ofon
, run the following statement before upgrading.RESET CLUSTER SETTING sql.defaults.vectorize;
1
is now allowed as a value for this setting, and is equivalent toon
. #133371Fixed a bug in v22.2.13+, v23.1.9+, and v23.2 that could cause the internal error
interface conversion: coldata.Column is
in an edge case. #133762Fixed a bug introduced in v20.1.0 that could cause erroneous
NOT NULL
constraint violation errors to be logged duringUPSERT
andINSERT
statements with theON CONFLICT ...DO UPDATE
clause that update an existing row and a subset of columns that did not include aNOT NULL
column of the table. #133820Fixed a that could cache and reuse a non-reusable query plan, such as a plan for a DDL or
SHOW
statement, whenplan_cache_mode
was set toauto
orforce_generic_plan
, which are not the default options. #133073Fixed an unhandled error that could occur while running the command
REVOKE ... ON SEQUENCE FROM ... {user}
on an object that is not a sequence. #133710Fixed a panic that could occur while running a
CREATE TABLE AS
statement that included a sequence with an invalid function overload. #133870
v24.3.0-beta.2
Release Date: October 28, 2024
Downloads
CockroachDB v24.3.0-beta.2 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-beta.2.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.2.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.2.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.2.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-beta.2.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.2.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.2.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.2.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-beta.2.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-beta.2.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.2
Source tag
To view or download the source code for CockroachDB v24.3.0-beta.2 on Github, visit v24.3.0-beta.2 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-beta.1...v24.3.0-beta.2
SQL language changes
- If a table is the destination of a logical data replication stream, then only schema change statements that are deemed safe are allowed on the table. Safe statements are those that do not result in a rebuild of the primary index and do not create an index on a virtual computed column. #133266
Operational changes
- The two new metrics
sql.crud_query.count
andsql.crud_query.started.count
measure the number ofINSERT
/UPDATE
/DELETE
/SELECT
queries executed and started respectively. #133198 - When creating a logical data replication stream, any user-defined types in the source and destination are now checked for equivalency. This allows for creating a stream that handles user-defined types without needing to use the
WITH SKIP SCHEMA CHECK
option as long as the stream usesmode = immediate
. #133274 - Logical data replication streams that reference tables with user-defined types can now be created with the
mode = immediate
option. #133295
DB Console changes
- The SQL Statements graph on the Overview and SQL dashboard pages in DB Console now show Total Queries as a general Queries Per Second (QPS) metric. #133198
- Due to the inaccuracy of the Range Count column on the Databases page and the cost incurred to fetch the correct range count for every database in a cluster, this data will no longer be visible. This data is still available via a
SHOW RANGES
query. #133267
Bug fixes
- Users with the
admin
role can now runALTER DEFAULT PRIVILEGES FOR target_role ...
on anytarget_role
. Previously, this could result in a privilege error, which is incorrect asadmin
s are allowed to perform any operation. #133072 REASSIGN OWNED BY current_owner_role ...
will now transfer ownership of thepublic
schema. Previously, it would always skip over thepublic
schema even if it was owned by thecurrent_owner_role
. #133072
v24.3.0-beta.1
Release Date: October 24, 2024
Downloads
CockroachDB v24.3.0-beta.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-beta.1.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.1.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.1.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.1.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-beta.1.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.1.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.1.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.1.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-beta.1.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-beta.1.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.1
Source tag
To view or download the source code for CockroachDB v24.3.0-beta.1 on Github, visit v24.3.0-beta.1 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-alpha.2...v24.3.0-beta.1
General changes
- The cluster setting
diagnostics.reporting.enabled
is now ignored if the cluster has a Enterprise Trial or Enterprise Free license, or if the reporting job is unable to load any license at all. #132257
Enterprise edition changes
- This change ensures authorization with LDAP only works when the
ldapgrouplistfilter
option is present in the HBA configuration, otherwise authentication will proceed with the provided LDAP auth method options in the HBA configuration. This change is to ensure external authorization with LDAP is opt-in rather than enabled by default. #132235 - Added a changefeed sink error metric
changefeed.sink_errors
, and expanded reporting of the internal retries metricchangefeed.internal_retry_message_count
to all sinks that perform internal retries. #132092
SQL language changes
- Implemented
DROP TRIGGER
statements. TheCASCADE
option for dropping a trigger is not supported. #128540 - Added support for
CREATE TRIGGER
. TheOR REPLACE
syntax is not supported. Also, triggers cannot be executed, so creation is a no-op. #128540 REGIONAL BY ROW
andPARTITION ALL BY
tables can now be inserted into under non-SERIALIZABLE
isolation levels as long as there is noON CONFLICT
clause in the statement. Also,REGIONAL BY ROW
andPARTITION ALL BY
tables can now be updated under non-SERIALIZABLE
isolation levels. #129837- Attempting to add foreign keys referencing a table with row-level TTL enabled will generate a notice informing the user about potential impact on the row-level TTL deletion job. Similarly, a notice is generated while attempting to enable row-level TTL on a table that has inbound foreign key references. #127935
- It is now possible to assign to an element of a composite typed variable in PL/pgSQL. For example, given a variable
foo
with two integer elementsx
andy
, the following assignment statement is allowed:foo.x := 100;
. #132628 - Backup and restore now work for tables with triggers. When the
skip_missing_udfs
option is applied, triggers with missing trigger functions are removed from the table. #128555 UPSERT and INSERT ... ON CONFLICT
statements are now supported onREGIONAL BY ROW
tables underREAD COMMITTED
isolation. #132768- Added support for row-level
BEFORE
triggers. A row-level trigger executes the trigger function for each row that is being mutated.BEFORE
triggers fire before the mutation operation. #132511 - Added support for PL/pgSQL integer
FOR
loops, which iterate over a range of integer values. #130211
Operational changes
- Admission Control now has an integration for pacing snapshot ingest traffic based on disk bandwidth.
kvadmission.store.snapshot_ingest_bandwidth_control.enabled
is used to turn on this integration. It requires provisioned bandwidth to be set for the store (or cluster through the cluster setting) for it to take effect. #131243 - Added validation to check whether audit logging and buffering configurations are both present in the file log sink. Audit logging and buffering configuration should not both exist in the file log sink. #132742
- Updated the file log sink validation message. This would give clear indication to the user about the expected valid configuration. #132899
DB Console changes
- The value of the automatic statistics collection cluster setting
sql.stats.automatic_collection.enabled
is now in the top right corner of the Databases overview page. #132269 - In the new Databases and Tables pages, when cached data is being refreshed, the refresh button will be disabled and its tooltip text will display,
Data is currently refreshing
. #132462
Bug fixes
- Addressed a rare bug that could prevent backups taken during a
DROP COLUMN
operation with a sequence owner from restoring with the error:rewriting descriptor ids: missing rewrite for <id> in SequenceOwner...
. #132202 - Fixed a bug existing since before v23.1 that could lead to incorrect results in rare cases. The bug requires a join between two tables with an equality between columns with equivalent, but not identical types (e.g.,
OID
andREGCLASS
). In addition, the join must lookup into an index that includes a computed column that references one of the equivalent columns. #126345 - Fixed a bug existing since before v23.1 that could lead to incorrect results in rare cases. The bug requires a lookup join into a table with a computed index column, where the computed column expression is composite sensitive. A composite sensitive expression can compare differently if supplied non-identical but equivalent input values (e.g.,
2.0::DECIMAL
versus2.00::DECIMAL
). #126345 - Fixed a bug that caused quotes around the name of a routine to be dropped when it was called within another routine. This could prevent the correct routine from being resolved if the nested routine name was case-sensitive. The bug has existed since v24.1 when nested routines were introduced. #131643
- Fixed a bug where the SQL shell would print out the previous error message when executing the
quit
command. #130736 - Fixed a bug where a span statistics request on a mixed-version cluster resulted in a null pointer exception. #132349
- Fixed an issue where changefeeds would fail to update protected timestamp records in the face of retryable errors. #132712
- The
franz-go
library has been updated to fix a potential deadlock on changefeed restarts. #132761 - Fixed a bug that in rare cases could cause incorrect evaluation of scalar expressions involving
NULL
values. #132261 - Fixed a bug in the query optimizer that in rare cases could cause CockroachDB nodes to crash. The bug could occur when a query contains a filter in the form
col IN (elem0, elem1, ..., elemN)
only whenN
is very large, (e.g., 1.6+ million), and whencol
exists in a hash-sharded index, or exists a table with an indexed, computed column dependent oncol
. #132701 - The
proretset
column of thepg_catalog.pg_proc
table is now properly set totrue
for set-returning built-in functions. #132853 - Fixed an error that could be caused by using an
AS OF SYSTEM TIME
expression that references a user-defined (or unknown) type name. These kinds of expressions are invalid, but previously the error was not handled properly. Now, a correct error message is returned. #132348
Build changes
- Upgraded to Go v1.23.2. #132111
v24.3.0-alpha.2
Release Date: October 14, 2024
Downloads
CockroachDB v24.3.0-alpha.2 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-alpha.2.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.2.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-alpha.2.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.2.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-alpha.2.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.2.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-alpha.2.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.2.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-alpha.2.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-alpha.2.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-alpha.2
Source tag
To view or download the source code for CockroachDB v24.3.0-alpha.2 on Github, visit v24.3.0-alpha.2 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-alpha.1...v24.3.0-alpha.2
Security updates
The parameters for an HBA config entry for LDAP are now validated when the entry is created or amended, in addition to the validation that happens during an authentication attempt. #132086
Added automatic cleanup and validation for default privileges that reference dropped roles after a major-version upgrade to v24.3. #131782
General changes
- Changed the license
cockroach
is distributed under to the new CockroachDB Software License (CSL). #131799 #131794 #131793
Enterprise edition changes
- You can now authenticate to the DB console API by supplying a Java Web Token (JWT) as a Bearer token in the Authorization header. #130779
SQL language changes
- To view comments on a type, you can use the new
SHOW TYPES WITH COMMENT
command. Comments can be added usingCOMMENT ON
. #131183 - You can create or alter a user-defined function (UDF) or stored procedure (SP) with
[EXTERNAL] SECURITY DEFINER
instead of the default[EXTERNAL] SECURITY INVOKER
. WithSECURITY DEFINER
, the privileges of the owner are checked when the UDF or SP is executed, rather than the privileges of the executor. TheEXTERNAL
keyword is optional and exists for SQL language conformity. #129720
Operational changes
The following new metrics show details about replication flow control send queue when the cluster setting
kvadmission.flow_control.enabled
is set totrue
and the cluster settingkvadmission.flow_control.mode
is set toapply_to_all
.kvflowcontrol.tokens.send.regular.deducted.prevent_send_queue
kvflowcontrol.tokens.send.elastic.deducted.prevent_send_queue
kvflowcontrol.tokens.send.elastic.deducted.force_flush_send_queue
kvflowcontrol.range_controller.count
kvflowcontrol.send_queue.bytes
kvflowcontrol.send_queue.count
kvflowcontrol.send_queue.prevent.count
kvflowcontrol.send_queue.scheduled.deducted_bytes
kvflowcontrol.send_queue.scheduled.force_flush
The following metrics have been renamed:
Previous name New name- kvflowcontrol.tokens.eval.regular.disconnected
kvflowcontrol.tokens.eval.regular.returned.disconnect
kvflowcontrol.tokens.eval.elastic.disconnected
kvflowcontrol.tokens.eval.elastic.returned.disconnect
kvflowcontrol.tokens.send.regular.disconnected
kvflowcontrol.tokens.send.regular.returned.disconnect
kvflowcontrol.tokens.send.elastic.disconnected
kvflowcontrol.tokens.send.elastic.returned.disconnect
Cluster virtualization changes
- The
_status/ranges/
endpoint on DB Console Advanced debug pages is now enabled for non-system virtual clusters, where it returns the ranges only for the tenant you are logged into. For the system virtual cluster, the_status/ranges/
endpoint continues to return ranges for the specified node across all virtual clusters. #131100
DB Console changes
- Improved performance in the Databases, Tables View, and Table Details sections of the Databases page #131769
Bug fixes
- Fixed a bug where JSON values returned by
cockroach
commands using the--format=sql
flag were not correctly escaped if they contained double quotes within a string. #131881 - Fixed an error that could happen if an aggregate function was used as the value in a
SET
command. #131891 - Fixed a rare bug introduced in v22.2 in which an update of a primary key column could fail to update the primary index if it is also the only column in a separate column family. #131869
- Fixed a rare bug where dropping a column of
FLOAT4
,FLOAT8
,DECIMAL
,JSON
,ARRAY
, or collateSTRING
type stored in a single column family could prevent subsequent reading of the table if the column family was not the first column family. #131967 - Fixed an
unimplemented
internal error that could occur when ordering by aVECTOR
column. #131703
Performance improvements
- Efficiency has been improved when writing string-like values over the PostgreSQL wire protocol. #131964
- Error handling during periodic table history polling has been improved when the
schema_locked
table parameter is not used. #131951
v24.3.0-alpha.1
Release Date: October 9, 2024
Downloads
CockroachDB v24.3.0-alpha.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-alpha.1.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.1.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-alpha.1.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.1.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-alpha.1.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.1.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-alpha.1.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.1.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-alpha.1.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-alpha.1.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-alpha.1
Source tag
To view or download the source code for CockroachDB v24.3.0-alpha.1 on Github, visit v24.3.0-alpha.1 source tag.
Security updates
- URLs in the
CREATE CHANGEFEED
andCREATE SCHEDULE FOR CHANGEFEED
SQL statements are now sanitized of any secrets before being written to unredacted logs. #126970 - The LDAP cluster settings
server.ldap_authentication.client.tls_certificate
andserver.ldap_authentication.client.tls_key
did not have callbacks installed to reload the settings value for LDAP authManager. This change fixes this by adding the necessary callbacks. #131151 - Cluster settings for host-based authentication configuration (
server.host_based_authentication.configuration
) and identity map configuration (server.identity_map.configuration
) need to be redacted as they can be configured to contain LDAP bind usernames, passwords, and mapping of external identities to SQL users that are sensitive. These cluster settings can be configured for redaction via theserver.redact_sensitive_settings.enabled
cluster setting. #131150 - Added support for configuring authorization using LDAP. During login, the list of groups that a user belongs to are fetched from the LDAP server. These groups are mapped to SQL roles by extracting the common name (CN) from the group. After authenticating the user, the login flow grants these roles to the user, and revokes any other roles that are not returned by the LDAP server. The groups given by the LDAP server are treated as the sole source of truth for role memberships, so any roles that were manually granted to the user will not remain in place. #131043
Previously, the host-based authentication (HBA) configuration cluster setting
server.host_based_authentication.configuration
was unable to handle double quotes in authentication method option values. For example, for the following entry:host all all all ldap ldapserver=ldap.example.com ldapport=636 ldapbasedn="ou=users,dc=example,dc=com" ldapbinddn="cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid ldapsearchfilter="(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)"
The HBA parser would fail after incorrectly determining
ldapbinddn="cn=readonly,dc=example,dc=com"
as 2 separate options (ldapbinddn=and cn=readonly,dc=example,dc=com
). Now, the 2 tokens are set as key and value respectively for the same HBA configuration option. #131480
General changes
- CockroachDB will now avoid logging unnecessary stack traces while executing scheduled jobs. #129846
- Upgrading to 24.3 is blocked if no license is installed, or if a trial/free license is installed with telemetry disabled. #130576
- Attempting to install a second Enterprise trial license on the same cluster will now fail. #131422
- Changed the license
cockroach
is distributed under to the new CockroachDB Software License (CSL). #131690 #131686 #131688 #131687 #131717 #131689 #131693 #131691 #131777 #131778 #131661
Enterprise edition changes
- Added a
CompressionLevel
field to the changefeedkafka_sink_config
option. Changefeeds will use this compression level when emitting events to a Kafka sink. The possible values depend on a compression codec. TheCompressionLevel
field optimizes for faster or stronger level of compression. #125456 - The updated version of the CockroachDB changefeed Kafka sink implementation now supports specifying compression levels. #127827
- Introduced the cluster setting
server.jwt_authentication.client.timeout
to capture the HTTP client timeout for external calls made during JWT authentication. #127145 - The JWT authentication cluster settings have been made
public
. #128170 - Updated certain error messages to refer to the
stable
docs tree rather than an explicit version. #128842 - Disambiguated metrics and logs for the two buffers used by the KV feed. The affected metrics now have a suffix indicating which buffer they correspond to:
changefeed.buffer_entries.*
,changefeed.buffer_entries_mem.*
,changefeed.buffer_pushback_nanos.*
. The previous versions are still supported for backward compatibility, though using the new format is recommended. #128813 Added support for authorization to a CockroachDB cluster via LDAP, retrieving AD groups membership information for LDAP user. The new HBA configuration cluster setting option
ldapgrouplistfilter
performs filtered search query on LDAP for matching groups. An example HBA configuration entry to support LDAP authZ configuration:# TYPE DATABASE USER ADDRESS METHOD OPTIONS # Allow all users to connect to using LDAP authentication with search and bind host all all all ldap ldapserver=ldap.example.com ldapport=636 "ldapbasedn=ou=users,dc=example,dc=com" "ldapbinddn=cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid "ldapsearchfilter=(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)" "ldapgrouplistfilter=(objectClass=groupOfNames)" # Fallback to password authentication for the root user host all root 0.0.0.0/0 password
For example, to use for an Azure AD server:
SET cluster setting server.host_based_authentication.configuration = 'host all all all ldap ldapserver=azure.dev ldapport=636 "ldapbasedn=OU=AADDC Users,DC=azure,DC=dev" "ldapbinddn=CN=Some User,OU=AADDC Users,DC=azure,DC=dev" ldapbindpasswd=my_pwd ldapsearchattribute=sAMAccountName "ldapsearchfilter=(memberOf=CN=azure-dev-domain-sync-users,OU=AADDC Users,DC=crlcloud,DC=dev)" "ldapgrouplistfilter=(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=crlcloud,DC=dev)" host all root 0.0.0.0/0 password';
Post configuration, the CockroachDB cluster should be able to authorize users via LDAP server if:
- Users LDAP authentication attempt is successful, and it has the user's DN for the LDAP server.
ldapgrouplistfilter
is properly configured, and it successfully syncs groups of the user. #128498
Added changefeed support for the
mvcc_timestamp
option when the changefeed is emitting inavro
format. If both options are specified, the Avro schema includes anmvcc_timestamp
metadata field and emits the row's MVCC timestamp with the row data. #129840Updated the cluster setting
changefeed.sink_io_workers
with all the sinks that support the setting. #129946Added a LDAP authentication method to complement password-based login for the DB Console if HBA configuration has an entry for LDAP for the user attempting login, along with other matching criteria (like the requests originating IP address) for authentication to the DB Console. #130418
Added timers around key parts of the changefeed pipeline to help debug feeds experiencing issues. The
changefeed.stage.<stage>.latency
metrics now emit latency histograms for each stage. The metric respects the changefeedscope
label for debugging specific feeds. #128794For enterprise changefeeds, events
changefeed_failed
andcreate_changefeed
now include aJobId
field. #131396The new metric
seconds_until_license_expiry
allows you to monitor the status of a cluster's Enterprise license. #129052.Added the
changefeed.total_ranges
metric, which monitors the number of ranges that are watched by changefeed aggregators. It shares the same polling interval aschangefeed.lagging_ranges
, which is controlled by the existinglagging_ranges_polling_interval
option. #130897
SQL language changes
- Added a session setting,
optimizer_use_merged_partial_statistics
which defaults tofalse
. When set totrue
, it enables usage of existing partial statistics merged with full statistics when optimizing a query. #126948 - The
enable_create_stats_using_extremes
session setting is nowtrue
by default. Partial statistics at extremes can be collected using theCREATE STATISTICS <stat_name> ON <column_name> FROM <table_name> USING EXTREMES
syntax. #127850 - Added
SHOW SCHEMAS WITH COMMENT
andSHOW SCHEMAS FROM database_name WITH COMMENT
functionality similar toSHOW TABLES
andSHOW DATABASES
. #127816 - The
deadlock_timeout
session variable is now supported. The configuration can be used to specify the time to wait on a lock before pushing the lock holder for deadlock detection. It can be set at session granularity. #128506 - Partial statistics at extremes can now be collected on all valid columns of a table using the
CREATE STATISTICS <stat_name>
FROM <table_name> USING EXTREMES
syntax, without anON <col_name>
clause. Valid columns are all single column prefixes of a forward index excluding partial, sharded, and implicitly partitioned indexes. #127836 - Partial statistics can now be automatically collected at the extremes of indexes when a certain fraction and minimum number of rows are stale (by default 5% and 100 respectively). These can be configured with new table storage parameters and cluster settings, and the feature is disabled by default. The new cluster settings and table parameters are:
sql.stats.automatic_partial_collection.enabled
/sql_stats_automatic_partial_collection_enabled
, defaults tofalse
.sql.stats.automatic_partial_collection.min_stale_rows
/sql_stats_automatic_partial_collection_min_stale_rows
, defaults to100
.sql.stats.automatic_partial_collection.fraction_stale_rows
/sql_stats_automatic_partial_collection_fraction_stale_rows
, Defaults to0.05
. #93067
- The session variable
enforce_home_region_follower_reads_enabled
is now deprecated, and will be removed in a future release. The related session variableenforce_home_region
is not deprecated. #129024 - Added a new cluster setting to control whether most common values are collected as part of histogram collection for use by the optimizer. The setting is called
sql.stats.histogram_buckets.include_most_common_values.enabled
. When enabled, the histogram collection logic will ensure that the most common sampled values are represented as histogram bucket upper bounds. Since histograms in CockroachDB track the number of elements equal to the upper bound in addition to the number of elements less, this allows the optimizer to identify the most common values in the histogram and better estimate the rows processed by a query plan. To set the number of most common values to include in a histogram, a second settingsql.stats.histogram_buckets.max_fraction_most_common_values
was added. Currently, the default is0.1
, or10%
of the number of buckets. With a 200 bucket histogram, by default, at most 20 buckets may be adjusted to include a most common value as the upper bound. #129378 - Added a new column to
crdb_internal.table_spans
to indicate whether a table is dropped. Rows for dropped tables will be removed once they are garbage collected. #128788 Added the cluster setting
sql.txn.repeatable_read_isolation.enabled
, which defaults tofalse
. When set totrue
, the following statements will configure transactions to run underREPEATABLE READ
isolation, rather than being automatically interpreted asSERIALIZABLE
:BEGIN TRANSACTION ISOLATION LEVEL REPEATABLE READ
SET TRANSACTION ISOLATION LEVEL REPEATABLE READ
SET default_transaction_isolation = 'repeatable read'
SET SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL REPEATABLE READ
This setting was added since
REPEATABLE READ
transactions is a preview feature, so usage of it is opt-in for v24.3. In a future CockroachDB major version, this setting will change to default totrue
. #130089Previously,
SHOW CHANGEFEED JOBS
showed the changefeed jobs for the last 14 days by default. Now, it uses the same age filter forSHOW JOBS
, which shows jobs from the last 12 hours by default. #127584Set the default for session variable
large_full_scan_rows
to0
. This means that by default,disallow_full_table_scans
will disallow all full table scans, even full scans on very small tables. Iflarge_full_scan_rows
is set > 0,disallow_full_table_scans
will allow full scans estimated to read fewer thanlarge_full_scan_rows
. #131040It is now possible to create PL/pgSQL trigger functions, which can be executed by a trigger in response to table mutation events. Note that this patch does not add support for triggers, only trigger functions. #126734
Cluster settings
enterprise.license
anddiagnostics.reporting.enabled
now have additional validation. #131097The
SHOW SESSIONS
command was changed to include anauthentication_method
column in the result. This column will show the method used to authenticate the session, for example,password
,cert
,LDAP
, etc. #131625
Operational changes
- Events
DiskSlownessDetected
andDiskSlownessCleared
are now logged when disk slowness is detected and cleared on a store. #127025 - Several cluster settings allow you to configure rate-limiting traffic to cloud storage over various protocols. These settings begin with
cloudstorage
. #127207 - The new cluster setting
kv.range.range_size_hard_cap
allows you to limit how large a range can grow before backpressure is applied. This can help to mitigate against a situation where a range cannot be split, such as when a range is comprised of a single key due to an issue with the schema or workload pattern or a bug in client application code. The default is 8 GiB, which is 16 times the default max range size. If you have changed the max range size, you may need to adjust this cluster setting or reduce the range size. #129450 The following
kvflowcontrol
metrics have been renamed. After a cluster is finalized on v24.3, old and new metrics will be populated. The previous metrics underkvasdmission.flow_controller
will be removed.Old metric names New metric names kvadmission.flow_controller.regular_tokens_available
kvflowcontrol.tokens.eval.regular.available
kvadmission.flow_controller.elastic_tokens_available
kvflowcontrol.tokens.eval.elastic.available
kvadmission.flow_controller.regular_tokens_deducted
kvflowcontrol.tokens.eval.regular.deducted
kvadmission.flow_controller.elastic_tokens_deducted
kvflowcontrol.tokens.eval.elastic.deducted
kvadmission.flow_controller.regular_tokens_returned
kvflowcontrol.tokens.eval.regular.returned
kvadmission.flow_controller.elastic_tokens_returned
kvflowcontrol.tokens.eval.elastic.returned
kvadmission.flow_controller.regular_tokens_unaccounted
kvflowcontrol.tokens.eval.regular.unaccounted
kvadmission.flow_controller.elastic_tokens_unaccounted
kvflowcontrol.tokens.eval.elastic.unaccounted
kvadmission.flow_controller.regular_stream_count
kvflowcontrol.streams.eval.regular.total_count
kvadmission.flow_controller.elastic_stream_count
kvflowcontrol.streams.eval.elastic.total_count
kvadmission.flow_controller.regular_requests_waiting
kvflowcontrol.eval_wait.regular.requests.waiting
kvadmission.flow_controller.elastic_requests_waiting
kvflowcontrol.eval_wait.elastic.requests.waiting
kvadmission.flow_controller.regular_requests_admitted
kvflowcontrol.eval_wait.regular.requests.admitted
kvadmission.flow_controller.elastic_requests_admitted
kvflowcontrol.eval_wait.elastic.requests.admitted
kvadmission.flow_controller.regular_requests_errored
kvflowcontrol.eval_wait.regular.requests.errored
kvadmission.flow_controller.elastic_requests_errored
kvflowcontrol.eval_wait.elastic.requests.errored
kvadmission.flow_controller.regular_requests_bypassed
kvflowcontrol.eval_wait.regular.requests.bypassed
kvadmission.flow_controller.elastic_requests_bypassed
kvflowcontrol.eval_wait.elastic.requests.bypassed
kvadmission.flow_controller.regular_wait_duration
kvflowcontrol.eval_wait.regular.duration
kvadmission.flow_controller.elastic_wait_duration
kvflowcontrol.eval_wait.elastic.duration
The new
ranges.decommissioning
metric shows the number of ranges with a replica on a decommissioning node. #130117New cluster settings have been added which control the refresh behavior for the cached data in the Databases page of the DB Console:
obs.tablemetadatacache.data_valid_duration
: the duration for which the data insystem.table_metadata
is considered valid before a cache reset will occur. Default: 20 minutes.obs.tablemetadatacache.automatic_updates.enabled
: whether to automatically update the cache according the validity interval. Default:false
.
New gauge metrics
security.certificate.expiration.{cert-type}
andsecurity.certificate.ttl.{cert-type}
show the expiration and TTL for a certificate. #130110To set the logging format for
stderr
, you can now set theformat
field to any valid format, rather than onlycrdb-v2-tty
. #131529The following new metrics show connection latency for each SQL authentication method:
Authentication method Metric Certificate auth_cert_conn_latency
Java Web Token (JWT) auth_jwt_conn_latency
Kerberos GSS auth_gss_conn_latency
LDAP auth_ldap_conn_latency
Password auth_password_conn_latency
SCRAM SHA-256 auth_scram_conn_latency
Verbose logging of slow Pebble reads can no longer be enabled via the shorthand flag
--vmodule=pebble_logger_and_tracer=2
, wherepebble_logger_and_tracer
contains the CockroachDB implementation of the logger needed by Pebble. Instead, you must list the Pebble files that contain the log statements. For example--vmodule=reader=2,table=2
. #127066The lowest admission control priority for the storage layer has been renamed from
ttl-low-pri
tobulk-low-pri
. #129564New clusters will now have a zone configuration defined for the
timeseries
range, which specifiesgc.ttlseconds
and inherits all other attributes from the zone config of thedefault
range. This zone config will also be added to a cluster that is upgraded to v24.3 if it does not already have a zone config defined.#128032
Command-line changes
cockroach debug tsdump
now includes all the available resolutions in the time range supplied by the user. #127186- Added the flag
--tenant-name-scope
to thecert create-client
command. This allows users to generate tenant-scoped client certificates using tenant names in addition to tenant IDs. #129216
DB Console changes
- If a range is larger than twice the max range size, it will now display in the Problem Ranges page in the DB Console. #129001
- Updated some metric charts on the Overview and Replication dashboards to omit verbose details in the legends for easier browsing. #129149
- Updated the icon for notification alerts to use the new CockroachDB logo. #130333
- The
txn.restarts.writetoooldmulti
metric was rolled into thetxn.restarts.writetooold
metric in the v24.1.0-alpha.1 release.txn.restarts.writetoooldmulti
has now been removed altogether. #131642 - The grants table in the DB Details page will now show the database level grants. For example, when clicking a database in the databases list. Previously, it showed grants per table in the database. #131250
- Added new database pages that are available from the side navigation Databases link. #131594
- The DB Console will reflect any throttling behavior from the cluster due to an expired license or missing telemetry data. Enterprise licenses are not affected. #131326
- Users can hover over the node/region cell in multi-region deployments to view a list of nodes the database or table is on. #130704
- The Databases pages in the DB console have been updated to read cached metadata about database and table storage statistics. The cache update time is now displayed in the top right-hand corner of the database and tables list pages. Users may trigger a cache refresh with the refresh icon next to the last updated time. The cache will also update automatically when users visit a Databases page and the cache is older than or equal to 20 minutes. #131463
Bug fixes
- Fixed a bug where CockroachDB could incorrectly evaluate an
IS NOT NULL
filter if it was applied to non-NULL
tuples that hadNULL
elements (like(1, NULL)
or(NULL, NULL)
). The bug was present since v20.2. #126901 - Fixed a bug related to displaying the names of composite types in the
SHOW CREATE TABLES
command. The names are now shown as two-part names, which disambiguates the output and makes it more portable to other databases. #127158 - The
CONCAT()
built-in function now accepts arguments of any data type. #127098 - Fixed a bug that prevented merged statistics from being created after injecting statistics or recreating statement bundles. This would occur when the injected statistics or statement bundle contained related full and partial statistics. #127252
- Fixed a bug where CockroachDB could encounter spurious
(error encountered after some results were delivered)
ERROR: context canceled
errors in rare cases when evaluating some queries. The bug was present since v22.2. The conditions that triggered the bug were queries that: - Updated the restore job description from
RESTORE ... FROM
toRESTORE FROM {backup} IN {collectionURI}
to reflect the newRESTORE
syntax. #127970 - Fixed a bug that could cause a
CASE
statement with multiple subqueries to produces the side effects of one of the subqueries even if that subquery shouldn't have been evaluated. #120327 - Changed the schema changer’s merge process so that it can detect contention errors and automatically retry with a smaller batch size. This makes the merge process more likely to succeed without needing to manually tune settings. #128201
SHOW CREATE ALL TYPES
now shows corresponding type comments in its output. #128084- Enforce the
statement_timeout
session setting when waiting for jobs after a schema change in an implicit transaction. #128474 - Fixed a bug where certain dropdowns in the DB Console appeared to be empty (with no options to select from) for users of the Safari browser. #128996
- Fixed a bug that would cause the
hlc_to_timestamp
function to return an incorrect timestamp for some input decimals. #129153 - Fixed a memory leak where statement insight objects could leak if the session was closed without the transaction finishing. #128400
- Fixed a bug in the public preview WAL failover feature that could prevent a node from starting if it crashed during a failover. #129331
- Fixed a bug where
'infinity'::TIMESTAMP
returned a different result than PostgreSQL. #127141 - Fixed a spurious error log from the replication queue involving the text
" needs lease, not adding"
. #129351 - Using more than one
DECLARE
statement in the definition of a user-defined function now correctly declares additional variables. #129951 - Fixed a bug in which some
SELECT FOR UPDATE
orSELECT FOR SHARE
queries usingNOWAIT
could still block on locked rows when using theoptimizer_use_lock_op_for_serializable
session setting under serializable isolation. This bug was introduced withoptimizer_use_lock_op_for_serializable
in v23.2.0. #130103 - Fixed a bug in the upgrade pre-condition for repairing descriptor corruption that could lead to finalization being stuck. #130064
- Fixed a bug that caused the optimizer to plan unnecessary post-query uniqueness checks during
INSERT
,UPSERT
, andUPDATE
statements on tables with partial, unique, hash-sharded indexes. These unnecessary checks added overhead to execution of these statements, and caused the statements to error when executed underREAD COMMITTED
isolation. #130366 - Fixed a bug that caused incorrect evaluation of
CASE
,COALESCE
, andIF
expressions with branches producing fixed-width string-like types, such asCHAR
. In addition, theBPCHAR
type no longer incorrectly imposes a length limit of1
. #129007 - Fixed a bug where zone configuration changes issued by the declarative schema changer were not blocked if a table had the
schema_locked
storage parameter set. #130670 - Fixed a bug that could prevent a
CHANGEFEED
from being able to resume after being paused for a prolonged period of time. #130622 - Fixed a bug where if a client connection was attempting a schema change while the same schema objects were being dropped, it was possible for the connection to be incorrectly dropped. #130928
- Fixed a bug introduced in v23.1 that could cause incorrect results when:
- The query contained a correlated subquery.
- The correlated subquery had a
GROUP BY
orDISTINCT
operator with an outer-column reference in its input. - The correlated subquery was in the input of a
SELECT
orJOIN
operator. - The
SELECT
orJOIN
had a filter that set the outer-column reference from (2) equal to a non-outer column in the input of the grouping operator. - The grouping column set did not include the replacement column, and functionally determined the replacement column. #130925
- Fixed a bug which could cause errors with the message
"internal error: Non-nullable column ..."
when executing statements underREAD COMMITTED
isolation that involved tables withNOT NULL
virtual columns. #130725 - Fixed a bug that could cause a very rare internal error
"lists in SetPrivate are not all the same length"
when executing queries. #130981 - Fixed a bug that could cause incorrect evaluation of scalar expressions involving
NULL
values in rare cases. #128123 SHOW CREATE ALL SCHEMAS
now shows corresponding schema comments in its output. #130164- Fixed a bug, introduced in v23.2.0, where creating a new incremental schedule (using
ALTER BACKUP SCHEDULE
) on a full backup schedule created on an older version would fail. #131231 - Fixed a bug that could cause an internal error if a table with an implicit (
rowid
) primary key was locked from within a subquery likeSELECT * FROM (SELECT * FROM foo WHERE x = 2) FOR UPDATE;
. The error could occur either underREAD COMMITTED
isolation, or with theoptimizer_use_lock_op_for_serializable
session setting enabled. #129768 - Fixed a bug where jobs created in a session with non-zero session timezone offsets could hang before starting, or report incorrect creation times when viewed in
SHOW JOBS
and the DB Console. #123632 - Fixed a bug which could result in changefeeds using CDC queries failing due to a system table being garbage collected. #131027
ALTER COLUMN TYPE
now errors out when there is a partial index that is dependent on the column being altered. #131590
Performance improvements
- Raft log sync callback handling is now parallelized, which can improve write-heavy workload performance on large, single-store nodes. #126523
- Planning time for complex queries has been reduced. #128049
- Reduced the write-amplification impact of rebalances by splitting snapshot SSTable files into smaller ones before ingesting them into Pebble. #127997
- Improved the performance of job-system related queries. #123848
- The query optimizer now plans limited, partial-index scans in more cases. #129901
- The initialization of the execution engine for a query is now more efficient when the query plan contains aggregate functions. #130834
- Enabled multi-level compactions that moderately reduce write amplification within the storage engine. #131378
- Increased the per-vCPU concurrency limits for KV operations. Specifically, increased the
kv.dist_sender.concurrency_limit
cluster setting to 384/vCPU (up from 64/vCPU) andkv.streamer.concurrency_limit
to 96/vCPU (up from 8/vCPU). #131226 - The optimizer now plans more efficient lookup joins in some cases. #131383
Build changes
- Changed the AWS SDK version used for interactions with external storage from v1 to v2. #129938