What's New in v24.3

On this page Carat arrow pointing down
Note:

The releases on this page are testing releases, not supported or intended for production environments. The new features and bug fixes noted on this page may not yet be documented across CockroachDB’s documentation.

  • CockroachDB Self-Hosted: All v24.3 testing binaries and Docker images are available for download.
  • CockroachDB Advanced: v24.3 testing releases are not yet available.
  • CockroachDB Standard and Basic: v24.3 testing releases are not available.

When v24.3 becomes Generally Available (GA), a new v24.3.0 section on this page will describe key features and additional upgrade considerations.

CockroachDB v24.3 is in active development, and the following testing releases are intended for testing and experimentation only, and are not qualified for production environments or eligible for support or uptime SLA commitments. When CockroachDB v24.3 is Generally Available (GA), production releases will also be announced on this page.

Get future release notes emailed to you:

v24.3.0-beta.3

Release Date: November 5, 2024

Downloads

Warning:

CockroachDB v24.3.0-beta.3 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.

Note:

Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-beta.3.linux-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.3.linux-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-beta.3.linux-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.3.linux-arm64.tgz
(SHA256)
Mac
(Experimental)
Intel cockroach-v24.3.0-beta.3.darwin-10.9-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.3.darwin-10.9-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-beta.3.darwin-11.0-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.3.darwin-11.0-arm64.tgz
(SHA256)
Windows
(Experimental)
Intel cockroach-v24.3.0-beta.3.windows-6.2-amd64.zip
(SHA256)
cockroach-sql-v24.3.0-beta.3.windows-6.2-amd64.zip
(SHA256)

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:

icon/buttons/copy

docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.3

Source tag

To view or download the source code for CockroachDB v24.3.0-beta.3 on Github, visit v24.3.0-beta.3 source tag.

Changelog

View a detailed changelog on GitHub: v24.3.0-beta.2...v24.3.0-beta.3

Security updates

  • Client authentication errors using LDAP now log more details to help with troubleshooting authentication and authorization issues. #133812

SQL changes

- [Physical Cluster Replication](/docs/v24.3/physical-cluster-replication-overview.html) reader catalogs now bypass AOST timestamps using the `bypass_pcr_reader_catalog_aos`t session variable, which can be used to modify cluster settings within the reader. [#133876][#133876]

Operational changes

  • Added a timer for inner changefeed sink client flushes. #133288
  • Rows replicated by Logical Data Replication in immediate mode are now considered in the decision to recompute SQL table statistics. #133591
  • The new cluster setting kvadmission.flow_controller.token_reset_epoch can be used to refill replication admission control v2 tokens. This is an advanced setting. Use it only after consultation with your account team. #133294
  • The new cluster setting goschedstats.always_use_short_sample_period.enabled, when set to true, helps to prevent unnecessary queueing due to CPU [admission control](/docs/v24.3/admission-control.htmls. #133585

DB Console changes

  • In Database pages, the Refresh tooltip now includes details about the progress of cache updates and when the job started. #133351

Bug fixes

  • Fixed a bug where changefeed sink) timers were not correctly registered with the metric system. #133288
  • Fixed a bug that could cause new connections to fail with the following error after upgrading: ERROR: invalid value for parameter "vectorize": "unknown(1)" SQLSTATE: 22023 HINT: Available values: off,on,experimental_always. To encounter this bug, the cluster must have:

    1. Run on version v21.1 at some point in the past
    2. Run SET CLUSTER SETTING sql.defaults.vectorize = 'on'; while running v21.1.
    3. Not set sql.defaults.vectorize after upgrading past v21.1 4.
    4. Subsequently upgraded to v24.2.upgraded all the way to v24.2.

    To detect this bug, run the following query:

    icon/buttons/copy
    SELECT * FROM system.settings WHERE name = 'sql.defaults.vectorize
    

    If the command returns 1 instead of on, run the following statement before upgrading.

    icon/buttons/copy
    RESET CLUSTER SETTING sql.defaults.vectorize;
    

    1 is now allowed as a value for this setting, and is equivalent to on. #133371

  • Fixed a bug in v22.2.13+, v23.1.9+, and v23.2 that could cause the internal error interface conversion: coldata.Column is in an edge case. #133762

  • Fixed a bug introduced in v20.1.0 that could cause erroneous NOT NULL constraint violation errors to be logged during UPSERT and INSERT statements with the ON CONFLICT ...DO UPDATE clause that update an existing row and a subset of columns that did not include a NOT NULL column of the table. #133820

  • Fixed a that could cache and reuse a non-reusable query plan, such as a plan for a DDL or SHOW statement, when plan_cache_mode was set to auto or force_generic_plan, which are not the default options. #133073

  • Fixed an unhandled error that could occur while running the command REVOKE ... ON SEQUENCE FROM ... {user} on an object that is not a sequence. #133710

  • Fixed a panic that could occur while running a CREATE TABLE AS statement that included a sequence with an invalid function overload. #133870

v24.3.0-beta.2

Release Date: October 28, 2024

Downloads

Warning:

CockroachDB v24.3.0-beta.2 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.

Note:

Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-beta.2.linux-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.2.linux-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-beta.2.linux-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.2.linux-arm64.tgz
(SHA256)
Mac
(Experimental)
Intel cockroach-v24.3.0-beta.2.darwin-10.9-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.2.darwin-10.9-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-beta.2.darwin-11.0-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.2.darwin-11.0-arm64.tgz
(SHA256)
Windows
(Experimental)
Intel cockroach-v24.3.0-beta.2.windows-6.2-amd64.zip
(SHA256)
cockroach-sql-v24.3.0-beta.2.windows-6.2-amd64.zip
(SHA256)

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:

icon/buttons/copy

docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.2

Source tag

To view or download the source code for CockroachDB v24.3.0-beta.2 on Github, visit v24.3.0-beta.2 source tag.

Changelog

View a detailed changelog on GitHub: v24.3.0-beta.1...v24.3.0-beta.2

SQL language changes

  • If a table is the destination of a logical data replication stream, then only schema change statements that are deemed safe are allowed on the table. Safe statements are those that do not result in a rebuild of the primary index and do not create an index on a virtual computed column. #133266

Operational changes

  • The two new metrics sql.crud_query.count and sql.crud_query.started.count measure the number of INSERT/UPDATE/DELETE/SELECT queries executed and started respectively. #133198
  • When creating a logical data replication stream, any user-defined types in the source and destination are now checked for equivalency. This allows for creating a stream that handles user-defined types without needing to use the WITH SKIP SCHEMA CHECK option as long as the stream uses mode = immediate. #133274
  • Logical data replication streams that reference tables with user-defined types can now be created with the mode = immediate option. #133295

DB Console changes

  • The SQL Statements graph on the Overview and SQL dashboard pages in DB Console now show Total Queries as a general Queries Per Second (QPS) metric. #133198
  • Due to the inaccuracy of the Range Count column on the Databases page and the cost incurred to fetch the correct range count for every database in a cluster, this data will no longer be visible. This data is still available via a SHOW RANGES query. #133267

Bug fixes

v24.3.0-beta.1

Release Date: October 24, 2024

Downloads

Warning:

CockroachDB v24.3.0-beta.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.

Note:

Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-beta.1.linux-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.1.linux-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-beta.1.linux-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.1.linux-arm64.tgz
(SHA256)
Mac
(Experimental)
Intel cockroach-v24.3.0-beta.1.darwin-10.9-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.1.darwin-10.9-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-beta.1.darwin-11.0-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-beta.1.darwin-11.0-arm64.tgz
(SHA256)
Windows
(Experimental)
Intel cockroach-v24.3.0-beta.1.windows-6.2-amd64.zip
(SHA256)
cockroach-sql-v24.3.0-beta.1.windows-6.2-amd64.zip
(SHA256)

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:

icon/buttons/copy

docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.1

Source tag

To view or download the source code for CockroachDB v24.3.0-beta.1 on Github, visit v24.3.0-beta.1 source tag.

Changelog

View a detailed changelog on GitHub: v24.3.0-alpha.2...v24.3.0-beta.1

General changes

Enterprise edition changes

  • This change ensures authorization with LDAP only works when the ldapgrouplistfilter option is present in the HBA configuration, otherwise authentication will proceed with the provided LDAP auth method options in the HBA configuration. This change is to ensure external authorization with LDAP is opt-in rather than enabled by default. #132235
  • Added a changefeed sink error metric changefeed.sink_errors, and expanded reporting of the internal retries metric changefeed.internal_retry_message_count to all sinks that perform internal retries. #132092

SQL language changes

  • Implemented DROP TRIGGER statements. The CASCADE option for dropping a trigger is not supported. #128540
  • Added support for CREATE TRIGGER. The OR REPLACE syntax is not supported. Also, triggers cannot be executed, so creation is a no-op. #128540
  • REGIONAL BY ROW and PARTITION ALL BY tables can now be inserted into under non-SERIALIZABLE isolation levels as long as there is no ON CONFLICT clause in the statement. Also, REGIONAL BY ROW and PARTITION ALL BY tables can now be updated under non-SERIALIZABLE isolation levels. #129837
  • Attempting to add foreign keys referencing a table with row-level TTL enabled will generate a notice informing the user about potential impact on the row-level TTL deletion job. Similarly, a notice is generated while attempting to enable row-level TTL on a table that has inbound foreign key references. #127935
  • It is now possible to assign to an element of a composite typed variable in PL/pgSQL. For example, given a variable foo with two integer elements x and y, the following assignment statement is allowed: foo.x := 100;. #132628
  • Backup and restore now work for tables with triggers. When the skip_missing_udfs option is applied, triggers with missing trigger functions are removed from the table. #128555
  • UPSERT and INSERT ... ON CONFLICT statements are now supported on REGIONAL BY ROW tables under READ COMMITTED isolation. #132768
  • Added support for row-level BEFORE triggers. A row-level trigger executes the trigger function for each row that is being mutated. BEFORE triggers fire before the mutation operation. #132511
  • Added support for PL/pgSQL integer FOR loops, which iterate over a range of integer values. #130211

Operational changes

  • Admission Control now has an integration for pacing snapshot ingest traffic based on disk bandwidth. kvadmission.store.snapshot_ingest_bandwidth_control.enabled is used to turn on this integration. It requires provisioned bandwidth to be set for the store (or cluster through the cluster setting) for it to take effect. #131243
  • Added validation to check whether audit logging and buffering configurations are both present in the file log sink. Audit logging and buffering configuration should not both exist in the file log sink. #132742
  • Updated the file log sink validation message. This would give clear indication to the user about the expected valid configuration. #132899

DB Console changes

Bug fixes

  • Addressed a rare bug that could prevent backups taken during a DROP COLUMN operation with a sequence owner from restoring with the error: rewriting descriptor ids: missing rewrite for <id> in SequenceOwner.... #132202
  • Fixed a bug existing since before v23.1 that could lead to incorrect results in rare cases. The bug requires a join between two tables with an equality between columns with equivalent, but not identical types (e.g., OID and REGCLASS). In addition, the join must lookup into an index that includes a computed column that references one of the equivalent columns. #126345
  • Fixed a bug existing since before v23.1 that could lead to incorrect results in rare cases. The bug requires a lookup join into a table with a computed index column, where the computed column expression is composite sensitive. A composite sensitive expression can compare differently if supplied non-identical but equivalent input values (e.g., 2.0::DECIMAL versus 2.00::DECIMAL). #126345
  • Fixed a bug that caused quotes around the name of a routine to be dropped when it was called within another routine. This could prevent the correct routine from being resolved if the nested routine name was case-sensitive. The bug has existed since v24.1 when nested routines were introduced. #131643
  • Fixed a bug where the SQL shell would print out the previous error message when executing the quit command. #130736
  • Fixed a bug where a span statistics request on a mixed-version cluster resulted in a null pointer exception. #132349
  • Fixed an issue where changefeeds would fail to update protected timestamp records in the face of retryable errors. #132712
  • The franz-go library has been updated to fix a potential deadlock on changefeed restarts. #132761
  • Fixed a bug that in rare cases could cause incorrect evaluation of scalar expressions involving NULL values. #132261
  • Fixed a bug in the query optimizer that in rare cases could cause CockroachDB nodes to crash. The bug could occur when a query contains a filter in the form col IN (elem0, elem1, ..., elemN) only when N is very large, (e.g., 1.6+ million), and when col exists in a hash-sharded index, or exists a table with an indexed, computed column dependent on col. #132701
  • The proretset column of the pg_catalog.pg_proc table is now properly set to true for set-returning built-in functions. #132853
  • Fixed an error that could be caused by using an AS OF SYSTEM TIME expression that references a user-defined (or unknown) type name. These kinds of expressions are invalid, but previously the error was not handled properly. Now, a correct error message is returned. #132348

Build changes

v24.3.0-alpha.2

Release Date: October 14, 2024

Downloads

Warning:

CockroachDB v24.3.0-alpha.2 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.

Note:

Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-alpha.2.linux-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-alpha.2.linux-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-alpha.2.linux-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-alpha.2.linux-arm64.tgz
(SHA256)
Mac
(Experimental)
Intel cockroach-v24.3.0-alpha.2.darwin-10.9-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-alpha.2.darwin-10.9-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-alpha.2.darwin-11.0-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-alpha.2.darwin-11.0-arm64.tgz
(SHA256)
Windows
(Experimental)
Intel cockroach-v24.3.0-alpha.2.windows-6.2-amd64.zip
(SHA256)
cockroach-sql-v24.3.0-alpha.2.windows-6.2-amd64.zip
(SHA256)

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:

icon/buttons/copy

docker pull cockroachdb/cockroach-unstable:v24.3.0-alpha.2

Source tag

To view or download the source code for CockroachDB v24.3.0-alpha.2 on Github, visit v24.3.0-alpha.2 source tag.

Changelog

View a detailed changelog on GitHub: v24.3.0-alpha.1...v24.3.0-alpha.2

Security updates

  • The parameters for an HBA config entry for LDAP are now validated when the entry is created or amended, in addition to the validation that happens during an authentication attempt. #132086

  • Added automatic cleanup and validation for default privileges that reference dropped roles after a major-version upgrade to v24.3. #131782

General changes

  • Changed the license cockroach is distributed under to the new CockroachDB Software License (CSL). #131799 #131794 #131793

Enterprise edition changes

SQL language changes

  • To view comments on a type, you can use the new SHOW TYPES WITH COMMENT command. Comments can be added using COMMENT ON. #131183
  • You can create or alter a user-defined function (UDF) or stored procedure (SP) with [EXTERNAL] SECURITY DEFINER instead of the default [EXTERNAL] SECURITY INVOKER. With SECURITY DEFINER, the privileges of the owner are checked when the UDF or SP is executed, rather than the privileges of the executor. The EXTERNAL keyword is optional and exists for SQL language conformity. #129720

Operational changes

  • The following new metrics show details about replication flow control send queue when the cluster setting kvadmission.flow_control.enabled is set to true and the cluster setting kvadmission.flow_control.mode is set to apply_to_all.

    • kvflowcontrol.tokens.send.regular.deducted.prevent_send_queue
    • kvflowcontrol.tokens.send.elastic.deducted.prevent_send_queue
    • kvflowcontrol.tokens.send.elastic.deducted.force_flush_send_queue
    • kvflowcontrol.range_controller.count
    • kvflowcontrol.send_queue.bytes
    • kvflowcontrol.send_queue.count
    • kvflowcontrol.send_queue.prevent.count
    • kvflowcontrol.send_queue.scheduled.deducted_bytes
    • kvflowcontrol.send_queue.scheduled.force_flush

    #131857

  • The following metrics have been renamed:

    Previous name New name-
    kvflowcontrol.tokens.eval.regular.disconnected kvflowcontrol.tokens.eval.regular.returned.disconnect
    kvflowcontrol.tokens.eval.elastic.disconnected kvflowcontrol.tokens.eval.elastic.returned.disconnect
    kvflowcontrol.tokens.send.regular.disconnected kvflowcontrol.tokens.send.regular.returned.disconnect
    kvflowcontrol.tokens.send.elastic.disconnected kvflowcontrol.tokens.send.elastic.returned.disconnect

    #131857

Cluster virtualization changes

  • The _status/ranges/ endpoint on DB Console Advanced debug pages is now enabled for non-system virtual clusters, where it returns the ranges only for the tenant you are logged into. For the system virtual cluster, the _status/ranges/ endpoint continues to return ranges for the specified node across all virtual clusters. #131100

DB Console changes

  • Improved performance in the Databases, Tables View, and Table Details sections of the Databases page #131769

Bug fixes

  • Fixed a bug where JSON values returned by cockroach commands using the --format=sql flag were not correctly escaped if they contained double quotes within a string. #131881
  • Fixed an error that could happen if an aggregate function was used as the value in a SET command. #131891
  • Fixed a rare bug introduced in v22.2 in which an update of a primary key column could fail to update the primary index if it is also the only column in a separate column family. #131869
  • Fixed a rare bug where dropping a column of FLOAT4, FLOAT8, DECIMAL, JSON, ARRAY, or collate STRING type stored in a single column family could prevent subsequent reading of the table if the column family was not the first column family. #131967
  • Fixed an unimplemented internal error that could occur when ordering by a VECTOR column. #131703

Performance improvements

  • Efficiency has been improved when writing string-like values over the PostgreSQL wire protocol. #131964
  • Error handling during periodic table history polling has been improved when the schema_locked table parameter is not used. #131951

v24.3.0-alpha.1

Release Date: October 9, 2024

Downloads

Warning:

CockroachDB v24.3.0-alpha.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.

Note:

Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-alpha.1.linux-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-alpha.1.linux-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-alpha.1.linux-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-alpha.1.linux-arm64.tgz
(SHA256)
Mac
(Experimental)
Intel cockroach-v24.3.0-alpha.1.darwin-10.9-amd64.tgz
(SHA256)
cockroach-sql-v24.3.0-alpha.1.darwin-10.9-amd64.tgz
(SHA256)
ARM cockroach-v24.3.0-alpha.1.darwin-11.0-arm64.tgz
(SHA256)
cockroach-sql-v24.3.0-alpha.1.darwin-11.0-arm64.tgz
(SHA256)
Windows
(Experimental)
Intel cockroach-v24.3.0-alpha.1.windows-6.2-amd64.zip
(SHA256)
cockroach-sql-v24.3.0-alpha.1.windows-6.2-amd64.zip
(SHA256)

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:

icon/buttons/copy

docker pull cockroachdb/cockroach-unstable:v24.3.0-alpha.1

Source tag

To view or download the source code for CockroachDB v24.3.0-alpha.1 on Github, visit v24.3.0-alpha.1 source tag.

Security updates

  • URLs in the CREATE CHANGEFEED and CREATE SCHEDULE FOR CHANGEFEED SQL statements are now sanitized of any secrets before being written to unredacted logs. #126970
  • The LDAP cluster settings server.ldap_authentication.client.tls_certificate and server.ldap_authentication.client.tls_key did not have callbacks installed to reload the settings value for LDAP authManager. This change fixes this by adding the necessary callbacks. #131151
  • Cluster settings for host-based authentication configuration (server.host_based_authentication.configuration) and identity map configuration (server.identity_map.configuration) need to be redacted as they can be configured to contain LDAP bind usernames, passwords, and mapping of external identities to SQL users that are sensitive. These cluster settings can be configured for redaction via the server.redact_sensitive_settings.enabled cluster setting. #131150
  • Added support for configuring authorization using LDAP. During login, the list of groups that a user belongs to are fetched from the LDAP server. These groups are mapped to SQL roles by extracting the common name (CN) from the group. After authenticating the user, the login flow grants these roles to the user, and revokes any other roles that are not returned by the LDAP server. The groups given by the LDAP server are treated as the sole source of truth for role memberships, so any roles that were manually granted to the user will not remain in place. #131043
  • Previously, the host-based authentication (HBA) configuration cluster setting server.host_based_authentication.configuration was unable to handle double quotes in authentication method option values. For example, for the following entry:

    host all all all ldap ldapserver=ldap.example.com ldapport=636 ldapbasedn="ou=users,dc=example,dc=com" ldapbinddn="cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid ldapsearchfilter="(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)"
    

    The HBA parser would fail after incorrectly determining ldapbinddn="cn=readonly,dc=example,dc=com" as 2 separate options (ldapbinddn=and cn=readonly,dc=example,dc=com). Now, the 2 tokens are set as key and value respectively for the same HBA configuration option. #131480

General changes

Enterprise edition changes

  • Added a CompressionLevel field to the changefeed kafka_sink_config option. Changefeeds will use this compression level when emitting events to a Kafka sink. The possible values depend on a compression codec. The CompressionLevel field optimizes for faster or stronger level of compression. #125456
  • The updated version of the CockroachDB changefeed Kafka sink implementation now supports specifying compression levels. #127827
  • Introduced the cluster setting server.jwt_authentication.client.timeout to capture the HTTP client timeout for external calls made during JWT authentication. #127145
  • The JWT authentication cluster settings have been made public. #128170
  • Updated certain error messages to refer to the stable docs tree rather than an explicit version. #128842
  • Disambiguated metrics and logs for the two buffers used by the KV feed. The affected metrics now have a suffix indicating which buffer they correspond to: changefeed.buffer_entries.*, changefeed.buffer_entries_mem.*, changefeed.buffer_pushback_nanos.*. The previous versions are still supported for backward compatibility, though using the new format is recommended. #128813
  • Added support for authorization to a CockroachDB cluster via LDAP, retrieving AD groups membership information for LDAP user. The new HBA configuration cluster setting option ldapgrouplistfilter performs filtered search query on LDAP for matching groups. An example HBA configuration entry to support LDAP authZ configuration:

    icon/buttons/copy
    # TYPE    DATABASE      USER           ADDRESS             METHOD             OPTIONS
    # Allow all users to connect to using LDAP authentication with search and bind    host    all           all            all                 ldap               ldapserver=ldap.example.com ldapport=636 "ldapbasedn=ou=users,dc=example,dc=com" "ldapbinddn=cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid "ldapsearchfilter=(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)" "ldapgrouplistfilter=(objectClass=groupOfNames)"
    # Fallback to password authentication for the root user
    host    all           root           0.0.0.0/0          password
    

    For example, to use for an Azure AD server:

    icon/buttons/copy
    SET cluster setting server.host_based_authentication.configuration = 'host    all           all            all                 ldap ldapserver=azure.dev ldapport=636 "ldapbasedn=OU=AADDC Users,DC=azure,DC=dev" "ldapbinddn=CN=Some User,OU=AADDC Users,DC=azure,DC=dev" ldapbindpasswd=my_pwd ldapsearchattribute=sAMAccountName "ldapsearchfilter=(memberOf=CN=azure-dev-domain-sync-users,OU=AADDC Users,DC=crlcloud,DC=dev)" "ldapgrouplistfilter=(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=crlcloud,DC=dev)"
    host    all           root           0.0.0.0/0          password';
    

    Post configuration, the CockroachDB cluster should be able to authorize users via LDAP server if:

    1. Users LDAP authentication attempt is successful, and it has the user's DN for the LDAP server.
    2. ldapgrouplistfilter is properly configured, and it successfully syncs groups of the user. #128498
  • Added changefeed support for the mvcc_timestamp option when the changefeed is emitting in avro format. If both options are specified, the Avro schema includes an mvcc_timestamp metadata field and emits the row's MVCC timestamp with the row data. #129840

  • Updated the cluster setting changefeed.sink_io_workers with all the sinks that support the setting. #129946

  • Added a LDAP authentication method to complement password-based login for the DB Console if HBA configuration has an entry for LDAP for the user attempting login, along with other matching criteria (like the requests originating IP address) for authentication to the DB Console. #130418

  • Added timers around key parts of the changefeed pipeline to help debug feeds experiencing issues. The changefeed.stage.<stage>.latency metrics now emit latency histograms for each stage. The metric respects the changefeed scope label for debugging specific feeds. #128794

  • For enterprise changefeeds, events changefeed_failed and create_changefeed now include a JobId field. #131396

  • The new metric seconds_until_license_expiry allows you to monitor the status of a cluster's Enterprise license. #129052.

  • Added the changefeed.total_ranges metric, which monitors the number of ranges that are watched by changefeed aggregators. It shares the same polling interval as changefeed.lagging_ranges, which is controlled by the existing lagging_ranges_polling_interval option. #130897

SQL language changes

  • Added a session setting, optimizer_use_merged_partial_statistics which defaults to false. When set to true, it enables usage of existing partial statistics merged with full statistics when optimizing a query. #126948
  • The enable_create_stats_using_extremes session setting is now true by default. Partial statistics at extremes can be collected using the CREATE STATISTICS <stat_name> ON <column_name> FROM <table_name> USING EXTREMES syntax. #127850
  • Added SHOW SCHEMAS WITH COMMENT and SHOW SCHEMAS FROM database_name WITH COMMENT functionality similar to SHOW TABLES and SHOW DATABASES. #127816
  • The deadlock_timeout session variable is now supported. The configuration can be used to specify the time to wait on a lock before pushing the lock holder for deadlock detection. It can be set at session granularity. #128506
  • Partial statistics at extremes can now be collected on all valid columns of a table using the CREATE STATISTICS <stat_name> FROM <table_name> USING EXTREMES syntax, without an ON <col_name> clause. Valid columns are all single column prefixes of a forward index excluding partial, sharded, and implicitly partitioned indexes. #127836
  • Partial statistics can now be automatically collected at the extremes of indexes when a certain fraction and minimum number of rows are stale (by default 5% and 100 respectively). These can be configured with new table storage parameters and cluster settings, and the feature is disabled by default. The new cluster settings and table parameters are:
    • sql.stats.automatic_partial_collection.enabled/sql_stats_automatic_partial_collection_enabled, defaults to false.
    • sql.stats.automatic_partial_collection.min_stale_rows/sql_stats_automatic_partial_collection_min_stale_rows, defaults to 100.
    • sql.stats.automatic_partial_collection.fraction_stale_rows/sql_stats_automatic_partial_collection_fraction_stale_rows, Defaults to 0.05. #93067
  • The session variable enforce_home_region_follower_reads_enabled is now deprecated, and will be removed in a future release. The related session variable enforce_home_region is not deprecated. #129024
  • Added a new cluster setting to control whether most common values are collected as part of histogram collection for use by the optimizer. The setting is called sql.stats.histogram_buckets.include_most_common_values.enabled. When enabled, the histogram collection logic will ensure that the most common sampled values are represented as histogram bucket upper bounds. Since histograms in CockroachDB track the number of elements equal to the upper bound in addition to the number of elements less, this allows the optimizer to identify the most common values in the histogram and better estimate the rows processed by a query plan. To set the number of most common values to include in a histogram, a second setting sql.stats.histogram_buckets.max_fraction_most_common_values was added. Currently, the default is 0.1, or 10% of the number of buckets. With a 200 bucket histogram, by default, at most 20 buckets may be adjusted to include a most common value as the upper bound. #129378
  • Added a new column to crdb_internal.table_spans to indicate whether a table is dropped. Rows for dropped tables will be removed once they are garbage collected. #128788
  • Added the cluster setting sql.txn.repeatable_read_isolation.enabled, which defaults tofalse. When set to true, the following statements will configure transactions to run under REPEATABLE READ isolation, rather than being automatically interpreted as SERIALIZABLE:

    • BEGIN TRANSACTION ISOLATION LEVEL REPEATABLE READ
    • SET TRANSACTION ISOLATION LEVEL REPEATABLE READ
    • SET default_transaction_isolation = 'repeatable read'
    • SET SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL REPEATABLE READ

    This setting was added since REPEATABLE READ transactions is a preview feature, so usage of it is opt-in for v24.3. In a future CockroachDB major version, this setting will change to default to true. #130089

  • Previously, SHOW CHANGEFEED JOBS showed the changefeed jobs for the last 14 days by default. Now, it uses the same age filter for SHOW JOBS, which shows jobs from the last 12 hours by default. #127584

  • Set the default for session variable large_full_scan_rows to 0. This means that by default, disallow_full_table_scans will disallow all full table scans, even full scans on very small tables. If large_full_scan_rows is set > 0, disallow_full_table_scans will allow full scans estimated to read fewer than large_full_scan_rows. #131040

  • It is now possible to create PL/pgSQL trigger functions, which can be executed by a trigger in response to table mutation events. Note that this patch does not add support for triggers, only trigger functions. #126734

  • Cluster settings enterprise.license and diagnostics.reporting.enabled now have additional validation. #131097

  • The SHOW SESSIONS command was changed to include an authentication_method column in the result. This column will show the method used to authenticate the session, for example, password, cert, LDAP, etc. #131625

Operational changes

  • Events DiskSlownessDetected and DiskSlownessCleared are now logged when disk slowness is detected and cleared on a store. #127025
  • Several cluster settings allow you to configure rate-limiting traffic to cloud storage over various protocols. These settings begin with cloudstorage. #127207
  • The new cluster setting kv.range.range_size_hard_cap allows you to limit how large a range can grow before backpressure is applied. This can help to mitigate against a situation where a range cannot be split, such as when a range is comprised of a single key due to an issue with the schema or workload pattern or a bug in client application code. The default is 8 GiB, which is 16 times the default max range size. If you have changed the max range size, you may need to adjust this cluster setting or reduce the range size. #129450
  • The following kvflowcontrol metrics have been renamed. After a cluster is finalized on v24.3, old and new metrics will be populated. The previous metrics under kvasdmission.flow_controller will be removed.

    Old metric names New metric names
    kvadmission.flow_controller.regular_tokens_available kvflowcontrol.tokens.eval.regular.available
    kvadmission.flow_controller.elastic_tokens_available kvflowcontrol.tokens.eval.elastic.available
    kvadmission.flow_controller.regular_tokens_deducted kvflowcontrol.tokens.eval.regular.deducted
    kvadmission.flow_controller.elastic_tokens_deducted kvflowcontrol.tokens.eval.elastic.deducted
    kvadmission.flow_controller.regular_tokens_returned kvflowcontrol.tokens.eval.regular.returned
    kvadmission.flow_controller.elastic_tokens_returned kvflowcontrol.tokens.eval.elastic.returned
    kvadmission.flow_controller.regular_tokens_unaccounted kvflowcontrol.tokens.eval.regular.unaccounted
    kvadmission.flow_controller.elastic_tokens_unaccounted kvflowcontrol.tokens.eval.elastic.unaccounted
    kvadmission.flow_controller.regular_stream_count kvflowcontrol.streams.eval.regular.total_count
    kvadmission.flow_controller.elastic_stream_count kvflowcontrol.streams.eval.elastic.total_count
    kvadmission.flow_controller.regular_requests_waiting kvflowcontrol.eval_wait.regular.requests.waiting
    kvadmission.flow_controller.elastic_requests_waiting kvflowcontrol.eval_wait.elastic.requests.waiting
    kvadmission.flow_controller.regular_requests_admitted kvflowcontrol.eval_wait.regular.requests.admitted
    kvadmission.flow_controller.elastic_requests_admitted kvflowcontrol.eval_wait.elastic.requests.admitted
    kvadmission.flow_controller.regular_requests_errored kvflowcontrol.eval_wait.regular.requests.errored
    kvadmission.flow_controller.elastic_requests_errored kvflowcontrol.eval_wait.elastic.requests.errored
    kvadmission.flow_controller.regular_requests_bypassed kvflowcontrol.eval_wait.regular.requests.bypassed
    kvadmission.flow_controller.elastic_requests_bypassed kvflowcontrol.eval_wait.elastic.requests.bypassed
    kvadmission.flow_controller.regular_wait_duration kvflowcontrol.eval_wait.regular.duration
    kvadmission.flow_controller.elastic_wait_duration kvflowcontrol.eval_wait.elastic.duration

    #130167

  • The new ranges.decommissioning metric shows the number of ranges with a replica on a decommissioning node. #130117

  • New cluster settings have been added which control the refresh behavior for the cached data in the Databases page of the DB Console:

    • obs.tablemetadatacache.data_valid_duration: the duration for which the data in system.table_metadata is considered valid before a cache reset will occur. Default: 20 minutes.
    • obs.tablemetadatacache.automatic_updates.enabled: whether to automatically update the cache according the validity interval. Default: false.

    #130198

  • New gauge metrics security.certificate.expiration.{cert-type} and security.certificate.ttl.{cert-type} show the expiration and TTL for a certificate. #130110

  • To set the logging format for stderr, you can now set the format field to any valid format, rather than only crdb-v2-tty. #131529

  • The following new metrics show connection latency for each SQL authentication method:

    Authentication method Metric
    Certificate auth_cert_conn_latency
    Java Web Token (JWT) auth_jwt_conn_latency
    Kerberos GSS auth_gss_conn_latency
    LDAP auth_ldap_conn_latency
    Password auth_password_conn_latency
    SCRAM SHA-256 auth_scram_conn_latency

    #131578

  • Verbose logging of slow Pebble reads can no longer be enabled via the shorthand flag --vmodule=pebble_logger_and_tracer=2, where pebble_logger_and_tracer contains the CockroachDB implementation of the logger needed by Pebble. Instead, you must list the Pebble files that contain the log statements. For example --vmodule=reader=2,table=2. #127066

  • The lowest admission control priority for the storage layer has been renamed from ttl-low-pri to bulk-low-pri. #129564

  • New clusters will now have a zone configuration defined for the timeseries range, which specifies gc.ttlseconds and inherits all other attributes from the zone config of the default range. This zone config will also be added to a cluster that is upgraded to v24.3 if it does not already have a zone config defined.#128032

Command-line changes

DB Console changes

  • If a range is larger than twice the max range size, it will now display in the Problem Ranges page in the DB Console. #129001
  • Updated some metric charts on the Overview and Replication dashboards to omit verbose details in the legends for easier browsing. #129149
  • Updated the icon for notification alerts to use the new CockroachDB logo. #130333
  • The txn.restarts.writetoooldmulti metric was rolled into the txn.restarts.writetooold metric in the v24.1.0-alpha.1 release. txn.restarts.writetoooldmulti has now been removed altogether. #131642
  • The grants table in the DB Details page will now show the database level grants. For example, when clicking a database in the databases list. Previously, it showed grants per table in the database. #131250
  • Added new database pages that are available from the side navigation Databases link. #131594
  • The DB Console will reflect any throttling behavior from the cluster due to an expired license or missing telemetry data. Enterprise licenses are not affected. #131326
  • Users can hover over the node/region cell in multi-region deployments to view a list of nodes the database or table is on. #130704
  • The Databases pages in the DB console have been updated to read cached metadata about database and table storage statistics. The cache update time is now displayed in the top right-hand corner of the database and tables list pages. Users may trigger a cache refresh with the refresh icon next to the last updated time. The cache will also update automatically when users visit a Databases page and the cache is older than or equal to 20 minutes. #131463

Bug fixes

  • Fixed a bug where CockroachDB could incorrectly evaluate an IS NOT NULL filter if it was applied to non-NULL tuples that had NULL elements (like (1, NULL) or (NULL, NULL)). The bug was present since v20.2. #126901
  • Fixed a bug related to displaying the names of composite types in the SHOW CREATE TABLES command. The names are now shown as two-part names, which disambiguates the output and makes it more portable to other databases. #127158
  • The CONCAT() built-in function now accepts arguments of any data type. #127098
  • Fixed a bug that prevented merged statistics from being created after injecting statistics or recreating statement bundles. This would occur when the injected statistics or statement bundle contained related full and partial statistics. #127252
  • Fixed a bug where CockroachDB could encounter spurious (error encountered after some results were delivered) ERROR: context canceled errors in rare cases when evaluating some queries. The bug was present since v22.2. The conditions that triggered the bug were queries that:
    • Had to be executed locally.
    • Had a LIMIT.
    • Have at least two UNION clauses.
    • Have some lookup or index joins in the UNION branches. #127076
  • Updated the restore job description from RESTORE ... FROM to RESTORE FROM {backup} IN {collectionURI} to reflect the new RESTORE syntax. #127970
  • Fixed a bug that could cause a CASE statement with multiple subqueries to produces the side effects of one of the subqueries even if that subquery shouldn't have been evaluated. #120327
  • Changed the schema changer’s merge process so that it can detect contention errors and automatically retry with a smaller batch size. This makes the merge process more likely to succeed without needing to manually tune settings. #128201
  • SHOW CREATE ALL TYPES now shows corresponding type comments in its output. #128084
  • Enforce the statement_timeout session setting when waiting for jobs after a schema change in an implicit transaction. #128474
  • Fixed a bug where certain dropdowns in the DB Console appeared to be empty (with no options to select from) for users of the Safari browser. #128996
  • Fixed a bug that would cause the hlc_to_timestamp function to return an incorrect timestamp for some input decimals. #129153
  • Fixed a memory leak where statement insight objects could leak if the session was closed without the transaction finishing. #128400
  • Fixed a bug in the public preview WAL failover feature that could prevent a node from starting if it crashed during a failover. #129331
  • Fixed a bug where 'infinity'::TIMESTAMP returned a different result than PostgreSQL. #127141
  • Fixed a spurious error log from the replication queue involving the text " needs lease, not adding". #129351
  • Using more than one DECLARE statement in the definition of a user-defined function now correctly declares additional variables. #129951
  • Fixed a bug in which some SELECT FOR UPDATE or SELECT FOR SHARE queries using NOWAIT could still block on locked rows when using the optimizer_use_lock_op_for_serializable session setting under serializable isolation. This bug was introduced with optimizer_use_lock_op_for_serializable in v23.2.0. #130103
  • Fixed a bug in the upgrade pre-condition for repairing descriptor corruption that could lead to finalization being stuck. #130064
  • Fixed a bug that caused the optimizer to plan unnecessary post-query uniqueness checks during INSERT, UPSERT, and UPDATE statements on tables with partial, unique, hash-sharded indexes. These unnecessary checks added overhead to execution of these statements, and caused the statements to error when executed under READ COMMITTED isolation. #130366
  • Fixed a bug that caused incorrect evaluation of CASE, COALESCE, and IF expressions with branches producing fixed-width string-like types, such as CHAR. In addition, the BPCHAR type no longer incorrectly imposes a length limit of 1. #129007
  • Fixed a bug where zone configuration changes issued by the declarative schema changer were not blocked if a table had the schema_locked storage parameter set. #130670
  • Fixed a bug that could prevent a CHANGEFEED from being able to resume after being paused for a prolonged period of time. #130622
  • Fixed a bug where if a client connection was attempting a schema change while the same schema objects were being dropped, it was possible for the connection to be incorrectly dropped. #130928
  • Fixed a bug introduced in v23.1 that could cause incorrect results when:
    1. The query contained a correlated subquery.
    2. The correlated subquery had a GROUP BY or DISTINCT operator with an outer-column reference in its input.
    3. The correlated subquery was in the input of a SELECT or JOIN operator.
    4. The SELECT or JOIN had a filter that set the outer-column reference from (2) equal to a non-outer column in the input of the grouping operator.
    5. The grouping column set did not include the replacement column, and functionally determined the replacement column. #130925
  • Fixed a bug which could cause errors with the message "internal error: Non-nullable column ..." when executing statements under READ COMMITTED isolation that involved tables with NOT NULL virtual columns. #130725
  • Fixed a bug that could cause a very rare internal error "lists in SetPrivate are not all the same length" when executing queries. #130981
  • Fixed a bug that could cause incorrect evaluation of scalar expressions involving NULL values in rare cases. #128123
  • SHOW CREATE ALL SCHEMAS now shows corresponding schema comments in its output. #130164
  • Fixed a bug, introduced in v23.2.0, where creating a new incremental schedule (using ALTER BACKUP SCHEDULE) on a full backup schedule created on an older version would fail. #131231
  • Fixed a bug that could cause an internal error if a table with an implicit (rowid) primary key was locked from within a subquery like SELECT * FROM (SELECT * FROM foo WHERE x = 2) FOR UPDATE;. The error could occur either under READ COMMITTED isolation, or with the optimizer_use_lock_op_for_serializable session setting enabled. #129768
  • Fixed a bug where jobs created in a session with non-zero session timezone offsets could hang before starting, or report incorrect creation times when viewed in SHOW JOBS and the DB Console. #123632
  • Fixed a bug which could result in changefeeds using CDC queries failing due to a system table being garbage collected. #131027
  • ALTER COLUMN TYPE now errors out when there is a partial index that is dependent on the column being altered. #131590

Performance improvements

Build changes

  • Changed the AWS SDK version used for interactions with external storage from v1 to v2. #129938

Yes No
On this page

Yes No