What's New in v21.2.0-rc.1

October 18, 2021

Get future release notes emailed to you:


The CockroachDB executable for Windows is experimental and not suitable for production deployments. Windows 8 or higher is required.

Docker image

$ docker pull cockroachdb/cockroach-unstable:v21.2.0-rc.1

Security updates

  • It is no longer possible to use node TLS certificates to establish a SQL connection with any username other than node. This had existed as a way for an operator to use the node certificate to perform operations on behalf of another SQL user. However, this isn't necessary: an operator with access to a node cert can log in as node directly and create new credentials for another user. By removing this facility, we tighten the guarantee that the principal in the TLS client cert always matches the SQL identity. #71188
  • Multi-tenant SQL servers now reuse the tenant client certificate (client-tenant.NN.crt) for SQL-to-SQL communication. Existing deployments must regenerate the certificates with dual purpose (client and server authentication). #71402

SQL language changes

  • SQL tenants will now spill to disk by default when processing large queries, instead of to memory. #71218

Command-line changes

  • cockroach mt start-sql will now support the following flags to configure ephemeral storage for SQL when processing large queries: --store, --temp-dir, and --max-disk-temp-storage. #71218
  • cockroach mt start-sql will now support the --max-sql-memory flag to configure maximum SQL memory capacity to store temporary data. #71276

DB Console changes

  • Non-Admin users of the DB Console have regained the ability to view the Cluster Overview page. Users without the Admin role will still see most data about their nodes, but information such as command-line arguments, environment variables, and IP addresses and DNS names of nodes will be hidden. #71383

Bug fixes

  • Fixed a bug that caused the optimizer to erroneously discard WHERE filters when executing prepared statements, causing incorrect results to be returned. This bug was present since version v21.1.9. #71118
  • In Enterprise clusters that are upgraded to this version, fixed a bug that prevents changefeeds and backups from being exercised as of a point in time prior to the upgrade. #71319
  • Fixed a bug from an earlier v21.2 beta whereby a migration to create the system.statement_statistics table was not run. #71477


This release includes 18 merged PRs by 13 authors.

YesYes NoNo