CockroachDB v24.3 is a required Regular Release.
Refer to Major release types before installing or upgrading for release timing and support details. To learn what’s new in this release, refer to its Feature Highlights.
On this page, you can read about changes and find downloads for all production and testing releases of CockroachDB v24.3
For key feature enhancements in v24.3 and other upgrade considerations, refer to the notes for v24.3.0.
For details about release types, naming, and licensing, refer to the Releases page.
Be sure to also review the Release Support Policy.
After downloading a supported CockroachDB binary, learn how to install CockroachDB or upgrade your cluster.
Get future release notes emailed to you:
v24.3.0
Release Date: November 18, 2024
With the release of CockroachDB v24.3, we've added new capabilities to help you migrate, build, and operate more efficiently. Refer to our summary of the most significant user-facing changes under Feature Highlights.
Downloads
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach:v24.3.0
Source tag
To view or download the source code for CockroachDB v24.3.0 on Github, visit v24.3.0 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-rc.1...v24.3.0
Feature highlights
This section summarizes the most significant user-facing changes in v24.3.0 and other features recently made available to CockroachDB users across versions. For a complete list of features and changes in v24.3, including bug fixes and performance improvements, refer to the release notes for previous v24.3 testing releases. You can also search the docs for sections labeled New in v24.3.
Feature categories
Additional information
CockroachDB Licensing
Feature | Availability | ||||
---|---|---|---|---|---|
Ver. | Self-hosted | Advanced | Standard | Basic | |
Licensing changes All versions of CockroachDB starting from the release date of 24.3.0 onward, including patch fixes for versions 23.1-24.2, are made available under the CockroachDB Software License. See below for a summary of license options for self-hosted deployments. All Cloud deployments automatically have a valid Enterprise license.
See the Licensing FAQs page for more details on the CockroachDB Software License and license options. You may acquire CockroachDB licenses through the CockroachDB Cloud console. |
24.3 |
CockroachDB Cloud
Feature | Availability | ||||
---|---|---|---|---|---|
Ver. | Self-hosted | Advanced | Standard | Basic | |
Free trial on CockroachDB Cloud New CockroachDB Cloud organizations can benefit from a 30-day free trial that enables you to consume up to $400 worth of free credits. Get started by signing up for CockroachDB Cloud |
All ★ |
Change Data Capture
Feature | Availability | ||||
---|---|---|---|---|---|
Ver. | Self-hosted | Advanced | Standard | Basic | |
IAM authentication support for Amazon MSK Serverless Changefeeds support IAM Authentication with Amazon MSK Serverless clusters (Amazon Managed Streaming for Apache Kafka). This feature is generally available. |
24.3 |
Disaster Recovery
Feature | Availability | ||||
---|---|---|---|---|---|
Ver. | Self-hosted | Advanced | Standard | Basic | |
SELECT now supported on PCR standby clusters
Physical cluster replication (PCR) has been enhanced to support |
24.3 | ||||
Logical Data Replication in Preview Logical data replication (LDR) continuously replicates tables between an active source CockroachDB cluster to an active destination CockroachDB cluster. Both source and destination can receive application reads and writes, and participate in bidirectional LDR replication for eventual consistency in the replicating tables. The active-active setup between clusters can provide protection against cluster, datacenter, or region failure while still achieving single-region low latency reads and writes in the individual CockroachDB clusters. Each cluster in an LDR job still benefits individually from multi-active availability with CockroachDB's built-in Raft replication providing data consistency across nodes, zones, and regions. This feature is in Preview. |
24.3 |
SQL
Feature | Availability | ||||
---|---|---|---|---|---|
Ver. | Self-hosted | Advanced | Standard | Basic | |
User-defined functions and stored procedures support SECURITY DEFINER
You can create or alter a user-defined function (UDF) or stored procedure with |
24.3 | ||||
CockroachDB now supports triggers in Preview CockroachDB now supports triggers. Triggers allow automatic execution of specified functions in response to specified events on a particular table or view. They can be used for automating tasks, enforcing business rules, and maintaining data integrity. This feature is in Preview. |
24.3 |
Security
Feature | Availability | ||||
---|---|---|---|---|---|
Ver. | Self-hosted | Advanced | Standard | Basic | |
LDAP support in Preview
CockroachDB supports authentication and authorization using LDAP-compatible directory services, such as Active Directory and Microsoft Entra ID. This allows you to integrate CockroachDB clusters with your organization's existing identity infrastructure for centralized user management and access control. This feature is available in Preview. |
24.3 |
Observability
Feature | Availability | ||||
---|---|---|---|---|---|
Ver. | Self-hosted | Advanced | Standard | Basic | |
Improved usability for the DB Console Metrics page Introduced several enhancements to the DB Console Metrics page to support large scale clusters, including the following:
|
24.3 | ||||
Improved peformance and scalability for the DB Console Databases pages CockroachDB now caches the data that is surfaced in the Databases page. This enhances the performance and scalability of the Databases page for large-scale clusters. |
24.3 | ||||
Improved admission control observability The DB Console Overload page now provides additional metrics to help identify overload in the system. Graphs and metrics on this page provide quick signals on which resource is exhausted and whether it is due to background activity or foreground. There are now 4 graphs for admission queue delay:
|
24.3 |
Feature detail key | |
---|---|
★ | Features marked "All★" were recently made available in the CockroachDB Cloud platform. They are available for all supported versions of CockroachDB, under the deployment methods specified in their row under Availability. |
★★ | Features marked "All★★" were recently made available via tools maintained outside of the CockroachDB binary. They are available to use with all supported versions of CockroachDB, under the deployment methods specified in their row under Availability. |
Feature is available for this deployment method of CockroachDB as specified in the icon’s column: CockroachDB Self-hosted, CockroachDB Advanced, CockroachDB Standard, or CockroachDB Basic. | |
Feature is not available for this deployment method of CockroachDB as specified in the icon’s column: CockroachDB Self-hosted, CockroachDB Advanced, CockroachDB Standard, or CockroachDB Basic. |
Backward-incompatible changes
Before upgrading to CockroachDB v24.3, be sure to review the following backward-incompatible changes, as well as key cluster setting changes, and adjust your deployment as necessary.
If you plan to upgrade to v24.3 directly from v24.1 and skip v24.2, be sure to also review the v24.2 release notes for backward-incompatible changes from v24.1.
- Upgrading to v24.3 is blocked if no license is installed, or if a trial/free license is installed with telemetry disabled. #130576
Features that Require Upgrade Finalization
During a major-version upgrade, certain features and performance improvements may not be available until the upgrade is finalized.
- A cluster must have an Enterprise license or a trial license set before an upgrade to v24.3 can be finalized.
- New clusters that are initialized for the first time on v24.3, and clusters that are upgraded to v24.3 will now have a zone config defined for the
timeseries
range if it does not already exist, which specifies the value forgc.ttlseconds
, but inherits all other attributes from the zone config for thedefault
range.
Key Cluster Setting Changes
Changes to cluster settings should be reviewed prior to upgrading. New default cluster setting values will be used unless you have manually set a value for a setting. This can be confirmed by running the SQL statement SELECT * FROM system.settings
to view the non-default settings.
- Settings added
- Settings with changed defaults
- Settings with changed visibility
- Additional setting changes
Settings added
goschedstats.always_use_short_sample_period.enabled
: when set totrue
, helps to prevent unnecessary queueing due to CPU admission control by forcing1ms
sampling of runnable queue lengths. The default value isfalse
. #133585kv.range.range_size_hard_cap
: allows you to limit how large a range can grow before backpressure is applied. This can help to mitigate against a situation where a range cannot be split, such as when a range is comprised of a single key due to an issue with the schema or workload pattern, or a bug in client application code. The default is8 GiB
, 16 times the default maximum range size. If you have changed the maximum range size, you may need to adjust this cluster setting or reduce the range size. #129450kvadmission.flow_controller.token_reset_epoch
: can be used to refill replication admission control v2 tokens. This setting is marked asreserved
, as it is not supported for tuning, by default. Use it only after consultation with your account team. #133294kvadmission.store.snapshot_ingest_bandwidth_control.enabled
: enables a new Admission Control integration for pacing snapshot ingest traffic based on disk bandwidth. It requires provisioned bandwidth to be set for the store, or the cluster through the settingkvadmission.store.provisioned_bandwidth
, for it to take effect. #131243Settings have been added which control the refresh behavior for the cached data in the Databases page of the DB Console:
obs.tablemetadatacache.data_valid_duration
: the duration for which the data insystem.table_metadata
is considered valid before a cache reset will occur. Default: 20 minutes.obs.tablemetadatacache.automatic_updates.enabled
: whether to automatically update the cache according the validity interval. Default:false
.
server.jwt_authentication.client.timeout
: the HTTP client timeout for external calls made during JWT authentication. #127145Partial statistics can now be automatically collected at the extremes of indexes when a certain fraction and minimum number of rows are stale (by default 5% and 100%, respectively). These can be configured with new table storage parameters and cluster settings:
sql.stats.automatic_partial_collection.enabled
(table parametersql_stats_automatic_partial_collection_enabled
) - both default tofalse
.sql.stats.automatic_partial_collection.min_stale_rows
(table parametersql_stats_automatic_partial_collection_min_stale_rows
) - both default to100
.sql.stats.automatic_partial_collection.fraction_stale_rows
(table parametersql_stats_automatic_partial_collection_fraction_stale_rows
) - both default to0.05
.
sql.stats.histogram_buckets.include_most_common_values.enabled
: controls whether common values are included in histogram collection for use by the optimizer. When enabled, histogram buckets will represent the most common sampled values as upper bounds. #129378sql.stats.histogram_buckets.max_fraction_most_common_values
: controls the fraction of buckets that can be adjusted to include common values. Defaults to0.1
. #129378sql.txn.repeatable_read_isolation.enabled
: defaults tofalse
. When set totrue
, the following statements configure transactions to run underREPEATABLE READ
isolation, rather than being automatically interpreted asSERIALIZABLE
:BEGIN TRANSACTION ISOLATION LEVEL REPEATABLE READ
SET TRANSACTION ISOLATION LEVEL REPEATABLE READ
SET default_transaction_isolation = 'repeatable read'
SET SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL REPEATABLE READ
Settings with changed defaults
The default for
sql.defaults.large_full_scan_rows
is now0
. If a user is using session var values inherited from these settings, whensql.defaults.disallow_full_table_scans.enabled
is set totrue
: all full table scans are now disallowed by default, even full scans on very small tables, but ifsql.defaults.large_full_scan_rows
is set to a number greater than0
, full scans are allowed if they are estimated to read fewer than that number of rows.- Note: All
sql.defaults
settings are maintained for backward compatibility. We recommend usingALTER ROLE
, instead, to set the corresponding session vars for users (in this case,large_full_scan_rows
anddisallow_full_table_scans
). For more information, see the note on the Cluster Settings table.
- Note: All
Increased the per-vCPU concurrency limits for KV operations:
- The default for
kv.dist_sender.concurrency_limit
(reserved) has changed from64
per vCPU to384
per vCPU. (In v24.3, it is possible to estimate the current concurrency level using the new metricdistsender.batches.async.in_progress
.) - The default for
kv.streamer.concurrency_limit
(reserved) has changed from8
per vCPU to96
per vCPU. - These are
reserved
settings, not intended for tuning by customers. - When running
SHOW CLUSTER SETTING
, the displayed setting values will depend on the node's number of vCPUs. - Contact Support if the number of
distsender.batches.async.throttled
requests is persistently greater than zero.
- The default for
The default for
server.oidc_authentication.client.timeout
, which sets the client timeout for external calls made during OIDC authentication, has changed from30s
to15s
.
Settings with changed visibility
The following settings are now marked public
after previously being reserved
. Reserved settings are not documented and their tuning by customers is not supported.
Cluster settings for configuring rate limiting for traffic to cloud storage are now public.
- These settings have the prefix
cloudstorage
followed by:- a provider or protocol (
azure
,gs
,s3
,http
,nodelocal
,userfile
, ornullsink
) read
orwrite
node_burst_limit
ornode_rate_limit
- a provider or protocol (
- For example,
cloudstorage.s3.write.node_burst_limit
. #127207
- These settings have the prefix
JWT authentication have been made
public
. #128170server.jwt_authentication.audience
server.jwt_authentication.claim
server.jwt_authentication.enabled
server.jwt_authentication.issuers.custom_ca
server.jwt_authentication.jwks
server.jwt_authentication.jwks_auto_fetch.enabled
Settings with the prefix
server.ldap_authentication
have been madepublic
with the Preview release of LDAP support:server.ldap_authentication.client.tls_certificate
server.ldap_authentication.client.tls_key
server.ldap_authentication.domain.custom_ca
Additional cluster setting changes
The setting
server.host_based_authentication.configuration
now supports LDAP configuration, and its value is now redacted for non-admin users when theserver.redact_sensitive_settings.enabled
is set totrue
. #131150The settings
enterprise.license
anddiagnostics.reporting.enabled
now have additional validation. To disable diagnostics reporting, the cluster must also have a license that is not an Enterprise Trial or Enterprise Free license. Additionally, to set one of these licenses, the cluster must already be submitting diagnostics information. #131097 #132257sql.defaults.vectorize
now supports the value1
(in addition to0
and2
) to indicateon
, to address a bug that could cause new connections to fail after an upgrade with a message referencing aninvalid value for parameter "vectorize": "unknown(1)"
. #133371The description of the setting
changefeed.sink_io_workers
has been updated to reflect all of the sinks that support the setting: the batching versions of webhook, pubsub, and kafka sinks that are enabled bychangefeed.new_<sink type>_sink_enabled
. #129946
Deprecations
The following deprecations are announced in v24.3. If you plan to upgrade to v24.3 directly from v24.1 and skip v24.2, be sure to also review the v24.2 release notes for deprecations.
- The session variable
enforce_home_region_follower_reads_enabled
is now deprecated, and will be removed in a future release. The related session variableenforce_home_region
is not deprecated. #129024
Known limitations
For information about new and unresolved limitations in CockroachDB v24.3, with suggested workarounds where applicable, refer to Known Limitations.
Additional resources
Resource | Topic | Description |
---|---|---|
Cockroach University | Introduction to Distributed SQL and CockroachDB | This course introduces the core concepts behind distributed SQL databases and describes how CockroachDB fits into this landscape. You will learn what differentiates CockroachDB from both legacy SQL and NoSQL databases and how CockroachDB ensures consistent transactions without sacrificing scale and resiliency. You'll learn about CockroachDB's seamless horizontal scalability, distributed transactions with strict ACID guarantees, and high availability and resilience. |
Cockroach University | Practical First Steps with CockroachDB | This course will give you the tools you need to get started with CockroachDB. During the course, you will learn how to spin up a cluster, use the Admin UI to monitor cluster activity, and use SQL shell to solve a set of hands-on exercises. |
Cockroach University | Enterprise Application Development with CockroachDB | This course is the first in a series designed to equip you with best practices for mastering application-level (client-side) transaction management in CockroachDB. We'll dive deep on common differences between CockroachDB and legacy SQL databases and help you sidestep challenges you might encounter when migrating to CockroachDB from Oracle, PostgreSQL, and MySQL. |
Cockroach University | Building a Highly Resilient Multi-region Database using CockroachDB | This course is part of a series introducing solutions to running low-latency, highly resilient applications for data-intensive workloads on CockroachDB. In this course we focus on surviving large-scale infrastructure failures like losing an entire cloud region without losing data during recovery. We'll show you how to use CockroachDB survival goals in a multi-region cluster to implement a highly resilient database that survives node or network failures across multiple regions with zero data loss. |
Docs | Migration Overview | This page summarizes the steps of migrating a database to CockroachDB, which include testing and updating your schema to work with CockroachDB, moving your data into CockroachDB, and testing and updating your application. |
Docs | Architecture Overview | This page provides a starting point for understanding the architecture and design choices that enable CockroachDB's scalability and consistency capabilities. |
Docs | SQL Feature Support | The page summarizes the standard SQL features CockroachDB supports as well as common extensions to the standard. |
Docs | Change Data Capture Overview | This page summarizes CockroachDB's data streaming capabilities. Change data capture (CDC) provides efficient, distributed, row-level changefeeds into a configurable sink for downstream processing such as reporting, caching, or full-text indexing. |
Docs | Backup Architecture | This page describes the backup job workflow with a high-level overview, diagrams, and more details on each phase of the job. |
v24.3.0-rc.1
Release Date: November 18, 2024
Downloads
CockroachDB v24.3.0-rc.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-rc.1.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-rc.1.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-rc.1.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-rc.1.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-rc.1.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-rc.1.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-rc.1.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-rc.1.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-rc.1.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-rc.1.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-rc.1
Source tag
To view or download the source code for CockroachDB v24.3.0-rc.1 on Github, visit v24.3.0-rc.1 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-beta.3...v24.3.0-rc.1
Security updates
- All cluster settings that accept strings are now fully redacted when transmitted as part of CockroachDB's diagnostics telemetry. This payload includes a record of modified cluster settings and their values when they are not strings. Customers who previously applied the mitigations in Technical Advisory 133479 can safely set the value of cluster setting
server.redact_sensitive_settings.enabled
to false and turn on diagnostic reporting via thediagnostics.reporting.enabled
cluster setting without leaking sensitive cluster settings values. #134018
SQL language changes
- Row-level
AFTER
triggers can now be executed in response to mutations on a table. Row-levelAFTER
triggers fire after checks and cascades have completed for the query. #133320 - Cascades can now execute row-level
BEFORE
triggers. By default, attempting to modify or eliminate the cascadingUPDATE
orDELETE
operation results in aTriggered Data Change Violation
error. To bypass this error, you can set theunsafe_allow_triggers_modifying_cascades
query option totrue
. This could result in constraint violations. #134444 - String constants can now be compared with collated strings. #134086
Operational changes
- The
kvadmission.low_pri_read_elastic_control.enabled
cluster setting has been removed, because all bulk requests are now subject to elastic admission control admission by default. #134486 - The following metrics have been added for Logic Data Replication (LDR):
logical_replication.catchup_ranges
: the number of source side ranges conducting catchup scans.logical_replication.scanning_ranges
: the number source side ranges conducting initial scans.- In the DB Console, these metrics may not be accurate if multiple LDR jobs are running. The metrics are accurate when exported from the Prometheus endpoint. #134674
- The backup and restore syntax update of
cockroach workload
which was introduced in #134610 #has been reverted. #134645
DB Console changes
- After finalizing an upgrade to v24.3, an updated version of the Databases page will be available. #134244
- Users with the
CONNECT
privilege can now access the Databases page. #134542
Bug fixes
- Fixed a bug where an LDAP connection would be closed by the server and would not be retried by CockroachDB. #134277
- Fixed a bug that prevented LDAP authorization from successfully assigning CockroachDB roles to users when the source group name contained periods or hyphens. #134944
- Fixed a bug introduced in v22.2 that could cause significantly increased query latency while executing queries with index or lookup joins when the ordering needs to be maintained #134367
- Fixed a bug where
UPSERT
statements on regional by row tables under non-serializable isolations would not display show uniqueness constraints inEXPLAIN
output. Even when not displayed, the constraints were enforced. #134267 - Fixed a bug where uniqueness constraints constraints enforced with tombstone writes were not shown in the output of
EXPLAIN (OPT)
. #134482 - Fixed a bug where
DISCARD ALL
statements were erroneously counted under thesql.ddl.count
metric instead of thesql.misc.count
metric. #134510 - Fixed a bug that could cause a backup or restore operation on AWS to fail with a KMS error due to a missing
default
shared config. #134536 - Fixed a bug that could prevent a user from running schema change operations on a restored table that was previously apart of a Logic Data Replication (LDR) stream. #134675
Performance improvements
The optimizer now generates more efficient query plans involving inverted indexes for queries with a conjunctive filter on the same JSON or ARRAY column. For example:
SELECT * FROM t WHERE j->'a' = '10' AND j->'b' = '20'
Build changes
- Upgraded to Go 1.22.8 #134427
v24.3.0-beta.3
Release Date: November 5, 2024
Downloads
CockroachDB v24.3.0-beta.3 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-beta.3.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.3.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.3.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.3.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-beta.3.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.3.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.3.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.3.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-beta.3.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-beta.3.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.3
Source tag
To view or download the source code for CockroachDB v24.3.0-beta.3 on Github, visit v24.3.0-beta.3 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-beta.2...v24.3.0-beta.3
Security updates
- Client authentication errors using LDAP now log more details to help with troubleshooting authentication and authorization issues. #133812
SQL changes
- Physical Cluster Replication reader catalogs now bypass AOST timestamps using the
bypass_pcr_reader_catalog_aost
session variable, which can be used to modify cluster settings within the reader. #133876
Operational changes
- Added a timer for inner changefeed sink client flushes. #133288
- Rows replicated by Logical Data Replication in
immediate
mode are now considered in the decision to recompute SQL table statistics. #133591 - The new cluster setting
kvadmission.flow_controller.token_reset_epoch
can be used to refill replication admission control v2 tokens. This is an advanced setting. Use it only after consultation with your account team. #133294 - The new cluster setting
goschedstats.always_use_short_sample_period.enabled
, when set totrue
, helps to prevent unnecessary queueing due to CPU [admission control](/docs/v24.3/admission-control.htmls. #133585
DB Console changes
- In Database pages, the Refresh tooltip now includes details about the progress of cache updates and when the job started. #133351
Bug fixes
- Fixed a bug where changefeed sink) timers were not correctly registered with the metric system. #133288
Fixed a bug that could cause new connections to fail with the following error after upgrading:
ERROR: invalid value for parameter "vectorize": "unknown(1)" SQLSTATE: 22023 HINT: Available values: off,on,experimental_always
. To encounter this bug, the cluster must have:- Run on version v21.1 at some point in the past
- Run
SET CLUSTER SETTING sql.defaults.vectorize = 'on';
while running v21.1. - Not set
sql.defaults.vectorize
after upgrading past v21.1 4. - Subsequently upgraded to v24.2.upgraded all the way to v24.2.
To detect this bug, run the following query:
SELECT * FROM system.settings WHERE name = 'sql.defaults.vectorize
If the command returns
1
instead ofon
, run the following statement before upgrading.RESET CLUSTER SETTING sql.defaults.vectorize;
1
is now allowed as a value for this setting, and is equivalent toon
. #133371Fixed a bug in v22.2.13+, v23.1.9+, and v23.2 that could cause the internal error
interface conversion: coldata.Column is
in an edge case. #133762Fixed a bug introduced in v20.1.0 that could cause erroneous
NOT NULL
constraint violation errors to be logged duringUPSERT
andINSERT
statements with theON CONFLICT ...DO UPDATE
clause that update an existing row and a subset of columns that did not include aNOT NULL
column of the table. #133820Fixed a that could cache and reuse a non-reusable query plan, such as a plan for a DDL or
SHOW
statement, whenplan_cache_mode
was set toauto
orforce_generic_plan
, which are not the default options. #133073Fixed an unhandled error that could occur while running the command
REVOKE ... ON SEQUENCE FROM ... {user}
on an object that is not a sequence. #133710Fixed a panic that could occur while running a
CREATE TABLE AS
statement that included a sequence with an invalid function overload. #133870
v24.3.0-beta.2
Release Date: October 28, 2024
Downloads
CockroachDB v24.3.0-beta.2 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-beta.2.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.2.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.2.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.2.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-beta.2.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.2.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.2.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.2.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-beta.2.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-beta.2.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.2
Source tag
To view or download the source code for CockroachDB v24.3.0-beta.2 on Github, visit v24.3.0-beta.2 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-beta.1...v24.3.0-beta.2
SQL language changes
- If a table is the destination of a logical data replication stream, then only schema change statements that are deemed safe are allowed on the table. Safe statements are those that do not result in a rebuild of the primary index and do not create an index on a virtual computed column. #133266
Operational changes
- The two new metrics
sql.crud_query.count
andsql.crud_query.started.count
measure the number ofINSERT
/UPDATE
/DELETE
/SELECT
queries executed and started respectively. #133198 - When creating a logical data replication stream, any user-defined types in the source and destination are now checked for equivalency. This allows for creating a stream that handles user-defined types without needing to use the
WITH SKIP SCHEMA CHECK
option as long as the stream usesmode = immediate
. #133274 - Logical data replication streams that reference tables with user-defined types can now be created with the
mode = immediate
option. #133295
DB Console changes
- The SQL Statements graph on the Overview and SQL dashboard pages in DB Console has been renamed SQL Queries Per Second and now shows Total Queries as a general Queries Per Second (QPS) metric. #133198
- Due to the inaccuracy of the Range Count column on the Databases page and the cost incurred to fetch the correct range count for every database in a cluster, this data will no longer be visible. This data is still available via a
SHOW RANGES
query. #133267
Bug fixes
- Users with the
admin
role can now runALTER DEFAULT PRIVILEGES FOR target_role ...
on anytarget_role
. Previously, this could result in a privilege error, which is incorrect asadmin
s are allowed to perform any operation. #133072 REASSIGN OWNED BY current_owner_role ...
will now transfer ownership of thepublic
schema. Previously, it would always skip over thepublic
schema even if it was owned by thecurrent_owner_role
. #133072
v24.3.0-beta.1
Release Date: October 24, 2024
Downloads
CockroachDB v24.3.0-beta.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-beta.1.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.1.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.1.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.1.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-beta.1.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.1.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-beta.1.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-beta.1.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-beta.1.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-beta.1.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.1
Source tag
To view or download the source code for CockroachDB v24.3.0-beta.1 on Github, visit v24.3.0-beta.1 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-alpha.2...v24.3.0-beta.1
General changes
- The cluster setting
diagnostics.reporting.enabled
is now ignored if the cluster has a Enterprise Trial or Enterprise Free license, or if the reporting job is unable to load any license at all. #132257
Enterprise edition changes
- This change ensures authorization with LDAP only works when the
ldapgrouplistfilter
option is present in the HBA configuration, otherwise authentication will proceed with the provided LDAP auth method options in the HBA configuration. This change is to ensure external authorization with LDAP is opt-in rather than enabled by default. #132235 - Added a changefeed sink error metric
changefeed.sink_errors
, and expanded reporting of the internal retries metricchangefeed.internal_retry_message_count
to all sinks that perform internal retries. #132092
SQL language changes
- Implemented
DROP TRIGGER
statements. TheCASCADE
option for dropping a trigger is not supported. #128540 - Added support for
CREATE TRIGGER
. TheOR REPLACE
syntax is not supported. Also, triggers cannot be executed, so creation is a no-op. #128540 REGIONAL BY ROW
andPARTITION ALL BY
tables can now be inserted into under non-SERIALIZABLE
isolation levels as long as there is noON CONFLICT
clause in the statement. Also,REGIONAL BY ROW
andPARTITION ALL BY
tables can now be updated under non-SERIALIZABLE
isolation levels. #129837- Attempting to add foreign keys referencing a table with row-level TTL enabled will generate a notice informing the user about potential impact on the row-level TTL deletion job. Similarly, a notice is generated while attempting to enable row-level TTL on a table that has inbound foreign key references. #127935
- It is now possible to assign to an element of a composite typed variable in PL/pgSQL. For example, given a variable
foo
with two integer elementsx
andy
, the following assignment statement is allowed:foo.x := 100;
. #132628 - Backup and restore now work for tables with triggers. When the
skip_missing_udfs
option is applied, triggers with missing trigger functions are removed from the table. #128555 UPSERT and INSERT ... ON CONFLICT
statements are now supported onREGIONAL BY ROW
tables underREAD COMMITTED
isolation. #132768- Added support for row-level
BEFORE
triggers. A row-level trigger executes the trigger function for each row that is being mutated.BEFORE
triggers fire before the mutation operation. #132511 - Added support for PL/pgSQL integer
FOR
loops, which iterate over a range of integer values. #130211
Operational changes
- Admission Control now has an integration for pacing snapshot ingest traffic based on disk bandwidth.
kvadmission.store.snapshot_ingest_bandwidth_control.enabled
is used to turn on this integration. It requires provisioned bandwidth to be set for the store (or cluster through the cluster setting) for it to take effect. #131243 - Added validation to check whether audit logging and buffering configurations are both present in the file log sink. Audit logging and buffering configuration should not both exist in the file log sink. #132742
- Updated the file log sink validation message. This would give clear indication to the user about the expected valid configuration. #132899
DB Console changes
- The value of the automatic statistics collection cluster setting
sql.stats.automatic_collection.enabled
is now in the top right corner of the Databases overview page. #132269 - In the new Databases and Tables pages, when cached data is being refreshed, the refresh button will be disabled and its tooltip text will display,
Data is currently refreshing
. #132462
Bug fixes
- Addressed a rare bug that could prevent backups taken during a
DROP COLUMN
operation with a sequence owner from restoring with the error:rewriting descriptor ids: missing rewrite for <id> in SequenceOwner...
. #132202 - Fixed a bug existing since before v23.1 that could lead to incorrect results in rare cases. The bug requires a join between two tables with an equality between columns with equivalent, but not identical types (e.g.,
OID
andREGCLASS
). In addition, the join must lookup into an index that includes a computed column that references one of the equivalent columns. #126345 - Fixed a bug existing since before v23.1 that could lead to incorrect results in rare cases. The bug requires a lookup join into a table with a computed index column, where the computed column expression is composite sensitive. A composite sensitive expression can compare differently if supplied non-identical but equivalent input values (e.g.,
2.0::DECIMAL
versus2.00::DECIMAL
). #126345 - Fixed a bug that caused quotes around the name of a routine to be dropped when it was called within another routine. This could prevent the correct routine from being resolved if the nested routine name was case-sensitive. The bug has existed since v24.1 when nested routines were introduced. #131643
- Fixed a bug where the SQL shell would print out the previous error message when executing the
quit
command. #130736 - Fixed a bug where a span statistics request on a mixed-version cluster resulted in a null pointer exception. #132349
- Fixed an issue where changefeeds would fail to update protected timestamp records in the face of retryable errors. #132712
- The
franz-go
library has been updated to fix a potential deadlock on changefeed restarts. #132761 - Fixed a bug that in rare cases could cause incorrect evaluation of scalar expressions involving
NULL
values. #132261 - Fixed a bug in the query optimizer that in rare cases could cause CockroachDB nodes to crash. The bug could occur when a query contains a filter in the form
col IN (elem0, elem1, ..., elemN)
only whenN
is very large, (e.g., 1.6+ million), and whencol
exists in a hash-sharded index, or exists a table with an indexed, computed column dependent oncol
. #132701 - The
proretset
column of thepg_catalog.pg_proc
table is now properly set totrue
for set-returning built-in functions. #132853 - Fixed an error that could be caused by using an
AS OF SYSTEM TIME
expression that references a user-defined (or unknown) type name. These kinds of expressions are invalid, but previously the error was not handled properly. Now, a correct error message is returned. #132348
Build changes
- Upgraded to Go v1.23.2. #132111
v24.3.0-alpha.2
Release Date: October 14, 2024
Downloads
CockroachDB v24.3.0-alpha.2 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-alpha.2.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.2.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-alpha.2.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.2.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-alpha.2.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.2.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-alpha.2.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.2.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-alpha.2.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-alpha.2.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-alpha.2
Source tag
To view or download the source code for CockroachDB v24.3.0-alpha.2 on Github, visit v24.3.0-alpha.2 source tag.
Changelog
View a detailed changelog on GitHub: v24.3.0-alpha.1...v24.3.0-alpha.2
Security updates
The parameters for an HBA config entry for LDAP are now validated when the entry is created or amended, in addition to the validation that happens during an authentication attempt. #132086
Added automatic cleanup and validation for default privileges that reference dropped roles after a major-version upgrade to v24.3. #131782
General changes
- Changed the license
cockroach
is distributed under to the new CockroachDB Software License (CSL). #131799 #131794 #131793
Enterprise edition changes
- You can now authenticate to the DB console API by supplying a Java Web Token (JWT) as a Bearer token in the Authorization header. #130779
SQL language changes
- To view comments on a type, you can use the new
SHOW TYPES WITH COMMENT
command. Comments can be added usingCOMMENT ON
. #131183 - You can create or alter a user-defined function (UDF) or stored procedure (SP) with
[EXTERNAL] SECURITY DEFINER
instead of the default[EXTERNAL] SECURITY INVOKER
. WithSECURITY DEFINER
, the privileges of the owner are checked when the UDF or SP is executed, rather than the privileges of the executor. TheEXTERNAL
keyword is optional and exists for SQL language conformity. #129720
Operational changes
The following new metrics show details about replication flow control send queue when the cluster setting
kvadmission.flow_control.enabled
is set totrue
and the cluster settingkvadmission.flow_control.mode
is set toapply_to_all
.kvflowcontrol.tokens.send.regular.deducted.prevent_send_queue
kvflowcontrol.tokens.send.elastic.deducted.prevent_send_queue
kvflowcontrol.tokens.send.elastic.deducted.force_flush_send_queue
kvflowcontrol.range_controller.count
kvflowcontrol.send_queue.bytes
kvflowcontrol.send_queue.count
kvflowcontrol.send_queue.prevent.count
kvflowcontrol.send_queue.scheduled.deducted_bytes
kvflowcontrol.send_queue.scheduled.force_flush
The following metrics have been renamed:
Previous name New name- kvflowcontrol.tokens.eval.regular.disconnected
kvflowcontrol.tokens.eval.regular.returned.disconnect
kvflowcontrol.tokens.eval.elastic.disconnected
kvflowcontrol.tokens.eval.elastic.returned.disconnect
kvflowcontrol.tokens.send.regular.disconnected
kvflowcontrol.tokens.send.regular.returned.disconnect
kvflowcontrol.tokens.send.elastic.disconnected
kvflowcontrol.tokens.send.elastic.returned.disconnect
Cluster virtualization changes
- The
_status/ranges/
endpoint on DB Console Advanced debug pages is now enabled for non-system virtual clusters, where it returns the ranges only for the tenant you are logged into. For the system virtual cluster, the_status/ranges/
endpoint continues to return ranges for the specified node across all virtual clusters. #131100
DB Console changes
- Improved performance in the Databases, Tables View, and Table Details sections of the Databases page #131769
Bug fixes
- Fixed a bug where JSON values returned by
cockroach
commands using the--format=sql
flag were not correctly escaped if they contained double quotes within a string. #131881 - Fixed an error that could happen if an aggregate function was used as the value in a
SET
command. #131891 - Fixed a rare bug introduced in v22.2 in which an update of a primary key column could fail to update the primary index if it is also the only column in a separate column family. #131869
- Fixed a rare bug where dropping a column of
FLOAT4
,FLOAT8
,DECIMAL
,JSON
,ARRAY
, or collateSTRING
type stored in a single column family could prevent subsequent reading of the table if the column family was not the first column family. #131967 - Fixed an
unimplemented
internal error that could occur when ordering by aVECTOR
column. #131703
Performance improvements
- Efficiency has been improved when writing string-like values over the PostgreSQL wire protocol. #131964
- Error handling during periodic table history polling has been improved when the
schema_locked
table parameter is not used. #131951
v24.3.0-alpha.1
Release Date: October 9, 2024
Downloads
CockroachDB v24.3.0-alpha.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.
Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.
Operating System | Architecture | Full executable | SQL-only executable |
---|---|---|---|
Linux | Intel | cockroach-v24.3.0-alpha.1.linux-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.1.linux-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-alpha.1.linux-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.1.linux-arm64.tgz (SHA256) |
|
Mac (Experimental) |
Intel | cockroach-v24.3.0-alpha.1.darwin-10.9-amd64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.1.darwin-10.9-amd64.tgz (SHA256) |
ARM | cockroach-v24.3.0-alpha.1.darwin-11.0-arm64.tgz (SHA256) |
cockroach-sql-v24.3.0-alpha.1.darwin-11.0-arm64.tgz (SHA256) |
|
Windows (Experimental) |
Intel | cockroach-v24.3.0-alpha.1.windows-6.2-amd64.zip (SHA256) |
cockroach-sql-v24.3.0-alpha.1.windows-6.2-amd64.zip (SHA256) |
Docker image
Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.
Within the multi-platform image, both Intel and ARM images are generally available for production use.
To download the Docker image:
docker pull cockroachdb/cockroach-unstable:v24.3.0-alpha.1
Source tag
To view or download the source code for CockroachDB v24.3.0-alpha.1 on Github, visit v24.3.0-alpha.1 source tag.
Security updates
- URLs in the
CREATE CHANGEFEED
andCREATE SCHEDULE FOR CHANGEFEED
SQL statements are now sanitized of any secrets before being written to unredacted logs. #126970 - The LDAP cluster settings
server.ldap_authentication.client.tls_certificate
andserver.ldap_authentication.client.tls_key
did not have callbacks installed to reload the settings value for LDAP authManager. This change fixes this by adding the necessary callbacks. #131151 - Cluster settings for host-based authentication configuration (
server.host_based_authentication.configuration
) and identity map configuration (server.identity_map.configuration
) need to be redacted as they can be configured to contain LDAP bind usernames, passwords, and mapping of external identities to SQL users that are sensitive. These cluster settings can be configured for redaction via theserver.redact_sensitive_settings.enabled
cluster setting. #131150 - Added support for configuring authorization using LDAP. During login, the list of groups that a user belongs to are fetched from the LDAP server. These groups are mapped to SQL roles by extracting the common name (CN) from the group. After authenticating the user, the login flow grants these roles to the user, and revokes any other roles that are not returned by the LDAP server. The groups given by the LDAP server are treated as the sole source of truth for role memberships, so any roles that were manually granted to the user will not remain in place. #131043
Previously, the host-based authentication (HBA) configuration cluster setting
server.host_based_authentication.configuration
was unable to handle double quotes in authentication method option values. For example, for the following entry:host all all all ldap ldapserver=ldap.example.com ldapport=636 ldapbasedn="ou=users,dc=example,dc=com" ldapbinddn="cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid ldapsearchfilter="(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)"
The HBA parser would fail after incorrectly determining
ldapbinddn="cn=readonly,dc=example,dc=com"
as 2 separate options (ldapbinddn=and cn=readonly,dc=example,dc=com
). Now, the 2 tokens are set as key and value respectively for the same HBA configuration option. #131480
General changes
- CockroachDB will now avoid logging unnecessary stack traces while executing scheduled jobs. #129846
- Upgrading to 24.3 is blocked if no license is installed, or if a trial/free license is installed with telemetry disabled. #130576
- Attempting to install a second Enterprise trial license on the same cluster will now fail. #131422
- Changed the license
cockroach
is distributed under to the new CockroachDB Software License (CSL). #131690 #131686 #131688 #131687 #131717 #131689 #131693 #131691 #131777 #131778 #131661
Enterprise edition changes
- Added a
CompressionLevel
field to the changefeedkafka_sink_config
option. Changefeeds will use this compression level when emitting events to a Kafka sink. The possible values depend on a compression codec. TheCompressionLevel
field optimizes for faster or stronger level of compression. #125456 - The updated version of the CockroachDB changefeed Kafka sink implementation now supports specifying compression levels. #127827
- Introduced the cluster setting
server.jwt_authentication.client.timeout
to capture the HTTP client timeout for external calls made during JWT authentication. #127145 - The JWT authentication cluster settings have been made
public
. #128170 - Updated certain error messages to refer to the
stable
docs tree rather than an explicit version. #128842 - Disambiguated metrics and logs for the two buffers used by the KV feed. The affected metrics now have a suffix indicating which buffer they correspond to:
changefeed.buffer_entries.*
,changefeed.buffer_entries_mem.*
,changefeed.buffer_pushback_nanos.*
. The previous versions are still supported for backward compatibility, though using the new format is recommended. #128813 Added support for authorization to a CockroachDB cluster via LDAP, retrieving AD groups membership information for LDAP user. The new HBA configuration cluster setting option
ldapgrouplistfilter
performs filtered search query on LDAP for matching groups. An example HBA configuration entry to support LDAP authZ configuration:# TYPE DATABASE USER ADDRESS METHOD OPTIONS # Allow all users to connect to using LDAP authentication with search and bind host all all all ldap ldapserver=ldap.example.com ldapport=636 "ldapbasedn=ou=users,dc=example,dc=com" "ldapbinddn=cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid "ldapsearchfilter=(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)" "ldapgrouplistfilter=(objectClass=groupOfNames)" # Fallback to password authentication for the root user host all root 0.0.0.0/0 password
For example, to use for an Azure AD server:
SET cluster setting server.host_based_authentication.configuration = 'host all all all ldap ldapserver=azure.dev ldapport=636 "ldapbasedn=OU=AADDC Users,DC=azure,DC=dev" "ldapbinddn=CN=Some User,OU=AADDC Users,DC=azure,DC=dev" ldapbindpasswd=my_pwd ldapsearchattribute=sAMAccountName "ldapsearchfilter=(memberOf=CN=azure-dev-domain-sync-users,OU=AADDC Users,DC=crlcloud,DC=dev)" "ldapgrouplistfilter=(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=crlcloud,DC=dev)" host all root 0.0.0.0/0 password';
Post configuration, the CockroachDB cluster should be able to authorize users via LDAP server if:
- Users LDAP authentication attempt is successful, and it has the user's DN for the LDAP server.
ldapgrouplistfilter
is properly configured, and it successfully syncs groups of the user. #128498
Added changefeed support for the
mvcc_timestamp
option when the changefeed is emitting inavro
format. If both options are specified, the Avro schema includes anmvcc_timestamp
metadata field and emits the row's MVCC timestamp with the row data. #129840Updated the cluster setting
changefeed.sink_io_workers
with all the sinks that support the setting. #129946Added a LDAP authentication method to complement password-based login for the DB Console if HBA configuration has an entry for LDAP for the user attempting login, along with other matching criteria (like the requests originating IP address) for authentication to the DB Console. #130418
Added timers around key parts of the changefeed pipeline to help debug feeds experiencing issues. The
changefeed.stage.<stage>.latency
metrics now emit latency histograms for each stage. The metric respects the changefeedscope
label for debugging specific feeds. #128794For enterprise changefeeds, events
changefeed_failed
andcreate_changefeed
now include aJobId
field. #131396The new metric
seconds_until_license_expiry
allows you to monitor the status of a cluster's Enterprise license. #129052.Added the
changefeed.total_ranges
metric, which monitors the number of ranges that are watched by changefeed aggregators. It shares the same polling interval aschangefeed.lagging_ranges
, which is controlled by the existinglagging_ranges_polling_interval
option. #130897
SQL language changes
- Added a session setting,
optimizer_use_merged_partial_statistics
which defaults tofalse
. When set totrue
, it enables usage of existing partial statistics merged with full statistics when optimizing a query. #126948 - The
enable_create_stats_using_extremes
session setting is nowtrue
by default. Partial statistics at extremes can be collected using theCREATE STATISTICS <stat_name> ON <column_name> FROM <table_name> USING EXTREMES
syntax. #127850 - Added
SHOW SCHEMAS WITH COMMENT
andSHOW SCHEMAS FROM database_name WITH COMMENT
functionality similar toSHOW TABLES
andSHOW DATABASES
. #127816 - The
deadlock_timeout
session variable is now supported. The configuration can be used to specify the time to wait on a lock before pushing the lock holder for deadlock detection. It can be set at session granularity. #128506 - Partial statistics at extremes can now be collected on all valid columns of a table using the
CREATE STATISTICS <stat_name>
FROM <table_name> USING EXTREMES
syntax, without anON <col_name>
clause. Valid columns are all single column prefixes of a forward index excluding partial, sharded, and implicitly partitioned indexes. #127836 - Partial statistics can now be automatically collected at the extremes of indexes when a certain fraction and minimum number of rows are stale (by default 5% and 100 respectively). These can be configured with new table storage parameters and cluster settings, and the feature is disabled by default. The new cluster settings and table parameters are:
sql.stats.automatic_partial_collection.enabled
/sql_stats_automatic_partial_collection_enabled
, defaults tofalse
.sql.stats.automatic_partial_collection.min_stale_rows
/sql_stats_automatic_partial_collection_min_stale_rows
, defaults to100
.sql.stats.automatic_partial_collection.fraction_stale_rows
/sql_stats_automatic_partial_collection_fraction_stale_rows
, Defaults to0.05
. #93067
- The session variable
enforce_home_region_follower_reads_enabled
is now deprecated, and will be removed in a future release. The related session variableenforce_home_region
is not deprecated. #129024 - Added a new cluster setting to control whether most common values are collected as part of histogram collection for use by the optimizer. The setting is called
sql.stats.histogram_buckets.include_most_common_values.enabled
. When enabled, the histogram collection logic will ensure that the most common sampled values are represented as histogram bucket upper bounds. Since histograms in CockroachDB track the number of elements equal to the upper bound in addition to the number of elements less, this allows the optimizer to identify the most common values in the histogram and better estimate the rows processed by a query plan. To set the number of most common values to include in a histogram, a second settingsql.stats.histogram_buckets.max_fraction_most_common_values
was added. Currently, the default is0.1
, or10%
of the number of buckets. With a 200 bucket histogram, by default, at most 20 buckets may be adjusted to include a most common value as the upper bound. #129378 - Added a new column to
crdb_internal.table_spans
to indicate whether a table is dropped. Rows for dropped tables will be removed once they are garbage collected. #128788 Added the cluster setting
sql.txn.repeatable_read_isolation.enabled
, which defaults tofalse
. When set totrue
, the following statements will configure transactions to run underREPEATABLE READ
isolation, rather than being automatically interpreted asSERIALIZABLE
:BEGIN TRANSACTION ISOLATION LEVEL REPEATABLE READ
SET TRANSACTION ISOLATION LEVEL REPEATABLE READ
SET default_transaction_isolation = 'repeatable read'
SET SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL REPEATABLE READ
This setting was added since
REPEATABLE READ
transactions is a preview feature, so usage of it is opt-in for v24.3. In a future CockroachDB major version, this setting will change to default totrue
. #130089Previously,
SHOW CHANGEFEED JOBS
showed the changefeed jobs for the last 14 days by default. Now, it uses the same age filter forSHOW JOBS
, which shows jobs from the last 12 hours by default. #127584Set the default for session variable
large_full_scan_rows
to0
. This means that by default,disallow_full_table_scans
will disallow all full table scans, even full scans on very small tables. Iflarge_full_scan_rows
is set > 0,disallow_full_table_scans
will allow full scans estimated to read fewer thanlarge_full_scan_rows
. #131040It is now possible to create PL/pgSQL trigger functions, which can be executed by a trigger in response to table mutation events. Note that this patch does not add support for triggers, only trigger functions. #126734
Cluster settings
enterprise.license
anddiagnostics.reporting.enabled
now have additional validation. #131097The
SHOW SESSIONS
command was changed to include anauthentication_method
column in the result. This column will show the method used to authenticate the session, for example,password
,cert
,LDAP
, etc. #131625
Operational changes
- Events
DiskSlownessDetected
andDiskSlownessCleared
are now logged when disk slowness is detected and cleared on a store. #127025 - Several cluster settings allow you to configure rate-limiting traffic to cloud storage over various protocols. These settings begin with
cloudstorage
. #127207 - The new cluster setting
kv.range.range_size_hard_cap
allows you to limit how large a range can grow before backpressure is applied. This can help to mitigate against a situation where a range cannot be split, such as when a range is comprised of a single key due to an issue with the schema or workload pattern or a bug in client application code. The default is 8 GiB, which is 16 times the default max range size. If you have changed the max range size, you may need to adjust this cluster setting or reduce the range size. #129450 The following
kvflowcontrol
metrics have been renamed. After a cluster is finalized on v24.3, old and new metrics will be populated. The previous metrics underkvasdmission.flow_controller
will be removed.Old metric names New metric names kvadmission.flow_controller.regular_tokens_available
kvflowcontrol.tokens.eval.regular.available
kvadmission.flow_controller.elastic_tokens_available
kvflowcontrol.tokens.eval.elastic.available
kvadmission.flow_controller.regular_tokens_deducted
kvflowcontrol.tokens.eval.regular.deducted
kvadmission.flow_controller.elastic_tokens_deducted
kvflowcontrol.tokens.eval.elastic.deducted
kvadmission.flow_controller.regular_tokens_returned
kvflowcontrol.tokens.eval.regular.returned
kvadmission.flow_controller.elastic_tokens_returned
kvflowcontrol.tokens.eval.elastic.returned
kvadmission.flow_controller.regular_tokens_unaccounted
kvflowcontrol.tokens.eval.regular.unaccounted
kvadmission.flow_controller.elastic_tokens_unaccounted
kvflowcontrol.tokens.eval.elastic.unaccounted
kvadmission.flow_controller.regular_stream_count
kvflowcontrol.streams.eval.regular.total_count
kvadmission.flow_controller.elastic_stream_count
kvflowcontrol.streams.eval.elastic.total_count
kvadmission.flow_controller.regular_requests_waiting
kvflowcontrol.eval_wait.regular.requests.waiting
kvadmission.flow_controller.elastic_requests_waiting
kvflowcontrol.eval_wait.elastic.requests.waiting
kvadmission.flow_controller.regular_requests_admitted
kvflowcontrol.eval_wait.regular.requests.admitted
kvadmission.flow_controller.elastic_requests_admitted
kvflowcontrol.eval_wait.elastic.requests.admitted
kvadmission.flow_controller.regular_requests_errored
kvflowcontrol.eval_wait.regular.requests.errored
kvadmission.flow_controller.elastic_requests_errored
kvflowcontrol.eval_wait.elastic.requests.errored
kvadmission.flow_controller.regular_requests_bypassed
kvflowcontrol.eval_wait.regular.requests.bypassed
kvadmission.flow_controller.elastic_requests_bypassed
kvflowcontrol.eval_wait.elastic.requests.bypassed
kvadmission.flow_controller.regular_wait_duration
kvflowcontrol.eval_wait.regular.duration
kvadmission.flow_controller.elastic_wait_duration
kvflowcontrol.eval_wait.elastic.duration
The new
ranges.decommissioning
metric shows the number of ranges with a replica on a decommissioning node. #130117New cluster settings have been added which control the refresh behavior for the cached data in the Databases page of the DB Console:
obs.tablemetadatacache.data_valid_duration
: the duration for which the data insystem.table_metadata
is considered valid before a cache reset will occur. Default: 20 minutes.obs.tablemetadatacache.automatic_updates.enabled
: whether to automatically update the cache according the validity interval. Default:false
.
New gauge metrics
security.certificate.expiration.{cert-type}
andsecurity.certificate.ttl.{cert-type}
show the expiration and TTL for a certificate. #130110To set the logging format for
stderr
, you can now set theformat
field to any valid format, rather than onlycrdb-v2-tty
. #131529The following new metrics show connection latency for each SQL authentication method:
Authentication method Metric Certificate auth_cert_conn_latency
Java Web Token (JWT) auth_jwt_conn_latency
Kerberos GSS auth_gss_conn_latency
LDAP auth_ldap_conn_latency
Password auth_password_conn_latency
SCRAM SHA-256 auth_scram_conn_latency
Verbose logging of slow Pebble reads can no longer be enabled via the shorthand flag
--vmodule=pebble_logger_and_tracer=2
, wherepebble_logger_and_tracer
contains the CockroachDB implementation of the logger needed by Pebble. Instead, you must list the Pebble files that contain the log statements. For example--vmodule=reader=2,table=2
. #127066The lowest admission control priority for the storage layer has been renamed from
ttl-low-pri
tobulk-low-pri
. #129564New clusters will now have a zone configuration defined for the
timeseries
range, which specifiesgc.ttlseconds
and inherits all other attributes from the zone config of thedefault
range. This zone config will also be added to a cluster that is upgraded to v24.3 if it does not already have a zone config defined.#128032
Command-line changes
cockroach debug tsdump
now includes all the available resolutions in the time range supplied by the user. #127186- Added the flag
--tenant-name-scope
to thecert create-client
command. This allows users to generate tenant-scoped client certificates using tenant names in addition to tenant IDs. #129216
DB Console changes
- If a range is larger than twice the max range size, it will now display in the Problem Ranges page in the DB Console. #129001
- Updated some metric charts on the Overview and Replication dashboards to omit verbose details in the legends for easier browsing. #129149
- Updated the icon for notification alerts to use the new CockroachDB logo. #130333
- The
txn.restarts.writetoooldmulti
metric was rolled into thetxn.restarts.writetooold
metric in the v24.1.0-alpha.1 release.txn.restarts.writetoooldmulti
has now been removed altogether. #131642 - The grants table in the DB Details page will now show the database level grants. For example, when clicking a database in the databases list. Previously, it showed grants per table in the database. #131250
- Added new database pages that are available from the side navigation Databases link. #131594
- The DB Console will reflect any throttling behavior from the cluster due to an expired license or missing telemetry data. Enterprise licenses are not affected. #131326
- Users can hover over the node/region cell in multi-region deployments to view a list of nodes the database or table is on. #130704
- The Databases pages in the DB console have been updated to read cached metadata about database and table storage statistics. The cache update time is now displayed in the top right-hand corner of the database and tables list pages. Users may trigger a cache refresh with the refresh icon next to the last updated time. The cache will also update automatically when users visit a Databases page and the cache is older than or equal to 20 minutes. #131463
Bug fixes
- Fixed a bug where CockroachDB could incorrectly evaluate an
IS NOT NULL
filter if it was applied to non-NULL
tuples that hadNULL
elements (like(1, NULL)
or(NULL, NULL)
). The bug was present since v20.2. #126901 - Fixed a bug related to displaying the names of composite types in the
SHOW CREATE TABLES
command. The names are now shown as two-part names, which disambiguates the output and makes it more portable to other databases. #127158 - The
CONCAT()
built-in function now accepts arguments of any data type. #127098 - Fixed a bug that prevented merged statistics from being created after injecting statistics or recreating statement bundles. This would occur when the injected statistics or statement bundle contained related full and partial statistics. #127252
- Fixed a bug where CockroachDB could encounter spurious
(error encountered after some results were delivered)
ERROR: context canceled
errors in rare cases when evaluating some queries. The bug was present since v22.2. The conditions that triggered the bug were queries that: - Updated the restore job description from
RESTORE ... FROM
toRESTORE FROM {backup} IN {collectionURI}
to reflect the newRESTORE
syntax. #127970 - Fixed a bug that could cause a
CASE
statement with multiple subqueries to produces the side effects of one of the subqueries even if that subquery shouldn't have been evaluated. #120327 - Changed the schema changer’s merge process so that it can detect contention errors and automatically retry with a smaller batch size. This makes the merge process more likely to succeed without needing to manually tune settings. #128201
SHOW CREATE ALL TYPES
now shows corresponding type comments in its output. #128084- Enforce the
statement_timeout
session setting when waiting for jobs after a schema change in an implicit transaction. #128474 - Fixed a bug where certain dropdowns in the DB Console appeared to be empty (with no options to select from) for users of the Safari browser. #128996
- Fixed a bug that would cause the
hlc_to_timestamp
function to return an incorrect timestamp for some input decimals. #129153 - Fixed a memory leak where statement insight objects could leak if the session was closed without the transaction finishing. #128400
- Fixed a bug in the public preview WAL failover feature that could prevent a node from starting if it crashed during a failover. #129331
- Fixed a bug where
'infinity'::TIMESTAMP
returned a different result than PostgreSQL. #127141 - Fixed a spurious error log from the replication queue involving the text
" needs lease, not adding"
. #129351 - Using more than one
DECLARE
statement in the definition of a user-defined function now correctly declares additional variables. #129951 - Fixed a bug in which some
SELECT FOR UPDATE
orSELECT FOR SHARE
queries usingNOWAIT
could still block on locked rows when using theoptimizer_use_lock_op_for_serializable
session setting under serializable isolation. This bug was introduced withoptimizer_use_lock_op_for_serializable
in v23.2.0. #130103 - Fixed a bug in the upgrade pre-condition for repairing descriptor corruption that could lead to finalization being stuck. #130064
- Fixed a bug that caused the optimizer to plan unnecessary post-query uniqueness checks during
INSERT
,UPSERT
, andUPDATE
statements on tables with partial, unique, hash-sharded indexes. These unnecessary checks added overhead to execution of these statements, and caused the statements to error when executed underREAD COMMITTED
isolation. #130366 - Fixed a bug that caused incorrect evaluation of
CASE
,COALESCE
, andIF
expressions with branches producing fixed-width string-like types, such asCHAR
. In addition, theBPCHAR
type no longer incorrectly imposes a length limit of1
. #129007 - Fixed a bug where zone configuration changes issued by the declarative schema changer were not blocked if a table had the
schema_locked
storage parameter set. #130670 - Fixed a bug that could prevent a
CHANGEFEED
from being able to resume after being paused for a prolonged period of time. #130622 - Fixed a bug where if a client connection was attempting a schema change while the same schema objects were being dropped, it was possible for the connection to be incorrectly dropped. #130928
- Fixed a bug introduced in v23.1 that could cause incorrect results when:
- The query contained a correlated subquery.
- The correlated subquery had a
GROUP BY
orDISTINCT
operator with an outer-column reference in its input. - The correlated subquery was in the input of a
SELECT
orJOIN
operator. - The
SELECT
orJOIN
had a filter that set the outer-column reference from (2) equal to a non-outer column in the input of the grouping operator. - The grouping column set did not include the replacement column, and functionally determined the replacement column. #130925
- Fixed a bug which could cause errors with the message
"internal error: Non-nullable column ..."
when executing statements underREAD COMMITTED
isolation that involved tables withNOT NULL
virtual columns. #130725 - Fixed a bug that could cause a very rare internal error
"lists in SetPrivate are not all the same length"
when executing queries. #130981 - Fixed a bug that could cause incorrect evaluation of scalar expressions involving
NULL
values in rare cases. #128123 SHOW CREATE ALL SCHEMAS
now shows corresponding schema comments in its output. #130164- Fixed a bug, introduced in v23.2.0, where creating a new incremental schedule (using
ALTER BACKUP SCHEDULE
) on a full backup schedule created on an older version would fail. #131231 - Fixed a bug that could cause an internal error if a table with an implicit (
rowid
) primary key was locked from within a subquery likeSELECT * FROM (SELECT * FROM foo WHERE x = 2) FOR UPDATE;
. The error could occur either underREAD COMMITTED
isolation, or with theoptimizer_use_lock_op_for_serializable
session setting enabled. #129768 - Fixed a bug where jobs created in a session with non-zero session timezone offsets could hang before starting, or report incorrect creation times when viewed in
SHOW JOBS
and the DB Console. #123632 - Fixed a bug which could result in changefeeds using CDC queries failing due to a system table being garbage collected. #131027
ALTER COLUMN TYPE
now errors out when there is a partial index that is dependent on the column being altered. #131590- Fixed a bug that prevented buffered file sinks from being included when iterating over all file sinks. This led to problems such as the
debug zip
command not being able to fetch logs for a cluster where buffering was enabled. #130158
Performance improvements
- Raft log sync callback handling is now parallelized, which can improve write-heavy workload performance on large, single-store nodes. #126523
- Planning time for complex queries has been reduced. #128049
- Reduced the write-amplification impact of rebalances by splitting snapshot SSTable files into smaller ones before ingesting them into Pebble. #127997
- Improved the performance of job-system related queries. #123848
- The query optimizer now plans limited, partial-index scans in more cases. #129901
- The initialization of the execution engine for a query is now more efficient when the query plan contains aggregate functions. #130834
- Enabled multi-level compactions that moderately reduce write amplification within the storage engine. #131378
- Increased the per-vCPU concurrency limits for KV operations. Specifically, increased the
kv.dist_sender.concurrency_limit
cluster setting to 384/vCPU (up from 64/vCPU) andkv.streamer.concurrency_limit
to 96/vCPU (up from 8/vCPU). #131226 - The optimizer now plans more efficient lookup joins in some cases. #131383
Build changes
- Changed the AWS SDK version used for interactions with external storage from v1 to v2. #129938