From 6c529205a7de76bdd1dacec9a8ecb88694cdbab7 Mon Sep 17 00:00:00 2001 From: mikeCRL Date: Sat, 26 Jul 2025 00:33:13 -0400 Subject: [PATCH 1/7] Update version data in _config_cockroachdb.yml, releases.yml, versions.csv --- src/current/_config_cockroachdb.yml | 4 +-- src/current/_data/releases.yml | 34 +++++++++++++++++++++++ src/current/_data/versions.csv | 42 ++++++++++++++--------------- 3 files changed, 57 insertions(+), 23 deletions(-) diff --git a/src/current/_config_cockroachdb.yml b/src/current/_config_cockroachdb.yml index a080444f5ab..489ec5ea9c5 100644 --- a/src/current/_config_cockroachdb.yml +++ b/src/current/_config_cockroachdb.yml @@ -1,7 +1,7 @@ baseurl: /docs -current_cloud_version: v25.2 +current_cloud_version: v25.3 destination: _site/docs homepage_title: CockroachDB Docs versions: - stable: v25.2 + stable: v25.3 dev: v25.3 diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml index e3af20d24b1..936ae7db7a2 100644 --- a/src/current/_data/releases.yml +++ b/src/current/_data/releases.yml @@ -9325,3 +9325,37 @@ docker_arm_limited_access: false source: true previous_release: v25.2.2 + +- release_name: v25.3.0 + major_version: v25.3 + release_date: '2025-08-04' + release_type: Production + go_version: go1.23.7 + sha: TBD + has_sql_only: true + has_sha256sum: true + mac: + mac_arm: true + mac_arm_experimental: true + mac_arm_limited_access: false + windows: true + linux: + linux_arm: true + linux_arm_experimental: false + linux_arm_limited_access: false + linux_intel_fips: true + linux_arm_fips: false + docker: + docker_image: cockroachdb/cockroach + docker_arm: true + docker_arm_experimental: false + docker_arm_limited_access: false + source: true + previous_release: v25.3.0-rc.1 + cloud_only: true + cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters' + cloud_only_message: > + This version is currently available only for select + CockroachDB Cloud clusters. To request to upgrade + a CockroachDB self-hosted cluster to this version, + [contact support](https://support.cockroachlabs.com/hc/requests/new). diff --git a/src/current/_data/versions.csv b/src/current/_data/versions.csv index 0481e48e0c2..7ab62670ca0 100644 --- a/src/current/_data/versions.csv +++ b/src/current/_data/versions.csv @@ -1,21 +1,21 @@ -major_version,release_date,maint_supp_exp_date,asst_supp_exp_date,last_ga_patch,initial_lts_patch,initial_lts_release_date,lts_maint_supp_exp_date,lts_asst_supp_exp_date,previous_version,crdb_branch_name,binary_removal_date -v1.0,2017-05-10,2018-05-10,2018-11-10,N/A,N/A,N/A,N/A,N/A,N/A,release-1.0,2024-01-01 -v1.1,2017-10-12,2018-10-12,2019-04-12,N/A,N/A,N/A,N/A,N/A,v1.0,release-1.1,2024-01-01 -v2.0,2018-04-04,2019-04-04,2019-10-04,N/A,N/A,N/A,N/A,N/A,v1.1,release-2.0,2024-01-01 -v2.1,2018-10-30,2019-10-30,2020-04-30,N/A,N/A,N/A,N/A,N/A,v2.0,release-2.1,2024-01-01 -v19.1,2019-04-30,2020-04-30,2020-10-30,N/A,N/A,N/A,N/A,N/A,v2.1,release-19.1,2024-01-01 -v19.2,2019-11-12,2020-11-12,2021-05-12,N/A,N/A,N/A,N/A,N/A,v19.1,release-19.2,2024-01-01 -v20.1,2020-05-12,2021-05-12,2021-11-12,N/A,N/A,N/A,N/A,N/A,v19.2,release-20.1,2025-05-12 -v20.2,2020-11-10,2021-11-10,2022-05-10,N/A,N/A,N/A,N/A,N/A,v20.1,release-20.2,2025-05-12 -v21.1,2021-05-18,2022-05-18,2022-11-18,N/A,N/A,N/A,N/A,N/A,v20.2,release-21.1,2025-05-18 -v21.2,2021-11-16,2022-11-16,2023-05-16,N/A,N/A,N/A,N/A,N/A,v21.1,release-21.2,2025-11-16 -v22.1,2022-05-24,2023-05-24,2023-11-24,N/A,N/A,N/A,N/A,N/A,v21.2,release-22.1,2026-05-24 -v22.2,2022-12-05,2023-12-05,2024-06-05,N/A,N/A,N/A,N/A,N/A,v22.1,release-22.2,2026-12-05 -v23.1,2023-05-15,2024-05-15,2024-11-15,23.1.11,23.1.12,2023-11-13,2024-11-13,2025-11-13,v22.2,release-23.1,2027-05-15 -v23.2,2024-02-05,2025-02-05,2025-08-05,23.2.6,23.2.7,2024-07-08,2025-07-08,2026-07-08,v23.1,release-23.2,2028-02-05 -v24.1,2024-05-20,2025-05-20,2025-11-20,24.1.5,24.1.6,2024-10-21,2025-10-21,2026-10-21,v23.2,release-24.1,2028-05-20 -v24.2,2024-08-12,2025-02-12,N/A,N/A,N/A,N/A,N/A,N/A,v24.1,release-24.2,2028-08-12 -v24.3,2024-11-18,2025-11-18,2026-05-18,24.3.11,24.3.12,2025-05-05,2026-05-05,2027-05-05,v24.2,release-24.3,2028-11-18 -v25.1,2025-02-18,2025-08-18,N/A,N/A,N/A,N/A,N/A,N/A,v24.3,release-25.1,2029-02-18 -v25.2,2025-05-09,2026-05-12,2026-11-12,N/A,N/A,N/A,N/A,N/A,v25.1,release-25.2,2029-05-09 -v25.3,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A,v25.2,release-25.3,N/A +major_version,release_date,maint_supp_exp_date,asst_supp_exp_date,last_ga_patch,initial_lts_patch,initial_lts_release_date,lts_maint_supp_exp_date,lts_asst_supp_exp_date,previous_version,crdb_branch_name,binary_removal_date +v1.0,2017-05-10,2018-05-10,2018-11-10,N/A,N/A,N/A,N/A,N/A,N/A,release-1.0,2024-01-01 +v1.1,2017-10-12,2018-10-12,2019-04-12,N/A,N/A,N/A,N/A,N/A,v1.0,release-1.1,2024-01-01 +v2.0,2018-04-04,2019-04-04,2019-10-04,N/A,N/A,N/A,N/A,N/A,v1.1,release-2.0,2024-01-01 +v2.1,2018-10-30,2019-10-30,2020-04-30,N/A,N/A,N/A,N/A,N/A,v2.0,release-2.1,2024-01-01 +v19.1,2019-04-30,2020-04-30,2020-10-30,N/A,N/A,N/A,N/A,N/A,v2.1,release-19.1,2024-01-01 +v19.2,2019-11-12,2020-11-12,2021-05-12,N/A,N/A,N/A,N/A,N/A,v19.1,release-19.2,2024-01-01 +v20.1,2020-05-12,2021-05-12,2021-11-12,N/A,N/A,N/A,N/A,N/A,v19.2,release-20.1,2025-05-12 +v20.2,2020-11-10,2021-11-10,2022-05-10,N/A,N/A,N/A,N/A,N/A,v20.1,release-20.2,2025-05-12 +v21.1,2021-05-18,2022-05-18,2022-11-18,N/A,N/A,N/A,N/A,N/A,v20.2,release-21.1,2025-05-18 +v21.2,2021-11-16,2022-11-16,2023-05-16,N/A,N/A,N/A,N/A,N/A,v21.1,release-21.2,2025-11-16 +v22.1,2022-05-24,2023-05-24,2023-11-24,N/A,N/A,N/A,N/A,N/A,v21.2,release-22.1,2026-05-24 +v22.2,2022-12-05,2023-12-05,2024-06-05,N/A,N/A,N/A,N/A,N/A,v22.1,release-22.2,2026-12-05 +v23.1,2023-05-15,2024-05-15,2024-11-15,23.1.11,23.1.12,2023-11-13,2024-11-13,2025-11-13,v22.2,release-23.1,2027-05-15 +v23.2,2024-02-05,2025-02-05,2025-08-05,23.2.6,23.2.7,2024-07-08,2025-07-08,2026-07-08,v23.1,release-23.2,2028-02-05 +v24.1,2024-05-20,2025-05-20,2025-11-20,24.1.5,24.1.6,2024-10-21,2025-10-21,2026-10-21,v23.2,release-24.1,2028-05-20 +v24.2,2024-08-12,2025-02-12,N/A,N/A,N/A,N/A,N/A,N/A,v24.1,release-24.2,2028-08-12 +v24.3,2024-11-18,2025-11-18,2026-05-18,24.3.11,24.3.12,2025-05-05,2026-05-05,2027-05-05,v24.2,release-24.3,2028-11-18 +v25.1,2025-02-18,2025-08-18,N/A,N/A,N/A,N/A,N/A,N/A,v24.3,release-25.1,2029-02-18 +v25.2,2025-05-09,2026-05-12,2026-11-12,N/A,N/A,N/A,N/A,N/A,v25.1,release-25.2,2029-05-09 +v25.3,2025-08-04,2026-08-04,2027-02-04,N/A,N/A,N/A,N/A,N/A,v25.2,release-25.3,2029-08-04 From 3a6764fd08f4a0d8df0232a6bd93f7c2097c595c Mon Sep 17 00:00:00 2001 From: mikeCRL Date: Fri, 1 Aug 2025 05:44:52 -0400 Subject: [PATCH 2/7] Add initial cluster settings changes list --- .../releases/v25.3/cluster-setting-changes.md | 49 ++++++++++++++++--- 1 file changed, 41 insertions(+), 8 deletions(-) diff --git a/src/current/_includes/releases/v25.3/cluster-setting-changes.md b/src/current/_includes/releases/v25.3/cluster-setting-changes.md index a4abfe0fc7b..85802be028e 100644 --- a/src/current/_includes/releases/v25.3/cluster-setting-changes.md +++ b/src/current/_includes/releases/v25.3/cluster-setting-changes.md @@ -2,14 +2,47 @@ Changes to [cluster settings]({% link v25.2/cluster-settings.md %}) should be re
Settings added
-- Bullet -- Bullet -- Bullet -- Bullet -- Bullet +# Key cluster setting changes -
Settings with changed visibility
+- `server.jwt_authentication.userinfo_group_key` (reserved) + - CockroachDB can now synchronize SQL role membership from the groups claim contained in a JWT when the cluster setting `server.jwt_authentication.authorization.enabled` is set to `true`. The claim name and the fallback `userinfo` JSON key are configurable by the cluster settings `server.jwt_authentication.group_claim` and `server.jwt_authentication.userinfo_group_key` respectively. This behavior matches the existing LDAP role-sync feature. [#147318][#147318] -The following settings are now marked `public` after previously being `reserved`. Reserved settings are not documented and their tuning by customers is not supported. -- Bullet +- `server.telemetry.hot_ranges_stats.enabled` (reserved) + - When the `server.telemetry.hot_ranges_stats.enabled` cluster setting is enabled, nodes check for hot ranges every minute instead of every 4 hours. A node logs its hot ranges when any single replica exceeds 250 ms of CPU time per second. In multi-tenant deployments, the check runs every 5 minutes and logs hot ranges for the entire cluster. [#144414][#144414] + + +- `sql.metrics.application_name.enabled` + - Fixed an issue where some SQL metrics were not reported when `server.child_metrics.enabled` was enabled, `server.child_metrics.include_aggregate.enabled` was disabled, and `sql.metrics.application_name.enabled` and `sql.metrics.database_name.enabled` were also disabled. Specifically, metrics with no children now report their aggregate metrics regardless of the `server.child_metrics.include_aggregate.enabled` cluster setting. + - Added new cluster settings: `sql.metrics.application_name.enabled` and `sql.metrics.database_name.enabled`. These settings default to `false` and can be set to `true` to display the application name and database name, respectively, on supported metrics. [#144610][#144610] + +- `sql.metrics.database_name.enabled` + - Fixed an issue where some SQL metrics were not reported when `server.child_metrics.enabled` was enabled, `server.child_metrics.include_aggregate.enabled` was disabled, and `sql.metrics.application_name.enabled` and `sql.metrics.database_name.enabled` were also disabled. Specifically, metrics with no children now report their aggregate metrics regardless of the `server.child_metrics.include_aggregate.enabled` cluster setting. + - Added new cluster settings: `sql.metrics.application_name.enabled` and `sql.metrics.database_name.enabled`. These settings default to `false` and can be set to `true` to display the application name and database name, respectively, on supported metrics. [#144610][#144610] + +- `sql.sqlcommenter.enabled` + - In the `crdb_internal.cluster_execution_insights` and `crdb_internal.node_execution_insights` virtual tables in a new `query_tags` JSONB column. + + This feature is disabled by default and can be enabled using the `sql.sqlcommenter.enabled` cluster setting. Comments must follow the [SQLCommenter specification](https://google.github.io/sqlcommenter/spec/). [#145435][#145435] + - In the `crdb_internal.cluster_execution_insights` and `crdb_internal.node_execution_insights` virtual tables in a new `query_tags` JSONB column. + + This feature is disabled by default and can be enabled using the `sql.sqlcommenter.enabled` cluster setting. Comments must follow the [SQLCommenter specification](https://google.github.io/sqlcommenter/spec/). [#145435][#145435] + +- `sql.stats.automatic_partial_collection.enabled` + - In v25.1, automatic partial statistics collection was enabled by default (by setting the `sql.stats.automatic_partial_collection.enabled` cluster setting to `true`). Partial statistics collection may encounter certain expected scenarios that were previously reported as failed stats jobs with PostgreSQL error code `55000`. These errors are benign and are no longer reported. Instead, the stats job will be marked as "succeeded," though no new statistics will be created. + +- `sql.trace.txn.enable_threshold` + - In order to selectively capture traces for transactions running in an active workload without having to capture them via statement diagnostic bundles, customers can now use the `sql.trace.txn.sample_rate` cluster setting to enable tracing for a fraction of their workload. The `sql.trace.txn.enable_threshold` will still need to be set to a positive value to provide a filter for how slow a transaction needs to be after being sampled to merit emitting a trace. Traces are emitted to the `SQL_EXEC` logging channel. + +- `sql.trace.txn.sample_rate` + - In order to selectively capture traces for transactions running in an active workload without having to capture them via statement diagnostic bundles, customers can now use the `sql.trace.txn.sample_rate` cluster setting to enable tracing for a fraction of their workload. The `sql.trace.txn.enable_threshold` will still need to be set to a positive value to provide a filter for how slow a transaction needs to be after being sampled to merit emitting a trace. Traces are emitted to the `SQL_EXEC` logging channel. + +- A new feature is now available that automatically captures Go execution traces on a scheduled interval. This feature incurs a performance penalty and is generally intended for use under the guidance of Cockroach Labs Support. This feature can be configured using the following cluster settings: + - `obs.execution_tracer.interval`: Enables the tracer and sets the interval for capturing traces. Set to a value greater than 0 to activate. + - `obs.execution_tracer.duration`: Specifies the duration for each captured trace. + - `obs.execution_tracer.total_dump_size_limit`: Sets the maximum disk space allowed for storing execution traces. Older traces are automatically deleted when this limit is reached. + [#149705][#149705] +- The value of `sql.stats.error_on_concurrent_create_stats.enabled` now defaults to `false`, suppressing error counters for auto stats jobs that fail due to concurrent stats jobs in progress. + [#149857][#149857] + +- The cluster setting `server.client_cert_expiration_cache.capacity` has been deprecated. The client certificate cache now evicts client certificates based on expiration time. [#144181][#144181] From 106cb8f17d50346a14b38917b1d3b1c289be6c0e Mon Sep 17 00:00:00 2001 From: mikeCRL Date: Fri, 1 Aug 2025 11:46:38 -0400 Subject: [PATCH 3/7] Add v25.3.0 release notes with feature highlights - Clone v25.2.0.md structure for v25.3.0.md - Transform markdown tables to HTML format - Remove Jira issue links from feature descriptions - Update version numbers and anchor prefixes (v25-2-0- to v25-3-0-) - Organize features by category: Migrations, Observability, Performance, Security, SQL, CockroachDB Cloud - Set release date to August 4, 2025 --- src/current/releases/v25.3/v25.3.0.md | 380 ++++++++++++++++++++++++++ 1 file changed, 380 insertions(+) create mode 100644 src/current/releases/v25.3/v25.3.0.md diff --git a/src/current/releases/v25.3/v25.3.0.md b/src/current/releases/v25.3/v25.3.0.md new file mode 100644 index 00000000000..ac4f042ebb1 --- /dev/null +++ b/src/current/releases/v25.3/v25.3.0.md @@ -0,0 +1,380 @@ +## v25.3.0 + +Release Date: August 4, 2025 + +With the release of CockroachDB v25.3, we've added new capabilities to help you migrate, build, and operate more efficiently. + +For a summary of the most significant changes, refer to [Feature Highlights](#v25-3-0-feature-highlights). + +{% include releases/new-release-downloads-docker-image.md release=include.release %} + +

Feature highlights

+ +This section summarizes the most significant user-facing changes in v25.3.0 and other features recently made available to CockroachDB users across versions. For a complete list of features and changes in v25.3, including bug fixes and performance improvements, refer to the [release notes]({% link releases/index.md %}#testing-releases) for v25.3 testing releases. You can also search the docs for sections labeled [New in v25.3](https://www.cockroachlabs.com/docs/search?query=new+in+v25.3). + +- **Feature categories** + - [Migrations](#v25-3-0-migrations) + - [Observability](#v25-3-0-observability) + - [Performance](#v25-3-0-performance) + - [Security](#v25-3-0-security) + - [SQL](#v25-3-0-sql) + - [CockroachDB Cloud](#v25-3-0-cloud) + +- **Additional information** + - [Backward-incompatible changes](#v25-3-0-backward-incompatible-changes) + - [Features that require upgrade finalization](#v25-3-0-features-that-require-upgrade-finalization) + - [Key cluster setting changes](#v25-3-0-key-cluster-setting-changes) + - [Deprecations] (#v25-3-0-deprecations) + - [Known limitations](#v25-3-0-known-limitations) + +
+ +

Migrations

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureAvailability
Ver.Self-hostedAdvancedStandardBasic
+

MOLT Fetch support for Oracle in Public Preview

+

+ MOLT Fetch, CockroachDB's bulk and incremental data migration tool, now supports Oracle as a source dialect, significantly streamlining Oracle-to-CockroachDB migrations. This capability is available in Public Preview. +

+ 		All*{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}
+ +

Observability

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureAvailability
Ver.Self-hostedAdvancedStandardBasic
+

Prometheus Scrape Endpoint: Static Label Support

+

+ CockroachDB now supports additional labels in the Prometheus scrape endpoint, enabling dimensional metrics (e.g., {{metric {status="success"}}) instead of separate metric names (e.g., metric.success, metric.failure). This is available via a new scrape endpoint: /metrics. The change reduces metric sprawl, lowers ingestion and storage costs, and improves compatibility with Prometheus-based tooling. +

+ 		25.3{% include icon-yes.html %}{% include icon-no.html %}{% include icon-no.html %}{% include icon-no.html %}
+ +

Performance

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureAvailability
Ver.Self-hostedAdvancedStandardBasic
+

Value Separation

+

+ Value separation is a Public Preview feature introduced in 25.3. By default it is turned off in 25.3. It can be enabled by setting storage.value_separation.enabled to "true". Traditionally, both keys and values are stored inline in SSTables. When value separation is enabled, some values are stored outside SSTables in external blob files. When a value is separated, the SSTable contains a value pointer describing the location of the value in an external blob file. During compaction, only the key and its value pointer are copied from one level to another, conserving write bandwidth when values are large. This optimization reduces write-amplification (the ratio of total bytes written to disk versus the bytes written to database) by up to 50%. This reduces the write-bandwidth needed per database write operation and CPU needed for compaction, improving overall write throughput. +

+ 		25.3{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}
+ +

Security

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureAvailability
Ver.Self-hostedAdvancedStandardBasic
+

Automated SQL User Provisioning via LDAP/AD Integration

+

+ This release introduces automated provisioning of SQL users through LDAP/Active Directory (AD) integration. This feature enables complete automation of SQL user management, directly leveraging your existing centralized LDAP or Active Directory infrastructure. Key benefits: Enhanced Security: Centralized user management in LDAP/AD improves security policy enforcement and reduces manual error risks. Increased Efficiency: Automates user provisioning, de-provisioning, and role assignments. Simplified Auditing: Provides a single source of truth for user identities. Reduced Overhead: Eliminates separate SQL user management processes. This integration allows the entire SQL user lifecycle to be managed from LDAP/AD systems, improving overall security and operational efficiency. +

+ 		25.3{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-no.html %}{% include icon-no.html %}
+ +

SQL

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureAvailability
Ver.Self-hostedAdvancedStandardBasic
+

CITEXT data type

+

+ CockroachDB now supports the CITEXT data type, enabling case-insensitive text storage and comparisons at the SQL layer. This feature simplifies common tasks like user authentication, email matching, and other use cases where case should not affect query logic. By eliminating the need for manual LOWER() functions or ILIKE operations, CITEXT streamlines query writing and improves readability. +

+ 		25.3{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}
+

UDFs and Stored Procedures supported in view definitions

+

+ CockroachDB now supports using user-defined functions (UDFs) and stored procedures in view definitions, allowing more powerful and reusable logic to be embedded directly in views. This capability enhances flexibility when defining complex views by enabling calls to both SQL and PL/pgSQL routines, making it easier to encapsulate business logic and maintain cleaner schemas. The feature also improves compatibility with PostgreSQL, simplifying the process of migrating existing applications that rely on function- or procedure-based view logic. +

+ 		25.3{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}
+

Vector Indexing Improvements

+

+ Vector indexes in CockroachDB now support cosine distance and inner product, giving users more flexibility in selecting similarity metrics that best suit their machine learning or AI workloads. Together, these improvements make it easier to build and scale intelligent applications directly on CockroachDB. +

+ 		25.3{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}
+ +

CockroachDB Cloud

+ +
Operations
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureAvailability
Ver.Self-hostedAdvancedStandardBasic
+

Physical Cluster Replication on CockroachDB Cloud Advanced Clusters

+

+ Physical Cluster Replication is now available in limited access on CockroachDB Cloud Advanced clusters, allowing customers to establish a two-datacenter (2DC) resiliency strategy with active-passive deployments for low data loss and downtime in failover scenarios. +

+ 		All*{% include icon-no.html %}{% include icon-yes.html %}{% include icon-no.html %}{% include icon-no.html %}
+ +
Administration
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureAvailability
Ver.Self-hostedAdvancedStandardBasic
+

Self-Service Invoice PDFs Now Available in Console

+

+ Customers can now independently generate and download invoice PDFs directly from the console. +

+ 		All*{% include icon-no.html %}{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}
+

Invoice APIs upgraded to show draft invoices of the current billing cycle

+

+ The Invoice APIs to get the list invoices for a given organization and to get specific invoices for an organization using an invoice ID are now upgraded to retrieve draft invoices of the current billing cycle. +

+ 		All*{% include icon-no.html %}{% include icon-yes.html %}{% include icon-yes.html %}{% include icon-yes.html %}
+ +
Security
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureAvailability
Ver.Self-hostedAdvancedStandardBasic
+

Egress Perimeter Controls for CockroachDB Cloud on Azure Advanced Tier (PCI Compliance - Ready)

+

+ This release introduces Egress Perimeter Controls for CockroachDB Cloud Advanced clusters on Microsoft Azure, specifically designed to support PCI DSS compliance. This feature enables customers to restrict outbound network traffic from their CockroachDB Cloud cluster to a predefined list of external destinations. This is a critical control for organizations handling cardholder data, as it helps meet PCI DSS Requirement 1.2.1 and 1.3.4, which mandate limiting inbound and outbound traffic to only that which is necessary and explicitly denying all other unauthorized egress. Key features and benefits: Enhanced Security: Granular control over outbound network connections from your CockroachDB cluster, minimizing the attack surface and preventing unauthorized data exfiltration. PCI DSS Compliance: Directly addresses specific PCI DSS requirements (e.g., controlling and restricting egress traffic), assisting organizations in achieving and maintaining compliance for their cardholder data environments (CDE). Data Protection: Ensures that sensitive data egress, such as backups or change data capture (CDC), is confined to approved, secure destinations. Reduced Risk: Mitigates the risk of data breaches and unauthorized access by enforcing strict network boundaries around your database. This functionality provides a vital security layer for customers operating under stringent regulatory requirements like PCI DSS on Azure, enabling a more secure and compliant cloud database environment. +

+ 		All*{% include icon-no.html %}{% include icon-yes.html %}{% include icon-no.html %}{% include icon-no.html %}
+

Customer-Managed Encryption Keys (CMEK) for CockroachDB Cloud on Azure Advanced Tier

+

+ This release introduces Customer-Managed Encryption Keys (CMEK) for CockroachDB Cloud Advanced clusters on Microsoft Azure. This feature provides enhanced data security and supports PCI DSS compliance. CMEK enables customers to control the encryption keys used to protect their data at rest within CockroachDB Cloud on Azure. Keys are managed via the customer's Azure Key Vault. Key benefits: Enhanced Data Security: Customers control key lifecycle (creation, rotation, revocation), improving data protection. PCI DSS Compliance: Addresses PCI DSS Requirement 3 for protecting stored cardholder data. Operational Control: Provides greater control and visibility over data encryption strategy. Data Revocation Capability: Enables immediate data access revocation by disabling the encryption key in Azure Key Vault. This functionality is critical for organizations handling sensitive data and seeking PCI DSS compliance on the Azure Advanced Tier of CockroachDB Cloud. +

+ 		All*{% include icon-no.html %}{% include icon-yes.html %}{% include icon-no.html %}{% include icon-no.html %}
+ +{% include releases/v25.3/feature-detail-key.html %} + +
+ + + +

Backward-incompatible changes

+ +{% include releases/v25.3/backward-incompatible.md %} + + + +

Features that require upgrade finalization

+ +{% include releases/v25.3/upgrade-finalization.md %} + + + +

Key cluster setting changes

+ +{% include releases/v25.3/cluster-setting-changes.md %} + + + +

Deprecations

+ +{% include releases/v25.3/deprecations.md %} + +

Known limitations

+ +For information about new and unresolved limitations in CockroachDB v25.3, with suggested workarounds where applicable, refer to [Known Limitations]({% link v25.3/known-limitations.md %}). \ No newline at end of file From a134afcaa0924dee09548341cb4e6f48a090108d Mon Sep 17 00:00:00 2001 From: mikeCRL Date: Fri, 1 Aug 2025 13:09:31 -0400 Subject: [PATCH 4/7] Add features requiring finalization --- .../_includes/releases/v25.3/upgrade-finalization.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/current/_includes/releases/v25.3/upgrade-finalization.md b/src/current/_includes/releases/v25.3/upgrade-finalization.md index 5e5dae1e18b..5fa44bb867d 100644 --- a/src/current/_includes/releases/v25.3/upgrade-finalization.md +++ b/src/current/_includes/releases/v25.3/upgrade-finalization.md @@ -1,5 +1,7 @@ -During a major-version upgrade, certain features and performance improvements may not be available until the upgrade is finalized. In v25.2, these are: +During a major-version upgrade, certain features and performance improvements may not be available until the upgrade is finalized. In v25.3, these are: -- Bullet -- Bullet -- Bullet \ No newline at end of file +- CITEXT data type () +- Regional By Row constraint table storage parameter +- Lock loss detection for weaker isolation levels +- `estimated_last_login_time` column in `SHOW ROLES` output +- Automatic user provisioning via LDAP/AD integration \ No newline at end of file From 9fc0a316106f3feb6fad6a1545558613753d723d Mon Sep 17 00:00:00 2001 From: mikeCRL Date: Sun, 3 Aug 2025 11:38:55 -0400 Subject: [PATCH 5/7] Fix release content files --- src/current/_includes/releases/v25.3/backward-incompatible.md | 2 +- src/current/{ => _includes}/releases/v25.3/v25.3.0.md | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename src/current/{ => _includes}/releases/v25.3/v25.3.0.md (100%) diff --git a/src/current/_includes/releases/v25.3/backward-incompatible.md b/src/current/_includes/releases/v25.3/backward-incompatible.md index d9f9ea9d4c1..e1251c48eca 100644 --- a/src/current/_includes/releases/v25.3/backward-incompatible.md +++ b/src/current/_includes/releases/v25.3/backward-incompatible.md @@ -1,4 +1,4 @@ -Before [upgrading to CockroachDB v25.2]({% link v25.2/upgrade-cockroach-version.md %}), be sure to review the following backward-incompatible changes, as well as [key cluster setting changes](#v25-2-0-cluster-settings), and adjust your deployment as necessary. +Before [upgrading to CockroachDB v25.2]({% link v25.2/upgrade-cockroach-version.md %}), be sure to review the following backward-incompatible changes, as well as [key cluster setting changes](#v25-3-0-cluster-settings), and adjust your deployment as necessary. - Bullet - Bullet diff --git a/src/current/releases/v25.3/v25.3.0.md b/src/current/_includes/releases/v25.3/v25.3.0.md similarity index 100% rename from src/current/releases/v25.3/v25.3.0.md rename to src/current/_includes/releases/v25.3/v25.3.0.md From a364066037ff3597bbf3a903c12df67d1adf5750 Mon Sep 17 00:00:00 2001 From: mikeCRL Date: Sun, 3 Aug 2025 21:33:13 -0400 Subject: [PATCH 6/7] Update format of GA release section and backward-incompatible changes --- .../releases/v25.3/backward-incompatible.md | 12 +----- .../_includes/releases/v25.3/v25.3.0.md | 38 ++++++++++--------- 2 files changed, 22 insertions(+), 28 deletions(-) diff --git a/src/current/_includes/releases/v25.3/backward-incompatible.md b/src/current/_includes/releases/v25.3/backward-incompatible.md index e1251c48eca..77af10e0c3d 100644 --- a/src/current/_includes/releases/v25.3/backward-incompatible.md +++ b/src/current/_includes/releases/v25.3/backward-incompatible.md @@ -1,11 +1 @@ -Before [upgrading to CockroachDB v25.2]({% link v25.2/upgrade-cockroach-version.md %}), be sure to review the following backward-incompatible changes, as well as [key cluster setting changes](#v25-3-0-cluster-settings), and adjust your deployment as necessary. - -- Bullet -- Bullet -- Bullet -- Bullet - -[#]: https://github.com/cockroachdb/cockroach/pull/ -[#]: https://github.com/cockroachdb/cockroach/pull/ -[#]: https://github.com/cockroachdb/cockroach/pull/ -[#]: https://github.com/cockroachdb/cockroach/pull/ \ No newline at end of file +- This release contains no backward-incompatible changes. \ No newline at end of file diff --git a/src/current/_includes/releases/v25.3/v25.3.0.md b/src/current/_includes/releases/v25.3/v25.3.0.md index ac4f042ebb1..3ecedaa1ab0 100644 --- a/src/current/_includes/releases/v25.3/v25.3.0.md +++ b/src/current/_includes/releases/v25.3/v25.3.0.md @@ -4,29 +4,29 @@ Release Date: August 4, 2025 With the release of CockroachDB v25.3, we've added new capabilities to help you migrate, build, and operate more efficiently. -For a summary of the most significant changes, refer to [Feature Highlights](#v25-3-0-feature-highlights). +For a summary of the most significant changes, refer to [Feature Highlights](#v25-3-0-feature-highlights), which contains the following categories: + + - [Migrations](#v25-3-0-migrations) + - [Observability](#v25-3-0-observability) + - [Performance](#v25-3-0-performance) + - [Security](#v25-3-0-security) + - [SQL](#v25-3-0-sql) + - [CockroachDB Cloud](#v25-3-0-cloud) + +Before [upgrading to CockroachDB v25.3]({% link v25.3/upgrade-cockroach-version.md %}), be sure to also review the following [Upgrade Details](#v25-3-0-upgrade-details): + + - [Backward-incompatible changes](#v25-3-0-backward-incompatible-changes) + - [Features that require upgrade finalization](#v25-3-0-features-that-require-upgrade-finalization) + - [Key cluster setting changes](#v25-3-0-key-cluster-setting-changes) + - [Deprecations] (#v25-3-0-deprecations) + - [Known limitations](#v25-3-0-known-limitations) {% include releases/new-release-downloads-docker-image.md release=include.release %} -

Feature highlights

+

Feature Highlights

This section summarizes the most significant user-facing changes in v25.3.0 and other features recently made available to CockroachDB users across versions. For a complete list of features and changes in v25.3, including bug fixes and performance improvements, refer to the [release notes]({% link releases/index.md %}#testing-releases) for v25.3 testing releases. You can also search the docs for sections labeled [New in v25.3](https://www.cockroachlabs.com/docs/search?query=new+in+v25.3). -- **Feature categories** - - [Migrations](#v25-3-0-migrations) - - [Observability](#v25-3-0-observability) - - [Performance](#v25-3-0-performance) - - [Security](#v25-3-0-security) - - [SQL](#v25-3-0-sql) - - [CockroachDB Cloud](#v25-3-0-cloud) - -- **Additional information** - - [Backward-incompatible changes](#v25-3-0-backward-incompatible-changes) - - [Features that require upgrade finalization](#v25-3-0-features-that-require-upgrade-finalization) - - [Key cluster setting changes](#v25-3-0-key-cluster-setting-changes) - - [Deprecations] (#v25-3-0-deprecations) - - [Known limitations](#v25-3-0-known-limitations) -

Migrations

@@ -351,6 +351,10 @@ This section summarizes the most significant user-facing changes in v25.3.0 and
+

Upgrade Details

+ +Before you upgrade, review these changes and other information about the new major version. +

Backward-incompatible changes

From ca79a63cd04fb71a0de5ae8120f7f3263397312f Mon Sep 17 00:00:00 2001 From: mikeCRL Date: Mon, 4 Aug 2025 14:24:27 -0400 Subject: [PATCH 7/7] Final tweaks --- .../releases/v25.3/cluster-setting-changes.md | 56 +++-------- .../_includes/releases/v25.3/deprecations.md | 12 ++- .../releases/v25.3/upgrade-finalization.md | 10 +- .../_includes/releases/v25.3/v25.3.0.md | 94 ++++++++++++++----- 4 files changed, 98 insertions(+), 74 deletions(-) diff --git a/src/current/_includes/releases/v25.3/cluster-setting-changes.md b/src/current/_includes/releases/v25.3/cluster-setting-changes.md index 85802be028e..913b503495a 100644 --- a/src/current/_includes/releases/v25.3/cluster-setting-changes.md +++ b/src/current/_includes/releases/v25.3/cluster-setting-changes.md @@ -1,48 +1,18 @@ -Changes to [cluster settings]({% link v25.2/cluster-settings.md %}) should be reviewed prior to upgrading. New default cluster setting values will be used unless you have manually set a value for a setting. This can be confirmed by running the SQL statement `SELECT * FROM system.settings` to view the non-default settings. +Changes to [cluster settings]({% link v25.3/cluster-settings.md %}) should be reviewed prior to upgrading. New default cluster setting values will be used unless you have manually set a value for a setting. This can be confirmed by running the SQL statement `SELECT * FROM system.settings` to view the non-default settings. -
Settings added
+
New settings
-# Key cluster setting changes +- `sql.metrics.application_name.enabled` - Default to `false` and can be set to `true` to display the application name on supported metrics. [#144610][#144610] +- `sql.metrics.database_name.enabled` - Default to `false` and can be set to `true` to display the database name on supported metrics. [#144610][#144610] +- `sql.sqlcommenter.enabled` - This feature is disabled by default and can be enabled using the `sql.sqlcommenter.enabled` cluster setting. Comments must follow the [SQLCommenter specification](https://google.github.io/sqlcommenter/spec/). [#145435][#145435] +- `sql.trace.txn.sample_rate` and `sql.trace.txn.enable_threshold` - In order to selectively capture traces for transactions running in an active workload without having to capture them via statement diagnostic bundles, customers can now use the `sql.trace.txn.sample_rate` cluster setting to enable tracing for a fraction of their workload. The `sql.trace.txn.enable_threshold` will still need to be set to a positive value to provide a filter for how slow a transaction needs to be after being sampled to merit emitting a trace. Traces are emitted to the `SQL_EXEC` logging channel. -- `server.jwt_authentication.userinfo_group_key` (reserved) - - CockroachDB can now synchronize SQL role membership from the groups claim contained in a JWT when the cluster setting `server.jwt_authentication.authorization.enabled` is set to `true`. The claim name and the fallback `userinfo` JSON key are configurable by the cluster settings `server.jwt_authentication.group_claim` and `server.jwt_authentication.userinfo_group_key` respectively. This behavior matches the existing LDAP role-sync feature. [#147318][#147318] - - -- `server.telemetry.hot_ranges_stats.enabled` (reserved) - - When the `server.telemetry.hot_ranges_stats.enabled` cluster setting is enabled, nodes check for hot ranges every minute instead of every 4 hours. A node logs its hot ranges when any single replica exceeds 250 ms of CPU time per second. In multi-tenant deployments, the check runs every 5 minutes and logs hot ranges for the entire cluster. [#144414][#144414] - - -- `sql.metrics.application_name.enabled` - - Fixed an issue where some SQL metrics were not reported when `server.child_metrics.enabled` was enabled, `server.child_metrics.include_aggregate.enabled` was disabled, and `sql.metrics.application_name.enabled` and `sql.metrics.database_name.enabled` were also disabled. Specifically, metrics with no children now report their aggregate metrics regardless of the `server.child_metrics.include_aggregate.enabled` cluster setting. - - Added new cluster settings: `sql.metrics.application_name.enabled` and `sql.metrics.database_name.enabled`. These settings default to `false` and can be set to `true` to display the application name and database name, respectively, on supported metrics. [#144610][#144610] - -- `sql.metrics.database_name.enabled` - - Fixed an issue where some SQL metrics were not reported when `server.child_metrics.enabled` was enabled, `server.child_metrics.include_aggregate.enabled` was disabled, and `sql.metrics.application_name.enabled` and `sql.metrics.database_name.enabled` were also disabled. Specifically, metrics with no children now report their aggregate metrics regardless of the `server.child_metrics.include_aggregate.enabled` cluster setting. - - Added new cluster settings: `sql.metrics.application_name.enabled` and `sql.metrics.database_name.enabled`. These settings default to `false` and can be set to `true` to display the application name and database name, respectively, on supported metrics. [#144610][#144610] - -- `sql.sqlcommenter.enabled` - - In the `crdb_internal.cluster_execution_insights` and `crdb_internal.node_execution_insights` virtual tables in a new `query_tags` JSONB column. - - This feature is disabled by default and can be enabled using the `sql.sqlcommenter.enabled` cluster setting. Comments must follow the [SQLCommenter specification](https://google.github.io/sqlcommenter/spec/). [#145435][#145435] - - In the `crdb_internal.cluster_execution_insights` and `crdb_internal.node_execution_insights` virtual tables in a new `query_tags` JSONB column. - - This feature is disabled by default and can be enabled using the `sql.sqlcommenter.enabled` cluster setting. Comments must follow the [SQLCommenter specification](https://google.github.io/sqlcommenter/spec/). [#145435][#145435] - -- `sql.stats.automatic_partial_collection.enabled` - - In v25.1, automatic partial statistics collection was enabled by default (by setting the `sql.stats.automatic_partial_collection.enabled` cluster setting to `true`). Partial statistics collection may encounter certain expected scenarios that were previously reported as failed stats jobs with PostgreSQL error code `55000`. These errors are benign and are no longer reported. Instead, the stats job will be marked as "succeeded," though no new statistics will be created. - -- `sql.trace.txn.enable_threshold` - - In order to selectively capture traces for transactions running in an active workload without having to capture them via statement diagnostic bundles, customers can now use the `sql.trace.txn.sample_rate` cluster setting to enable tracing for a fraction of their workload. The `sql.trace.txn.enable_threshold` will still need to be set to a positive value to provide a filter for how slow a transaction needs to be after being sampled to merit emitting a trace. Traces are emitted to the `SQL_EXEC` logging channel. - -- `sql.trace.txn.sample_rate` - - In order to selectively capture traces for transactions running in an active workload without having to capture them via statement diagnostic bundles, customers can now use the `sql.trace.txn.sample_rate` cluster setting to enable tracing for a fraction of their workload. The `sql.trace.txn.enable_threshold` will still need to be set to a positive value to provide a filter for how slow a transaction needs to be after being sampled to merit emitting a trace. Traces are emitted to the `SQL_EXEC` logging channel. - -- A new feature is now available that automatically captures Go execution traces on a scheduled interval. This feature incurs a performance penalty and is generally intended for use under the guidance of Cockroach Labs Support. This feature can be configured using the following cluster settings: - - `obs.execution_tracer.interval`: Enables the tracer and sets the interval for capturing traces. Set to a value greater than 0 to activate. - - `obs.execution_tracer.duration`: Specifies the duration for each captured trace. - - `obs.execution_tracer.total_dump_size_limit`: Sets the maximum disk space allowed for storing execution traces. Older traces are automatically deleted when this limit is reached. - [#149705][#149705] -- The value of `sql.stats.error_on_concurrent_create_stats.enabled` now defaults to `false`, suppressing error counters for auto stats jobs that fail due to concurrent stats jobs in progress. - [#149857][#149857] +
Setting changes
+- The value of `sql.stats.error_on_concurrent_create_stats.enabled` now defaults to `false`, suppressing error counters for auto stats jobs that fail due to concurrent stats jobs in progress. [#149857][#149857] - The cluster setting `server.client_cert_expiration_cache.capacity` has been deprecated. The client certificate cache now evicts client certificates based on expiration time. [#144181][#144181] + +[#144181]: https://github.com/cockroachdb/cockroach/pull/144181 +[#144610]: https://github.com/cockroachdb/cockroach/pull/144610 +[#145435]: https://github.com/cockroachdb/cockroach/pull/145435 +[#149857]: https://github.com/cockroachdb/cockroach/pull/149857 \ No newline at end of file diff --git a/src/current/_includes/releases/v25.3/deprecations.md b/src/current/_includes/releases/v25.3/deprecations.md index bf8b14d1062..bd78876be3b 100644 --- a/src/current/_includes/releases/v25.3/deprecations.md +++ b/src/current/_includes/releases/v25.3/deprecations.md @@ -1,4 +1,10 @@ -The following deprecations are announced in v25.2. +The following deprecations/removals are announced in v25.3. -- Bullet -- Bullet \ No newline at end of file +- The cluster setting `server.client_cert_expiration_cache.capacity` has been deprecated. The client certificate cache now evicts client certificates based on expiration time. [#144181][#144181] +- `IMPORT TABLE` as well `PGDUMP` and `MYSQLDUMP` formats of `IMPORT` are now fully removed. These have been deprecated since v23.2. [#148248][#148248] +- Removed the 'started' column in `SHOW JOBS`, which was a duplicate of the 'created' column. + [#148464][#148464] + +[#144181]: https://github.com/cockroachdb/cockroach/pull/144181 +[#148248]: https://github.com/cockroachdb/cockroach/pull/148248 +[#148464]: https://github.com/cockroachdb/cockroach/pull/148464 \ No newline at end of file diff --git a/src/current/_includes/releases/v25.3/upgrade-finalization.md b/src/current/_includes/releases/v25.3/upgrade-finalization.md index 5fa44bb867d..ad6ad72c5bb 100644 --- a/src/current/_includes/releases/v25.3/upgrade-finalization.md +++ b/src/current/_includes/releases/v25.3/upgrade-finalization.md @@ -1,7 +1,7 @@ -During a major-version upgrade, certain features and performance improvements may not be available until the upgrade is finalized. In v25.3, these are: +During a major-version upgrade, certain features and performance improvements are available until the upgrade is finalized. In v25.3, these are: -- CITEXT data type () -- Regional By Row constraint table storage parameter +- The `CITEXT` data type +- Support for automatically determining the region column for a REGIONAL BY ROW table using a foreign key constraint - Lock loss detection for weaker isolation levels -- `estimated_last_login_time` column in `SHOW ROLES` output -- Automatic user provisioning via LDAP/AD integration \ No newline at end of file +- Automatic user provisioning via the LDAP/Active Directory integration +- The `estimated_last_login_time` column in `SHOW ROLES`/`SHOW USERS` output \ No newline at end of file diff --git a/src/current/_includes/releases/v25.3/v25.3.0.md b/src/current/_includes/releases/v25.3/v25.3.0.md index 3ecedaa1ab0..28525019503 100644 --- a/src/current/_includes/releases/v25.3/v25.3.0.md +++ b/src/current/_includes/releases/v25.3/v25.3.0.md @@ -25,13 +25,13 @@ Before [upgrading to CockroachDB v25.3]({% link v25.3/upgrade-cockroach-version.

Feature Highlights

-This section summarizes the most significant user-facing changes in v25.3.0 and other features recently made available to CockroachDB users across versions. For a complete list of features and changes in v25.3, including bug fixes and performance improvements, refer to the [release notes]({% link releases/index.md %}#testing-releases) for v25.3 testing releases. You can also search the docs for sections labeled [New in v25.3](https://www.cockroachlabs.com/docs/search?query=new+in+v25.3). +This section summarizes the most significant user-facing changes in v25.3.0 and other features recently made available to CockroachDB users across versions. For a complete list of features and changes in v25.3, including bug fixes and performance improvements, refer to the [release notes]({% link releases/index.md %}#testing-releases) for v25.3 testing releases. You can also search the docs for sections labeled [New in v25.3](https://www.cockroachlabs.com/docs/search?query=New+in+v25.3).

Migrations

- +
@@ -49,8 +49,8 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -83,7 +83,9 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -115,8 +117,14 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -147,9 +155,17 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -181,8 +197,8 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -195,7 +211,7 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -207,8 +223,8 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -242,8 +258,8 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -276,7 +292,7 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -287,9 +303,9 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -321,8 +337,24 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -334,8 +366,24 @@ This section summarizes the most significant user-facing changes in v25.3.0 and @@ -355,7 +403,7 @@ This section summarizes the most significant user-facing changes in v25.3.0 and Before you upgrade, review these changes and other information about the new major version. - +

Backward-incompatible changes

Feature

MOLT Fetch support for Oracle in Public Preview

-

- MOLT Fetch, CockroachDB's bulk and incremental data migration tool, now supports Oracle as a source dialect, significantly streamlining Oracle-to-CockroachDB migrations. This capability is available in Public Preview. +

+ MOLT Fetch, CockroachDB's bulk and incremental data migration tool, now supports Oracle as a source dialect, significantly streamlining Oracle-to-CockroachDB migrations. This capability is available in Preview.

All*

Prometheus Scrape Endpoint: Static Label Support

- CockroachDB now supports additional labels in the Prometheus scrape endpoint, enabling dimensional metrics (e.g., {{metric {status="success"}}) instead of separate metric names (e.g., metric.success, metric.failure). This is available via a new scrape endpoint: /metrics. The change reduces metric sprawl, lowers ingestion and storage costs, and improves compatibility with Prometheus-based tooling. + CockroachDB now supports additional labels in the Prometheus scrape endpoint, enabling dimensional metrics (e.g., {metric {status="success"}}) instead of separate metric names (e.g., metric.success, metric.failure). This is available via a new scrape endpoint: /metrics. + + The change reduces metric sprawl, lowers ingestion and storage costs, and improves compatibility with Prometheus-based tooling.

25.3

Value Separation

+

+ Value separation is introduced in Preview for v25.3, disabled by default. It can be enabled through a cluster setting. +

+

+ This optimization reduces write-amplification—the ratio of total bytes written to disk versus the bytes written to database—by up to 50%. It reduces the write-bandwidth needed per database write operation, and CPU needed for compaction, improving overall write throughput. +

- Value separation is a Public Preview feature introduced in 25.3. By default it is turned off in 25.3. It can be enabled by setting storage.value_separation.enabled to "true". Traditionally, both keys and values are stored inline in SSTables. When value separation is enabled, some values are stored outside SSTables in external blob files. When a value is separated, the SSTable contains a value pointer describing the location of the value in an external blob file. During compaction, only the key and its value pointer are copied from one level to another, conserving write bandwidth when values are large. This optimization reduces write-amplification (the ratio of total bytes written to disk versus the bytes written to database) by up to 50%. This reduces the write-bandwidth needed per database write operation and CPU needed for compaction, improving overall write throughput. + Traditionally, both keys and values are stored inline in SSTables. When value separation is enabled, some values are stored outside SSTables in external blob files. When a value is separated, the SSTable contains a value pointer describing the location of the value in an external blob file. During compaction, only the key and its value pointer are copied from one level to another, conserving write bandwidth when values are large.

25.3
-

Automated SQL User Provisioning via LDAP/AD Integration

-

- This release introduces automated provisioning of SQL users through LDAP/Active Directory (AD) integration. This feature enables complete automation of SQL user management, directly leveraging your existing centralized LDAP or Active Directory infrastructure. Key benefits: Enhanced Security: Centralized user management in LDAP/AD improves security policy enforcement and reduces manual error risks. Increased Efficiency: Automates user provisioning, de-provisioning, and role assignments. Simplified Auditing: Provides a single source of truth for user identities. Reduced Overhead: Eliminates separate SQL user management processes. This integration allows the entire SQL user lifecycle to be managed from LDAP/AD systems, improving overall security and operational efficiency. +

Automated SQL user provisioning via LDAP/Active Directory integration

+

+ This release introduces automated provisioning of SQL users through the LDAP/Active Directory integration built into CockroachDB. This feature enables complete automation of SQL user management, directly leveraging your existing centralized LDAP or Active Directory infrastructure. +

+

Key benefits include: +

    +
  • Enhanced Security: Centralized user management improves security policy enforcement and reduces manual error risks.
    • +
  • Increased Efficiency: Automates user provisioning, de-provisioning, and role assignments.
    • +
  • Simplified Auditing: Provides a single source of truth for user identities.
    • +
  • Reduced Overhead: Eliminates separate SQL user management processes. This integration allows the entire SQL user lifecycle to be managed from LDAP/AD systems, improving overall security and operational efficiency.
    • +

25.3

CITEXT data type

-

- CockroachDB now supports the CITEXT data type, enabling case-insensitive text storage and comparisons at the SQL layer. This feature simplifies common tasks like user authentication, email matching, and other use cases where case should not affect query logic. By eliminating the need for manual LOWER() functions or ILIKE operations, CITEXT streamlines query writing and improves readability. +

+ CockroachDB now supports the CITEXT data type, enabling case-insensitive text storage and comparisons at the SQL layer. This feature simplifies common tasks like user authentication, email matching, and other use cases where case should not affect query logic. By eliminating the need for manual LOWER() functions or ILIKE operations, CITEXT streamlines query writing and improves readability.

25.3

UDFs and Stored Procedures supported in view definitions

- CockroachDB now supports using user-defined functions (UDFs) and stored procedures in view definitions, allowing more powerful and reusable logic to be embedded directly in views. This capability enhances flexibility when defining complex views by enabling calls to both SQL and PL/pgSQL routines, making it easier to encapsulate business logic and maintain cleaner schemas. The feature also improves compatibility with PostgreSQL, simplifying the process of migrating existing applications that rely on function- or procedure-based view logic. + CockroachDB now supports using user-defined functions (UDFs) and stored procedures in view definitions, allowing more powerful and reusable logic to be embedded directly in views. This capability enhances flexibility when defining complex views by enabling calls to both SQL and PL/pgSQL routines, making it easier to encapsulate business logic and maintain cleaner schemas. The feature also improves compatibility with PostgreSQL, simplifying the process of migrating existing applications that rely on function- or procedure-based view logic.

25.3

Vector Indexing Improvements

-

- Vector indexes in CockroachDB now support cosine distance and inner product, giving users more flexibility in selecting similarity metrics that best suit their machine learning or AI workloads. Together, these improvements make it easier to build and scale intelligent applications directly on CockroachDB. +

+ Vector indexes in CockroachDB now support cosine distance and inner product, giving users more flexibility in selecting similarity metrics that best suit their machine learning or AI workloads. Together, these improvements make it easier to build and scale intelligent applications directly on CockroachDB.

25.3

Physical Cluster Replication on CockroachDB Cloud Advanced Clusters

-

- Physical Cluster Replication is now available in limited access on CockroachDB Cloud Advanced clusters, allowing customers to establish a two-datacenter (2DC) resiliency strategy with active-passive deployments for low data loss and downtime in failover scenarios. +

+ Physical Cluster Replication is now available in Limited Access on CockroachDB Cloud Advanced clusters, allowing customers to establish a two-datacenter (2DC) resiliency strategy with active-passive deployments for low data loss and downtime in failover scenarios.

All*

Self-Service Invoice PDFs Now Available in Console

- Customers can now independently generate and download invoice PDFs directly from the console. + Customers can now independently generate and download invoice PDFs directly from the CockroachDB Cloud console.

All*
-

Invoice APIs upgraded to show draft invoices of the current billing cycle

-

- The Invoice APIs to get the list invoices for a given organization and to get specific invoices for an organization using an invoice ID are now upgraded to retrieve draft invoices of the current billing cycle. +

Invoice APIs can now provide draft invoices of the current billing cycle

+

+ The Invoice API endpoints for listing the invoices for a given organization and retrieving specific invoices for an organization by invoice ID are now upgraded to also retrieve draft invoices of the current billing cycle.

All*

Egress Perimeter Controls for CockroachDB Cloud on Azure Advanced Tier (PCI Compliance - Ready)

+

+ This release introduces Egress Perimeter Controls for CockroachDB Cloud Advanced clusters on Microsoft Azure, specifically designed to support PCI DSS compliance. This feature is in Preview. +

+ +

+ This feature enables customers to restrict outbound network traffic from their CockroachDB Cloud cluster to a predefined list of external destinations. This is a critical control for organizations handling cardholder data, as it helps meet PCI DSS Requirement 1.2.1 and 1.3.4, which mandate limiting inbound and outbound traffic to only that which is necessary and explicitly denying all other unauthorized egress. +

+ +

Key features and benefits:

+
    +
  • Enhanced Security: Granular control over outbound network connections from your CockroachDB cluster, minimizing the attack surface and preventing unauthorized data exfiltration.
    • +
  • PCI DSS Compliance: Directly addresses specific PCI DSS requirements (e.g., controlling and restricting egress traffic), assisting organizations in achieving and maintaining compliance for their cardholder data environments (CDE).
    • +
  • Data Protection: Ensures that sensitive data egress, such as backups or change data capture (CDC), is confined to approved, secure destinations.
    • +
  • Reduced Risk: Mitigates the risk of data breaches and unauthorized access by enforcing strict network boundaries around your database.
    • +
+

- This release introduces Egress Perimeter Controls for CockroachDB Cloud Advanced clusters on Microsoft Azure, specifically designed to support PCI DSS compliance. This feature enables customers to restrict outbound network traffic from their CockroachDB Cloud cluster to a predefined list of external destinations. This is a critical control for organizations handling cardholder data, as it helps meet PCI DSS Requirement 1.2.1 and 1.3.4, which mandate limiting inbound and outbound traffic to only that which is necessary and explicitly denying all other unauthorized egress. Key features and benefits: Enhanced Security: Granular control over outbound network connections from your CockroachDB cluster, minimizing the attack surface and preventing unauthorized data exfiltration. PCI DSS Compliance: Directly addresses specific PCI DSS requirements (e.g., controlling and restricting egress traffic), assisting organizations in achieving and maintaining compliance for their cardholder data environments (CDE). Data Protection: Ensures that sensitive data egress, such as backups or change data capture (CDC), is confined to approved, secure destinations. Reduced Risk: Mitigates the risk of data breaches and unauthorized access by enforcing strict network boundaries around your database. This functionality provides a vital security layer for customers operating under stringent regulatory requirements like PCI DSS on Azure, enabling a more secure and compliant cloud database environment. + This functionality provides a vital security layer for customers operating under stringent regulatory requirements like PCI DSS on Azure, enabling a more secure and compliant cloud database environment.

All*

Customer-Managed Encryption Keys (CMEK) for CockroachDB Cloud on Azure Advanced Tier

+

+ This release introduces Customer-Managed Encryption Keys (CMEK) for CockroachDB Cloud Advanced clusters on Microsoft Azure. This Preview feature provides enhanced data security and supports PCI DSS compliance. +

+ +

+ CMEK enables customers to control the encryption keys used to protect their data at rest within CockroachDB Cloud on Azure. Keys are managed via the customer's Azure Key Vault. +

+ +

Key benefits:

+
    +
  • Enhanced Data Security: Customers control key lifecycle (creation, rotation, revocation), improving data protection.
    • +
  • PCI DSS Compliance: Addresses PCI DSS Requirement 3 for protecting stored cardholder data.
    • +
  • Operational Control: Provides greater control and visibility over data encryption strategy.
    • +
  • Data Revocation Capability: Enables immediate data access revocation by disabling the encryption key in Azure Key Vault.
    • +
+

- This release introduces Customer-Managed Encryption Keys (CMEK) for CockroachDB Cloud Advanced clusters on Microsoft Azure. This feature provides enhanced data security and supports PCI DSS compliance. CMEK enables customers to control the encryption keys used to protect their data at rest within CockroachDB Cloud on Azure. Keys are managed via the customer's Azure Key Vault. Key benefits: Enhanced Data Security: Customers control key lifecycle (creation, rotation, revocation), improving data protection. PCI DSS Compliance: Addresses PCI DSS Requirement 3 for protecting stored cardholder data. Operational Control: Provides greater control and visibility over data encryption strategy. Data Revocation Capability: Enables immediate data access revocation by disabling the encryption key in Azure Key Vault. This functionality is critical for organizations handling sensitive data and seeking PCI DSS compliance on the Azure Advanced Tier of CockroachDB Cloud. + This functionality is critical for organizations handling sensitive data and seeking PCI DSS compliance on the Azure Advanced Tier of CockroachDB Cloud.

All*