From a09922cfc7d1afcba17a9296bb7a61015b4fa057 Mon Sep 17 00:00:00 2001 From: Automated Release Bot Date: Wed, 3 Jun 2026 18:29:54 +0000 Subject: [PATCH 1/6] Update release notes for v26.3-v26.3.0-alpha.1 --- src/current/_data/versions.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/current/_data/versions.csv b/src/current/_data/versions.csv index 8821c059fc5..258994d14fd 100644 --- a/src/current/_data/versions.csv +++ b/src/current/_data/versions.csv @@ -22,4 +22,4 @@ v25.3,2025-08-04,2026-02-04,N/A,N/A,N/A,N/A,N/A,N/A,v25.2,release-25.3,2029-08-0 v25.4,2025-11-03,2026-11-03,2027-05-03,25.4.9,25.4.10,2026-05-03,2027-05-03,2028-05-03,v25.3,release-25.4,2029-11-03 v26.1,2026-02-02,2026-08-02,N/A,N/A,N/A,N/A,N/A,N/A,v25.4,release-26.1,2030-02-02 v26.2,2026-04-27,2027-04-27,2027-10-27,N/A,N/A,N/A,N/A,N/A,v26.1,release-26.2,2030-04-27 -v26.3,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A,v26.2,release-26.2,N/A +v26.3,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A,v26.2,master,N/A From e592b1cb2d279af1eb0a7d59bc2ab1275fcafccd Mon Sep 17 00:00:00 2001 From: Automated Release Bot Date: Wed, 3 Jun 2026 18:29:55 +0000 Subject: [PATCH 2/6] Update release notes for v26.3-v26.3.0-alpha.1 --- src/current/_data/releases.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml index a8640d37d20..b5c9eb74db1 100644 --- a/src/current/_data/releases.yml +++ b/src/current/_data/releases.yml @@ -11695,3 +11695,30 @@ CockroachDB Cloud clusters. To request to upgrade a CockroachDB self-hosted cluster to this version, [contact support](https://support.cockroachlabs.com/hc/requests/new). + + +- release_name: v26.3.0-alpha.1 + major_version: v26.3 + release_date: '2026-06-10' + release_type: Testing + go_version: go1.26.2 + sha: 0aec20a64f131779929abbd1dea7958e5171966c + has_sql_only: true + has_sha256sum: true + mac: + mac_arm: true + mac_arm_experimental: true + mac_arm_limited_access: false + windows: true + linux: + linux_arm: true + linux_arm_experimental: false + linux_arm_limited_access: false + linux_intel_fips: true + linux_arm_fips: false + docker: + docker_image: cockroachdb/cockroach-unstable + docker_arm: true + docker_arm_experimental: false + docker_arm_limited_access: false + source: true From cc66a4c6943c6192ea0046bae8eb85426ed15748 Mon Sep 17 00:00:00 2001 From: Automated Release Bot Date: Wed, 3 Jun 2026 18:29:57 +0000 Subject: [PATCH 3/6] Update release notes for v26.3-v26.3.0-alpha.1 --- .../releases/v26.3/v26.3.0-alpha.1.md | 1029 +++++++++++++++++ 1 file changed, 1029 insertions(+) create mode 100644 src/current/_includes/releases/v26.3/v26.3.0-alpha.1.md diff --git a/src/current/_includes/releases/v26.3/v26.3.0-alpha.1.md b/src/current/_includes/releases/v26.3/v26.3.0-alpha.1.md new file mode 100644 index 00000000000..6ee45de7e57 --- /dev/null +++ b/src/current/_includes/releases/v26.3/v26.3.0-alpha.1.md @@ -0,0 +1,1029 @@ +## v26.3.0-alpha.1 + +Release Date: June 10, 2026 + +{% include releases/new-release-downloads-docker-image.md release=include.release %} + +

Backward-incompatible changes

+ +- User-defined views that reference `crdb_internal` virtual tables now enforce unsafe access checks. To restore the previous behavior, set the session variable `allow_unsafe_internals` or the cluster setting `sql.override.allow_unsafe_internals.enabled` to `true`. +- Non-admin users running + RESTORE DATABASE now require the RESTORE system privilege; the + previously deprecated CREATEDB role option fallback no longer + suffices. Non-admin users running RESTORE TABLE now require the + RESTORE privilege on the parent database; the previously deprecated + CREATE privilege fallback no longer suffices. + + Co-Authored-By: roachdev-claude + +

Security updates

+ +- Removed an overly restrictive TLS curve preference that limited FIPS mode to P-256. CockroachDB now uses Go's native FIPS curve selection, improving interoperability with clients that prefer other FIPS curves. +- Zone configuration changes + (ALTER ... CONFIGURE ZONE) are now logged on the SENSITIVE_ACCESS + audit log channel for all users, not just admin users. A new + zone_config_audit event is emitted whenever any user sets or + discards a zone configuration. + + Co-Authored-By: Claude Opus 4.6 +- Bumped several frontend dependencies + to address known CVEs: lodash to 4.18.1, immer to 9.0.21, elliptic + to 6.6.1, and bn.js to 4.12.3/5.2.3. + + Co-Authored-By: roachdev-claude +- A new metric `auth.min_password_length` + reports the configured minimum password length for the cluster. This + enables operators to monitor and alert on password length policy, + ensuring compliance with organizational security requirements. + + Co-Authored-By: Claude Opus 4.6 (1M context) +- A new metric + `auth.password_encryption.is_scram` reports whether password encryption + is configured to use SCRAM-SHA-256 (1) or crdb-bcrypt (0). This enables + operators to verify and alert on password hashing policy across the + cluster, supporting security compliance requirements. + + Co-Authored-By: Claude Opus 4.6 (1M context) + +

General changes

+ +- CREATE CHANGEFEED statement now + supports `csv_header` option, which can be used on csv format for + webhook and cloud storage, it will stream row of column header. On + webhook sinks, the first bytes of each HTTP POST body are the column + header line (when batching allows multiple rows per request, the + header appears once at the start of that body). On cloud storage sinks, + the same header line is written once at the beginning of each CSV + file the changefeed creates + + Release note (backward-incompatible change): csv rows in the http/webhook + sink are now separated by a newline. Previously, all rows in a batch were + concatenated on a single line. +- Spatial libraries from Cockroach now + rely on GEOS 3.14 instead of GEOS 3.13. +- rangefeed catch-up scans for high + priotity rangefeeds now receive dispatch priority over bulk consumers. + + Epic: none + + Co-Authored-By: roachdev-claude +- follow-the-workload rebalancing (see + Follow-the-Workload Topology in our docs) is now disabled by default as + part of its deprecation. The + \`kv.allocator.load_based_lease_rebalancing.enabled\` cluster setting is + retired and hidden from SHOW CLUSTER SETTINGS, but can still be set to + re-enable the feature if needed. + + Co-Authored-By: roachdev-claude +- Statement bundles produced by EXPLAIN + ANALYZE (DEBUG) now include descriptors.json (pretty-printed + descriptor JSON for each object used by the statement) and + schema_changes.txt (recent schema-change history for those + descriptors). + +

SQL language changes

+ +- Added a sql.udf.count metric that tracks the + number of SQL statements that invoke a user-defined function. + + Co-Authored-By: Claude Opus 4.6 +- Added two new views in information_schema: + information_schema.crdb_statement_statistics and + information_schema.crdb_transaction_statistics. They expose persisted + user-workload SQL statement and transaction statistics with a stable + schema. Data lags by at most one SQL stats flush interval + (default 10 minutes). For real-time statistics, continue using + crdb_internal.cluster_statement_statistics. +- CockroachDB now supports CREATE DOMAIN and + DROP DOMAIN syntax for defining named types based on existing types with + optional constraints. Constraint enforcement is not yet implemented. + + Co-Authored-By: Claude Opus 4.6 +- Added `ALTER DATABASE ... ALTER SUPER REGION ... SURVIVE {ZONE|REGION} FAILURE` syntax, allowing individual super regions to have their own survival goal independent of the database default. +- Multi-region databases now support zone configuration extensions at the super region level via `ALTER DATABASE ... ALTER LOCALITY SUPER REGION CONFIGURE ZONE`. This allows setting zone config properties (e.g., `num_voters`, `num_replicas`) that apply to all tables and partitions whose affinity region belongs to the named super region. +- `EXPLAIN` and `EXPLAIN ANALYZE` now display a `table stats mode` field (`canary` or `stable`) when the `sql.stats.canary_fraction` cluster setting is greater than 0, indicating which table statistics were used for query planning. Scan nodes for tables with active canary stats also show the configured canary window duration. +- Added a TRUNCATE table privilege, + matching PostgreSQL's privilege model. Users can now GRANT TRUNCATE + and REVOKE TRUNCATE on tables. The TRUNCATE statement accepts either + the new TRUNCATE privilege or the existing DROP privilege for backward + compatibility. + + Co-Authored-By: roachdev-claude +- Added a new cluster setting, `sql.schema.auto_unlock.enabled`, that controls whether DDL operations automatically unlock `schema_locked` tables. When set to `false`, DDL on schema-locked tables is blocked unless the user manually unlocks the table first. This allows customers using LDR to enforce `schema_locked` as a hard lock that prevents user-initiated DDL. The default is `true`, preserving existing behavior. +- Exposed the following settings for canary table statistics: + - Cluster setting `sql.stats.canary_fraction`: probability that table statistics will use canary mode (i.e., always use the freshest stats) instead of stable mode (i.e., use the second-freshest stats) for query planning [0.0-1.0]. + - Session variable `canary_stats_mode`: When `sql.stats.canary_fraction` is greater than `0`, controls which table statistics are used for query planning on the current session: `on` always uses the newest (canary) stats immediately when they are collected, `off` delays using new stats until they outlive the canary window, and `auto` selects probabilistically based on the canary fraction. Has no effect when `sql.stats.canary_fraction` is `0`. +- EXPLAIN and EXPLAIN ANALYZE now display + statement hint counts as "applied" versus "skipped" rather than a + simple total. Hints that fail at runtime (e.g. referencing a + non-existent index or an invalid session variable) are correctly + reflected as skipped. + + Co-Authored-By: roachdev-claude +- EXPLAIN (VERBOSE) and EXPLAIN ANALYZE + (VERBOSE) now include a detailed tree of statement hints showing + each hint's type, configuration (donor SQL or variable name/value), + and skip reason when applicable. +- SHOW RANGES now accepts a WITH ZONE + option that includes a `zone_config` JSONB column in the output. + This column contains the fully resolved zone configuration + (with inheritance applied) for each range, enabling queries such + as finding ranges that are under-replicated relative to their + desired replication factor. + Co-Authored-By: roachdev-claude +- The CREATE LOGICALLY REPLICATED TABLE + statement now supports a SKIP FOREIGN KEYS option that omits foreign + key constraints from the destination table. +- Added a new cluster setting `sql.prepared_transactions.unsafe.enabled` (default: `false`) that controls whether `PREPARE TRANSACTION` statements are accepted. This setting is marked unsafe and requires the unsafe setting interlock to change. When disabled, attempting to prepare a transaction returns an error. `COMMIT PREPARED` and `ROLLBACK PREPARED` remain available regardless of this setting to allow cleanup of existing prepared transactions. +- Aggregation function `ST_AsMVT` can now also be used as a window function. +- `CREATE CHANGEFEED FOR DATABASE` now returns an error stating that the feature is not implemented. +- The `information_schema.crdb_delete_statement_hints` built-in function now accepts an optional second `database` argument to delete only hints scoped to a specific database. +- The `information_schema.crdb_enable_statement_hints` built-in function now accepts an optional third `database` argument to enable or disable only hints scoped to a specific database. +- Added support for an upper bound latency + threshold when collecting statement diagnostics bundles. The new + max_execution_latency column allows filtering bundles to a specific + latency range for more targeted performance investigation. + + Co-Authored-By: Claude Sonnet 4.5 +- The DROP PROVISIONED ROLES statement is now + fully wired into the SQL execution pipeline. It bulk-drops + provisioned (auto-created) users matching filter criteria, skipping + users that own objects or have other dependencies. The existing + DROP ROLE / DROP USER statements are not affected by this change. + + Examples: + + DROP PROVISIONED ROLES; + DROP PROVISIONED ROLES WITH SOURCE = 'ldap:ldap.example.com'; + DROP PROVISIONED ROLES WITH SOURCE = 'oidc:okta.corp.com', + LAST ACCESS TIME OLDER THAN '2025-01-01' LIMIT 100; +- The `name` type now supports subscript access with 0-based indexing, matching PostgreSQL behavior. For example, `('hello'::name)[0]` returns `'h'`. Out-of-bounds access returns `NULL`. +- Added the pg_get_statisticsobjdef() builtin + function, which returns the CREATE STATISTICS DDL for a given statistics + object OID. + + Co-Authored-By: roachdev-claude +- Changed the default value of the session variable `optimizer_span_limit` to `131072`. This bounds the number of spans the optimizer will allow in constrained index scans generated during query optimization. Queries that would exceed this limit will use fewer looser spans with remaining filters instead. Set to `0` to disable the limit. +- Statement bundles for CREATE FUNCTION and + CREATE PROCEDURE will now contain pretty-printed function bodies. +- DO statements will now be pretty-printed in + statement bundles. +- Setting `skip_unique_checks = true` on an index now emits a notice warning that unique constraint enforcement is bypassed, with a pointer to the `INSPECT` documentation. +- The `create_statement` column in + SHOW CREATE FUNCTION/PROCEDURE is now pretty-printed. +- `pg_catalog` no longer shows the synthetic primary key constraint or its backing index for materialized views. This matches PostgreSQL, which never attaches a constraint or index to a materialized view implicitly. +- SHOW TRACE FOR SESSION now displays span + start messages using the `=== operation: ` format instead + of `=== SPAN START: ===`. The new format includes span tags + such as `_verbose`, `_dropped_logs`, and `_dropped_children`, making + it easier to identify when trace data has been truncated. + + Co-Authored-By: roachdev-claude +- Creating a statement hint that conflicts with + an existing one now emits a NOTICE informing the user that older hints + will be skipped. Use SHOW STATEMENT HINTS to identify stale hints. +- The `zone_config_conformant` column in + `SHOW RANGES WITH ZONE` has been renamed to `zone_config_needs_split` + with inverted semantics: `true` means the range crosses a zone config + boundary and should be split. + + Co-Authored-By: Claude Opus 4.6 +- Added a `pg_dump_compatibility` session + variable that improves compatibility with the pg_dump PostgreSQL tool. + Set it to `postgres` to make pg_catalog report OIDs that match the + hardcoded ones expected by pg_dump, hide CockroachDB-internal objects, + and make other fixups that allow pg_dump output to run on non-CockroachDB + servers. Set it to `cockroachdb` for the same pg_catalog fixes while + keeping CockroachDB-specific syntax. Like other session variables, + `pg_dump_compatibility` can be set in the connection string. +- EXPLAIN ANALYZE now reports KV + statistics (gRPC calls, bytes read, pairs read, KV time, + KV CPU time) for vector search and vector mutation search + operations, matching the detail already shown for other + operations like lookup joins and table scans. +- EXPLAIN ANALYZE for vector index + operations now includes contention time, MVCC scan statistics, + and tenant RU consumption. +- Renamed the `canary_stats_mode` session variable values from `"off"`/`"on"` to `"force_stable"`/`"force_canary"`. These modes now work independently of the `sql.stats.canary_fraction` cluster setting, allowing per-session opt-in without cluster-wide enrollment. +- Support for PostgreSQL compatible + transaction-level advisory lock functions (pg_advisory_xact_lock, + pg_advisory_xact_lock_shared, pg_try_advisory_xact_lock, and + pg_try_advisory_xact_lock_shared, including int4 two-argument + overloads). Locks are tied to the SQL transaction and released on commit + or rollback. +- Added query, query_summary, and database + columns to crdb_internal.cluster_statement_statistics, + crdb_internal.statement_statistics, crdb_internal.statement_statistics_persisted, + and crdb_internal.statement_activity virtual tables. These columns expose + the statement text, summary, and originating database directly without + requiring callers to parse the metadata JSONB column. +- Added support for the `ST_3DDistance` and `ST_3DDWithin` geospatial functions, which compute minimum distance and within-distance checks using 3D Euclidean distance. These functions consider the Z coordinate of geometries, unlike their 2D counterparts `ST_Distance` and `ST_DWithin`. +- EXPLAIN now recommends vector indexes for + queries that use vector distance operators (<->, <=>, <#>) with + ORDER BY ... LIMIT, including support for equality prefix columns + and all three distance metrics (L2, cosine, inner product). +- Added a new cluster setting `sql.stats.table_statistics_cache.capacity` that controls the maximum number of tables whose statistics are retained in the in-memory LRU cache (default: `256`). +- CockroachDB now reports PostgreSQL + version 18.0.0 in the `server_version` and `server_version_num` + read-only configuration parameters. pg_catalog virtual tables are + now aligned with the PostgreSQL 18 schema. Changes include: + - Updated schemas for pg_attribute, pg_auth_members, pg_class, + pg_collation, pg_constraint, pg_database, pg_prepared_statements, + pg_statistic_ext, and pg_type with new and corrected columns. + - Fixed 14 pre-existing column type mismatches across pg_am, + pg_conversion, pg_enum, pg_extension, pg_operator, pg_range, + pg_seclabel, pg_settings, and pg_stat_activity. + - Updated 35 unimplemented and stub table schemas to match + PostgreSQL 18: pg_group, pg_hba_file_rules, pg_indexes, + pg_inherits, pg_language, pg_locks, pg_proc, pg_publication, + pg_publication_rel, pg_publication_tables, pg_range, + pg_replication_slots, pg_stat_activity, pg_stat_all_indexes, + pg_stat_all_tables, pg_stat_database, pg_stat_database_conflicts, + pg_stat_gssapi, pg_stat_progress_analyze, pg_stat_progress_vacuum, + pg_stat_subscription, pg_stat_sys_indexes, pg_stat_sys_tables, + pg_stat_user_indexes, pg_stat_user_tables, pg_stat_xact_all_tables, + pg_stat_xact_sys_tables, pg_stat_xact_user_tables, + pg_statio_user_sequences, pg_statistic_ext_data, pg_stats, + pg_stats_ext, pg_subscription, pg_ts_parser, and pg_user_mapping. + - Added 15 new stub tables: pg_aios, pg_backend_memory_contexts, + pg_ident_file_mappings, pg_parameter_acl, pg_publication_namespace, + pg_shmem_allocations_numa, pg_stat_checkpointer, pg_stat_io, + pg_stat_progress_copy, pg_stat_recovery_prefetch, + pg_stat_replication_slots, pg_stat_subscription_stats, + pg_stat_wal, pg_stats_ext_exprs, and pg_wait_events. + + Co-Authored-By: roachdev-claude +- Added syntax and implemented support for the + "(SEQUENCE NAME )" clause on `ALTER TABLE ... ADD GENERATED ... + AS IDENTITY` and `ALTER TABLE ... ADD COLUMN ... GENERATED AS IDENTITY` + The clause names the backing sequence explicitly instead of using the + auto-generated __seq pattern. + + Co-Authored-By: roachdev-claude +- CockroachDB now supports PostgreSQL 18's + "(SEQUENCE NAME )" clause on GENERATED AS IDENTITY columns in + CREATE TABLE. The clause names the backing sequence explicitly instead + of using the auto-generated
__seq pattern. + + Co-Authored-By: roachdev-claude +- Added PostgreSQL-compatible built-in + functions factorial, gcd, lcm, scale, min_scale, trim_scale, + log10, erf, erfc, and random_normal. + + Co-Authored-By: roachdev-claude +- Added a 3-argument overload of `ST_DistanceSpheroid` that accepts a textual `SPHEROID` definition (e.g., `'SPHEROID["GRS_1980",6378137,298.257222101]'`) as the third argument, matching the PostGIS signature. The supplied spheroid is used for the geodesic distance computation in place of the one derived from the geographies' SRID. +- Conflicting names in `ALTER TYPE ... RENAME + VALUE` error consistently with Postgres. +- Added a REFERENCES privilege for tables, + matching PostgreSQL behavior. Foreign key creation now requires the + REFERENCES privilege on the referenced (parent) table instead of + CREATE. The child (origin) table still requires CREATE. Existing + users with CREATE on tables are automatically granted REFERENCES + during upgrade. The REFERENCES privilege can be granted and revoked + independently via GRANT/REVOKE REFERENCES ON
. Note that + restoring a pre-26.3 backup onto a 26.3+ cluster does not + automatically grant REFERENCES to users who had CREATE; an explicit + GRANT REFERENCES is needed to create foreign keys on restored tables. + + Co-Authored-By: roachdev-claude +- Foreign keys are now allowed to be created + when the referenced table has a unique constraint on a subset of the + referenced columns. Creation of new subset-unique foreign keys can be + disabled by setting the cluster setting `sql.subset_unique_fks.enabled` + to false. +- Added support for the pg_locks table, which only + supports the monitoring of advisory locks. +- `ALTER TYPE ... SET (property = value)` now returns a clear unimplemented error instead of a syntax error. +- The implicit_txn column has been removed + from crdb_internal.node_statement_statistics, and the implicitTxn key + has been removed from the metadata JSONB column of + system.statement_statistics rows written by new binaries. Because + ConstructStatementFingerprintID no longer incorporates the implicit-txn + flag, all statement and transaction fingerprint IDs change after + upgrade; users may temporarily see duplicate rows per query in SQL + Activity until the pre-upgrade stats age out via TTL. +- A new cluster setting `sql.log.failed_query.enabled` causes every SQL statement that ends in an error to be logged on the `SQL_EXEC` log channel as a `failed_query` event, including the statement text, SQLSTATE, and error text. A companion setting `sql.log.failed_query.internal_queries.enabled` does the same for internally executed statements. Both default to off. Operators can use this to derive custom metrics for specific error classes without enabling `sql.log.all_statements.enabled`. +- Added support for the ST_3DPerimeter + geospatial function. + + Co-Authored-By: roachdev-claude +- Added support for the ST_3DMaxDistance, + ST_3DDFullyWithin, and ST_3DIntersects geospatial functions. + + Co-Authored-By: roachdev-claude +- ST_3DDistance and ST_3DDWithin now fall back + to 2D distance when either input lacks a Z dimension, matching PostGIS. + Previously the missing Z was treated as 0. +- Added support for the ST_3DShortestLine, + ST_3DLongestLine, and ST_3DClosestPoint geospatial functions. + + Co-Authored-By: roachdev-claude +- The system.statement_statistics metadata + JSONB column no longer carries a copy of the statement query text, + query summary, or database for rows newly flushed once the cluster + has finalized 26.3. Consumers should source these values from + system.statements (or via the query, query_summary, and database + columns on the crdb_internal.statement_statistics{,_persisted} and + crdb_internal.statement_activity views, which already join to it). +- CockroachDB now recognizes the fixed-offset timezone abbreviations defined by PostgreSQL's `pg_timezone_abbrevs` view (such as `EST`, `PST`, `EAT`, `CET`) when parsing `timestamptz` literals. Previously these abbreviations returned an "unimplemented" error. The abbreviations are also now exposed via the `pg_catalog.pg_timezone_abbrevs` virtual table. +- PL/pgSQL routines can now access fields of + composite-typed variables without surrounding the variable name in + parentheses (for example `v.x` in addition to the previously required + `(v).x`), matching PostgreSQL behavior. When a PL/pgSQL variable + shadows a column with the same name in a SQL statement inside the + routine, the reference is now rejected as ambiguous instead of being + silently resolved. +- Two new session variables, `distsql_plan_locality_filter` and `distsql_plan_locality_filter_strict`, allow restricting DistSQL physical planning of a session's queries to SQL instances whose locality matches a user-supplied filter. These variables mirror the `EXECUTION LOCALITY` option already available for `BACKUP`, `RESTORE`, and `CHANGEFEED` jobs. +- Added the `pg_get_function_sqlbody` built-in function for compatibility with PostgreSQL 14+. The function returns `NULL` for all functions today, matching PostgreSQL's behavior for functions defined with the `AS $$..$$` syntax. +- The operation-specific events + `alter_type_add_value`, `alter_type_rename_value`, and + `alter_type_drop_value` replace the general `alter_type` event. +- The `custom_plans` and `generic_plans` columns in `pg_prepared_statements` now report the number of times a custom or generic plan was used for each prepared statement, matching PostgreSQL behavior. +- CockroachDB now sends `default_transaction_read_only`, `in_hot_standby`, `search_path`, and `scram_iterations` as `ParameterStatus` messages during connection startup, matching PostgreSQL 18 behavior. +- The `pg_catalog.pg_proc` columns `procost`, `prorows`, `prosupport`, and `proparallel` now return PostgreSQL-compatible default values instead of `NULL`. Built-ins report `procost=1`, user-defined functions report `procost=100`, `prorows` is `1000` for set-returning routines and `0` otherwise, `prosupport` is `-`, and `proparallel` is `u` (unsafe) for all routines because CockroachDB does not track parallel safety. +- `pg_catalog.pg_constraint` now exposes `NOT NULL` constraints as named entries, matching PostgreSQL behavior for non-nullable columns. These entries use `contype='n'`, set `conkey` to an array containing the column's `attnum`, and set `conname` to a name like `{table}_{column}_not_null`. +- `GENERATED ALWAYS AS ()` and `AS ()` column definitions no longer require a trailing `STORED` or `VIRTUAL` keyword. When neither is specified, the column defaults to `VIRTUAL`, matching PostgreSQL. +- EXPLAIN ANALYZE now displays the SQL CPU + time line for all queries, including mutations and queries that run + through the row-by-row execution engine. Previously this line was + only shown for non-mutation queries that ran through the vectorized + execution engine. +- Stored procedures that contain DDL statements now return an error when called from inside an explicit transaction (`BEGIN ... COMMIT`). Call such procedures outside of an explicit transaction. +- `CREATE SCHEMA`, `DROP SCHEMA`, `CREATE ROLE`, and `DROP ROLE` can now be used in PL/pgSQL stored procedure bodies. +- CockroachDB now supports `ALTER DOMAIN ... OWNER TO` statements. +- Added the + crdb_internal.tsdb_query(name, start_time, end_time) generator, + which returns aggregated datapoints from the in-cluster TSDB for + the named metric over the requested time window. Requires the + VIEWCLUSTERMETADATA system privilege. + + Co-Authored-By: roachdev-claude +- Added a fourth, optional JSONB argument + to crdb_internal.tsdb_query() that controls TSDB-side downsampling, + derivative, source filtering, and cross-source aggregation. The + JSONB schema is documented in the function description; see \df+ + crdb_internal.tsdb_query. Listing sources without source_aggregator + returns per-source rows; otherwise the call returns one row per + bucket with the source column NULL. + + Co-Authored-By: roachdev-claude +- Added two cluster settings, + sql.crdb_internal.tsdb_query.max_time_range (default 7d, max + 30d) and sql.crdb_internal.tsdb_query.max_rows (default 500k, + max 5M), that bound the work a single crdb_internal.tsdb_query + call may do. Queries that would exceed either cap are rejected + with an error whose hint names the setting to tune. + + Co-Authored-By: roachdev-claude +- Added the `pg_database_size` PostgreSQL-compatible built-in function. It returns an approximate on-disk size sourced from a periodically refreshed cache. +- Added the `pg_relation_size`, `pg_table_size`, and `pg_total_relation_size` PostgreSQL-compatible built-in functions for table relations. Sizes come from a periodically refreshed cache and may lag the true value by minutes. Index OIDs and `pg_indexes_size` are not yet supported; they will be added in a follow-up. +- Added the `pg_size_pretty` and `pg_size_bytes` PostgreSQL-compatible built-in functions. +- CockroachDB now supports the + COMMENT ON VIEW and COMMENT ON SEQUENCE statements. Comments set on + views and sequences are visible via pg_catalog.pg_description and the + obj_description() builtin. +- CockroachDB now supports the PostgreSQL + COMMENT ON FUNCTION, COMMENT ON PROCEDURE, and COMMENT ON ROUTINE + statements on user-defined functions and stored procedures. Comments + are visible via pg_catalog.pg_description and the + obj_description(oid, 'pg_proc') builtin. The argument list is required + when the routine name is overloaded and may be omitted otherwise. The + COMMENT ON ROUTINE form accepts either a function or a procedure, + matching PostgreSQL. Builtin functions cannot be commented on; their + predefined descriptions remain readable through obj_description. +- pg_relation_size and pg_table_size now + return the size of the primary index only, matching PostgreSQL's + "heap only" semantics. Their previous (over-counting) behavior is + preserved by pg_total_relation_size. pg_relation_size also accepts + an index OID, returning that index's cached size. A new + pg_indexes_size built-in returns the sum of the relation's secondary + index sizes. + + Co-Authored-By: roachdev-claude +- The `ALTER DOMAIN ... + SET SCHEMA` statement is supported. +- The `ALTER DOMAIN ... + RENAME TO` statement is supported. +- DDL executed inside a stored procedure now honors the `SERIALIZABLE` isolation requirement that top-level DDL has always had: when a procedure containing DDL is called under `READ COMMITTED` or `REPEATABLE READ` in an implicit transaction, the transaction is automatically upgraded to `SERIALIZABLE` for the call; otherwise the call is rejected with a clear error. +- Stored procedures now support `GRANT`, `REVOKE`, and `ALTER DEFAULT PRIVILEGES`. These statements remain unsupported inside user-defined functions and `DO` blocks. +- The `ALTER DOMAIN ... + NOT NULL` command is incompletely implemented; the + constraint is treated as `NOT VALID` which limits + checks to newly inserted or updated rows. +- Added a new session setting + `optimizer_inline_placeholder_equalities` (default true). When + disabled, the optimizer will not propagate placeholder equalities into + correlated subqueries via the `InlineConstVar` normalization rule. +- Added per-type counters for DDL and DCL + statements executed inside stored procedure bodies, exposed as + sql.routine..{started.count,count}. + + Epic: CRDB-31256 + + Co-Authored-By: Claude Opus 4.7 (1M context) +- Added public cluster setting + `sql.procedures.plpgsql.late_binding.enabled` (default false). When + enabled, PL/pgSQL procedure bodies are not resolved at CREATE + PROCEDURE time; references are resolved at CALL time instead, + matching PostgreSQL PL/pgSQL semantics. LANGUAGE SQL procedures and + functions are unaffected. + + Co-Authored-By: Claude Opus 4.7 (1M context) +- A PL/pgSQL procedure body containing DDL is + now rejected at CREATE PROCEDURE time with a hint suggesting the + `sql.procedures.plpgsql.late_binding.enabled` cluster setting be + enabled. Additionally, CREATE SCHEMA, DROP SCHEMA, CREATE ROLE, and + DROP ROLE are now allowed inside stored procedure bodies (subject to + the same late-binding requirement). + + Co-Authored-By: Claude Opus 4.7 (1M context) +- IMPORT INTO ... PARQUET now supports + Parquet LIST columns. A LIST is decoded into a target ARRAY column + (with an element type matching the Parquet element's physical or + logical type) or a target JSONB column (serialized as a JSON array). + Nested LISTs and MAP columns remain unsupported and are rejected at + file-open time. When a LIST element is an unannotated BYTE_ARRAY, + the bytes are passed through to the target as a string with no UTF-8 + validation; for genuinely binary data, target an ARRAY column + to preserve the original bytes losslessly. + + Epic: none + + Co-Authored-By: roachdev-claude +- CockroachDB now accepts the SQL-standard + inline body syntax for SQL routines. `CREATE FUNCTION` and `CREATE + PROCEDURE` with `LANGUAGE SQL` may now use either `BEGIN ATOMIC ... + END` (with one or more body statements) or a bare `RETURN expr` in + place of the dollar-quoted `AS $$ ... $$` form. Routines created + with the inline form display as the dollar-quoted form in `SHOW + CREATE` output. + + Co-Authored-By: roachdev-claude +- Connecting with an application_name of pg_dump, + pg_restore, or pg_dumpall now automatically sets the pg_dump_compatibility + session setting to "cockroachdb" (emitting a NOTICE), unless the setting is + provided explicitly in the connection string. This makes dumps taken with + these tools compatible with CockroachDB out of the box. + + Co-Authored-By: roachdev-claude +- Unimplemented PL/pgSQL + syntax errors now include a link to the GitHub + issue tracking the missing feature. + +

Operational changes

+ +- Statement diagnostics requests with `sampling_probability` and `expires_at` now collect up to 10 bundles (configurable via `sql.stmt_diagnostics.max_bundles_per_request`) instead of a single bundle. Set the cluster setting to `1` to restore single-bundle behavior. +- Added two new metrics, `auth.cert.san.conn.total` and `auth.cert.san.conn.success`, to track SAN-based certificate authentication attempts and successes. +- Two new metrics, `storage.wal.failover.secondary.disk.capacity` and `storage.wal.failover.secondary.disk.available`, are now exposed when WAL failover is configured, providing visibility into disk space utilization on the secondary WAL volume. +- A new cluster setting, `server.gc_assist.enabled`, allows operators to dynamically disable GC assist in CockroachDB's forked Go runtime. By default, it follows the `GODEBUG=gcnoassist` flag. A new metric, `sys.gc.assist.enabled`, reports the current state (`1` = enabled, `0` = disabled). +- The `/_status/vars` and `/metrics` Prometheus + scrape endpoints now support a `?visibility=` query parameter that + filters exported metrics by visibility level. Valid values are `all` + (export everything), `support` (SUPPORT and ESSENTIAL only), and + `essential` (ESSENTIAL only). Invalid values return HTTP 400. A new + `obs.metrics_scrape.default_visibility` cluster setting controls the + default filter when no query parameter is provided, defaulting to `all` + which preserves existing behavior. + + Co-Authored-By: roachdev-claude +- Added liveness.uncached_scans metric that + counts direct KV scans of the node liveness range. + + Co-Authored-By: Claude Opus 4.6 +- Added throttling for low-priority bulk read operations, such as TTL `SCAN` and backup `EXPORT` operations. Configure throttling with the `kv.bulk_low_pri_read.max_rate` and `kv.bulk_low_pri_read.max_concurrent` cluster settings. + +Renamed the `exportrequest.delay.total` metric to `kv.bulk_low_pri_read.delay.total`. This metric now tracks throttling delay for all low-priority bulk read requests. +- Added new certificate lifecycle metrics: + `security.certificate.last_rotation.*` reports the Unix timestamp of + the most recent certificate rotation, and + `security.certificate.expiry_days.*` reports the number of days + remaining until each certificate expires. These enable operators to + set up monitoring alerts for certificate health. + + Co-Authored-By: Claude Opus 4.6 +- Physical cluster replication now returns clearer + error messages when a user attempts to cut over before the initial scan has + replicated any data. Cutting over to LATEST during the initial scan now returns + an explicit error instead of silently using the replication start time. Cutting + over to an explicit timestamp now validates that the timestamp is not before + the replication start time. + + Co-Authored-By: roachdev-claude +- Made the following cluster settings documented and publicly visible: `obs.ash.enabled`, `obs.ash.sample_interval`, `obs.ash.buffer_size`, `obs.ash.log_interval`, `obs.ash.log_top_n`, and `obs.ash.response_limit`. These settings control Active Session History (ASH) sampling frequency, buffer size, logging intervals, and query limits. +- The cluster settings + `storage.sstable.compression_algorithm_backup_storage` and + `storage.sstable.compression_algorithm_backup_transport` are now hidden + from `SHOW ALL CLUSTER SETTINGS`. They can still be read and modified + directly by name. + + Co-Authored-By: roachdev-claude +- The sql.stats.discarded.current metric + now also counts statements dropped by the SQL stats ingester's + memory monitor, in addition to the existing fingerprint-limit + drops. Operators can use this metric to detect silent loss of + SQL statement statistics under memory pressure. +- Added three new admission control metrics for monitoring disk bandwidth token usage: `admission.granter.disk_write_byte_tokens_used.regular.kv`, `admission.granter.disk_write_byte_tokens_used.elastic.kv`, and `admission.granter.disk_write_byte_tokens_used.snapshot.kv`. The existing `admission.granter.disk_write_byte_tokens_exhausted_duration.kv` metric is now marked as essential and will appear on the **Overload** dashboard. +- Four new gauges `mma.overloaded_store.{lease_grace,short_dur,medium_dur,long_dur}.blocked` report overloaded stores that the multi-metric allocator (MMA) deferred because they already had too much pending work. Per duration bucket, success + failure + blocked equals the count of overloaded stores observed. A persistently non-zero value on the `long_dur.blocked` gauge indicates an overloaded store that is repeatedly being deferred and may not be receiving relief. +- checkpoint lag metric is now reported per job + and correctly reported when jobs are paused. +- A new COMMIT workload type is introduced + in ASH. It attributes commit-deferred work for an explicit transaction + with the transaction fingerprint as the workload_id. + + Co-Authored-By: roachdev-claude + +

Command-line changes

+ +- `cockroach demo` now accepts a `--background` + flag that starts the demo cluster without opening an interactive SQL + shell. The process prints connection information and blocks until it + receives SIGINT or SIGTERM. + + Co-Authored-By: roachdev-claude +- The `--yaml` flag on `cockroach debug tsdump` + has been removed. The store-to-node mapping it produced is now embedded + in the tsdump metadata header alongside the new node-to-region mapping. +- The cockroach sql shell now supports the + \restrict KEY and \unrestrict KEY metacommands, matching the psql + commands added in PostgreSQL 18 for CVE-2025-8714. While restricted, + all backslash metacommands except \unrestrict are rejected, so + metacommands injected into plain-text dump output by a hostile server + no longer execute when the dump is piped back through cockroach sql. + SQL statements run normally while restricted. The state is preserved + across \i / \ir includes. + + Co-Authored-By: roachdev-claude +- Added `cockroach debug upload` for + uploading a debug.zip file to Cockroach Labs support. Authenticate + with --crl-support-api-key (or COCKROACH_CRL_SUPPORT_API_KEY) and + pass --crl-support-url. Optionally associate the upload with a + support ticket via --crl-support-ticket-id. Resume an interrupted + upload with --resume-session. + + Co-Authored-By: roachdev-claude +- The \l+ and \dt+ metacommands in the + built-in SQL shell now include a Size column showing on-disk byte + counts, matching PostgreSQL's psql. Database sizes come from + pg_database_size; table sizes come from pg_table_size. Values are + read from a periodically-refreshed internal cache + and may lag the live byte count by minutes. + +

DB Console changes

+ +- Added a "Changed only" checkbox to the + Cluster Settings report page in DB Console. When checked, only + settings that have been explicitly overridden are shown. + + Co-Authored-By: roachdev-claude + +

Bug fixes

+ +- Fixed an internal error that could occur when running + SELECT ... FOR UPDATE/FOR SHARE with an ORDER BY using a non-default NULL + ordering (e.g. null_ordered_last) under READ COMMITTED. +- Fixed a bug where store encryption keys + generated with `cockroach gen encryption-key --version=2 --size=256` + were written with an incorrect JWK algorithm string, causing them to + be misclassified as AES-192-CTR-V2 on load. This resulted in data + keys being generated at 24 bytes (AES-192) instead of the intended + 32 bytes (AES-256). Existing key files with the wrong algorithm + string are now automatically corrected on load, and data keys are + rotated to the correct size on the next node startup. + + Epic: None +- Fixed a bug where IMPORT INTO and schema change + backfills would fail when the destination table had computed columns + defined using user-defined functions, reporting "function not + found". Computed columns referencing immutable single-expression SQL + UDFs now work correctly with IMPORT INTO and ALTER TABLE ADD COLUMN. + + Release note (backward-incompatible change): Computed columns using + non-inlineable user-defined functions — including PL/pgSQL UDFs, + multi-statement SQL UDFs, UDFs with OUT/INOUT parameters, nested UDF + calls, and UDFs whose bodies contain subqueries, CTEs, FROM clauses, or + set-returning functions — are now rejected at DDL time (CREATE TABLE, + ALTER TABLE ADD COLUMN). Previously, these were accepted but would fail + during schema change backfill, leaving the table in a state where + schema changes could not be performed. + + Co-Authored-By: roachdev-claude +- Fixed a bug where `ALTER DATABASE ... PRIMARY + REGION` could leave stale zone configurations on tables, causing voter + constraints and lease preferences to reference the old primary region. +- Fixed a bug where a CockroachDB node could + hang during startup if a secondary tenant (shared-process) server + failed to initialize, blocking the system tenant from accepting + connections. +- Fixed a bug where `pg_index.indisready` was incorrectly set to `false` for all valid indexes. In PostgreSQL, `indisready` is `true` for all fully created indexes. +- Fixed a bug where restoring a database backup containing default privileges that referenced non-existent users would leave dangling user references in the restored database descriptor. +- Fixed a bug where rolling back a `CREATE TABLE` that referenced user-defined types or sequences would leave orphaned back-references on the type and sequence descriptors, causing them to appear in `crdb_internal.invalid_objects` after the table was GC'd. +- Fixed a bug where running `EXPLAIN ANALYZE (DEBUG)` on a query that invokes a UDF with many blocks could cause out-of-memory errors (OOMs). +- Fixed a bug where concurrent updates to a table using multiple column families during a partial index creation could result in data loss, incorrect `NULL` values, or validation failures in the resulting index. +- Fixed a bug where the AWS_SKIP_CHECKSUM=true + storage option did not fully suppress checksums on multipart uploads + to S3-compatible storage. After an internal SDK upgrade, multipart + uploads included CRC32 checksums despite the skip flag, which could + cause errors with S3-compatible services that do not support CRC + checksums. + + Generated by Claude Code Auto-Solver + Co-Authored-By: Claude +- Added a new cluster setting `changefeed.kafka.max_request_size` and a per-changefeed `Flush.MaxBytes` option in the Kafka sink config to control the maximum size of record batches sent to Kafka by the v2 sink. Lowering this from the default of 256 MiB can prevent spurious message-too-large errors when multiple batches are coalesced into a single broker request. +- Fixed a bug where the DB Console Overview page + crashed for users with MODIFYSQLCLUSTERSETTING and VIEWACTIVITY + privileges but without VIEWCLUSTERSETTING. The Settings API now + always includes non-sensitive console keys like "version" regardless + of which privilege tier returned the settings. +- The PCR job now switches into the cutover phase more promptly after a failover is requested, terminating the replication phase more quickly and more reliably when components of the ingestion process are hung due to network errors. +- Fixed a bug where `ALTER FUNCTION ... RENAME TO` and `ALTER PROCEDURE ... RENAME TO` could create duplicate functions in non-public schemas. +- Fixed a data race that could cause certificate expiration metrics (`security.certificate.expiration.node-client`, `security.certificate.expiration.client-tenant`, `security.certificate.expiration.ca-client-tenant` and their TTL counterparts) to not update after certificate rotation via `SIGHUP`. +- Fixed a crash (`traceRegion: alloc too large`) that could occur when Go's execution tracer was enabled and a range cache lookup used a key longer than about 64 KB. +- Fixed a bug where descriptor version fetching could be incorrectly throttled by the elastic CPU limiter, potentially leading to increased query latency or timeouts under high CPU load. +- `CREATE SCHEMA ... AUTHORIZATION ` now + correctly requires the executing user to be a member of the specified + role, matching PostgreSQL behavior. Previously, any user with CREATE + privilege on the database could create schemas owned by arbitrary + roles. + + Co-Authored-By: Claude +- Context cancellation is now surfaced if a `statement_timeout` occurs while waiting for a schema change. +- Fixed a bug where casting arrays containing `NaN`, `Infinity`, or empty arrays to the `vector` type was incorrectly allowed, instead of returning an error matching PostgreSQL behavior. +- Fixed a bug where owner columns in several + pg_catalog tables (pg_proc.proowner, pg_type.typowner, + pg_collation.collowner, pg_operator.oprowner, + pg_tablespace.spcowner, and pg_statistic_ext.stxowner) were NULL + for built-in objects. These columns now return the node user's OID, + matching PostgreSQL's behavior of returning the bootstrap + superuser's OID. + + Co-Authored-By: roachdev-claude +- Fixed a bug where `pg_get_indexdef` and `pg_indexes.indexdef` included a database name prefix in the table reference (e.g., `CREATE INDEX idx ON mydb.public.t ...`), which does not match PostgreSQL's format and could cause issues with tools that consume this output. The output now uses only the schema-qualified table name (e.g., `CREATE INDEX idx ON public.t ...`). +- Fixed a bug where transient I/O errors (such as cloud storage network timeouts) during split or merge trigger evaluation were misidentified as replica corruption, causing the node to crash. These errors now correctly fail the operation, which is retried automatically. +- Fixed a bug where transient I/O errors reading from the `AbortSpan` were misidentified as replica corruption, causing the node to crash. These errors are now returned to the caller as regular errors. +- Fixed an "unsupported comparison operator: = " error when comparing an `oid[]` column against a string constant. This improves PostgreSQL compatibility. +- Fixed a bug where statement hints that set + session variables with integer, float, or timeout types (e.g. + reorder_joins_limit, testing_optimizer_cost_perturbation, + statement_timeout) were silently ignored at execution time despite + being accepted at creation time. + + Co-Authored-By: roachdev-claude +- Fixed a bug where converting a table from `REGIONAL BY ROW` to `GLOBAL` would not clear the `skip_unique_checks` storage parameter on the primary key, even though implicit partitioning was removed. +- Fixed a bug where executing a mutation in a subquery (e.g., as a CTE) could cause the "rows written" metrics like `sql.statements.index_rows_written.count` and `sql.statements.index_bytes_written.count` to not be incremented correctly. +- Fixed a build configuration issue that caused + CockroachDB binaries cross-compiled for ppc64le (POWER) to crash at + startup with "Unsupported system page size" on systems using 64KB + pages, by configuring jemalloc with `--with-lg-page=16`. +- `REFRESH MATERIALIZED VIEW` now evaluates row-level security (RLS) policies using the view owner's identity instead of the invoker's, matching PostgreSQL's definer semantics. +- Fixed a bug where DB Console Databases page + privilege checks did not resolve role membership chains for CONNECT + grants. Users who inherited CONNECT through role hierarchies now + correctly see their authorized databases and tables. + + Epic: none + + Co-Authored-By: roachdev-claude +- Fixed a bug where the `lock_timeout` and `deadlock_timeout` session settings were not honored by FK existence checks performed during insert fast path execution. This could cause inserts to block indefinitely on conflicting locks instead of returning a timeout error. +- Fixed a bug where CockroachDB might not have respected the table-level parameters `sql_stats_automatic_full_collection_enabled` and `sql_stats_automatic_partial_collection_enabled` and defaulted to using the corresponding cluster settings when deciding whether to perform automatic statistics collection on a table. +- Fixed a bug where creating a PL/pgSQL or + SQL user-defined function that references a schema-qualified + sequence or table via a REGCLASS cast (e.g. + nextval('sc.myseq'::REGCLASS)) would fail with "relation does not + exist" at CREATE FUNCTION time when the object's schema was not in + the search path. +- Fixed a bug where logical replication job status messages showed a fully redacted error (`"permanent error: ‹×›"`). The actual error text is now preserved. +- Fixed a nil-pointer panic during tenant garbage collection that could occur when the zone configuration or GC policy for the tenants range was missing. +- Fixed a rare panic that could occur when a virtual cluster entry was removed before it was fully populated by the rangefeed. +- Fixed an assertion failure during DROP SCHEMA + CASCADE or concurrent table drops when triggers had cross-table + dependencies. +- Fixed a bug where `ALTER TABLE ... ADD + CONSTRAINT ... UNIQUE (...) STORING (...)` would silently ignore the + STORING clause, creating the unique index without the stored columns. + + Generated by Claude Code Auto-Solver + Co-Authored-By: Claude +- Fixed an internal error that occurred when + creating a trigger on a REGIONAL BY TABLE or GLOBAL table when the + trigger function referenced the multi-region enum type + (crdb_internal_region). +- ALTER FUNCTION RENAME and ALTER FUNCTION SET + SCHEMA now correctly detect dependencies from triggers and row-level + security policies, preventing renames that would break those objects. + + Co-Authored-By: Claude Opus 4.7 (1M context) +- Fixed a panic that could occur during EXPORT + INTO PARQUET when chunk_size or chunk_rows was set to a large value. + The panic was caused by an integer overflow in the Apache Arrow parquet + library's internal buffer size calculations. + + Generated by Claude Code Auto-Solver + Co-Authored-By: Claude +- Trigonometric functions now return errors consistent with PostgreSQL when passed out-of-range input. +- Fixed a bug that could cause an infinite loop + in the optimizer when a query used a LIMIT value larger than 4294967295 + with a join. +- The pg_catalog and information_schema views no + longer report a column default for identity columns. Previously, + pg_attrdef included a row for each identity column, pg_attribute.atthasdef + was true, and information_schema.columns.column_default returned the + implicit nextval(''::regclass) expression. These values now match + PostgreSQL: pg_attrdef has no row, atthasdef is false, and + column_default is NULL. The identity property remains visible through + pg_attribute.attidentity and information_schema.columns.identity_*. + + Co-Authored-By: roachdev-claude +- experimental_strftime now zero-pads the %Y + format directive to at least four digits, so years before 1000 are no + longer truncated. For example, year 1 now formats as "0001" rather + than "01", matching the behavior of POSIX strftime and + to_char(YYYY). + + Co-Authored-By: roachdev-claude +- Fixed a bug under the declarative schema changer where `ALTER TABLE ... DROP CONSTRAINT {pk}, ADD PRIMARY KEY (...)` would leave behind an unwanted unique secondary index on the old primary key columns. +- Fixed a bug where the DB Console login page + did not show the OIDC login button when navigating with + ?cluster= to a tenant with OIDC enabled. OIDC login on + non-default virtual clusters now works correctly. + + Co-Authored-By: Claude Opus 4.6 (1M context) +- Fixed a bug where a malformed binary numeric value sent over the pgwire protocol could cause the server to panic with a slice bounds error, crashing the connection. These inputs are now rejected with a proper error. +- Fixed a bug that caused PGCOPY imports to reject + valid octal and hexadecimal byte escapes for values greater than 127. PGCOPY + imports now also treat the standard \\. marker as the end of input. +- Fixed a bug where setting `--advertise-sql-addr` to the same value across multiple SQL instances could cause changefeeds with `execution_locality` filters to fail with "no instances found matching locality filter". +- A physical cluster replication reader tenant no longer fails authentication and other queries with errors of the form "resolved to but found no descriptor with id " after the reader tenant ingests a system table at an ID different from the one it was bootstrapped with. Previously, a per-node namespace cache could pin the bootstrap-time ID and require a tenant restart to recover. +- Fixed a panic during `CREATE VECTOR INDEX` backfill when the table contained a public column ordered before the vector column that was not stored in the source primary index and was not referenced by the new index. In practice this was triggered by virtual computed columns. The schema change crashed the SQL node processing the backfill instead of completing. +- Stopped logging a spurious "declarative schema changer does not support DISCARD" message every time a `DISCARD` statement was executed. The message had no functional impact but could produce very high log volume on busy clusters that issue `DISCARD` on every connection checkout. +- Fixed a hang in `IMPORT INTO` rollback where the revert could wedge the job indefinitely until the node was restarted. +- Fixed a bug where unqualified function calls could fail with incorrect privilege errors when two databases on the same cluster had identically-named functions in custom schemas. The query cache could serve a memo from one database context to another, causing `USAGE` privilege errors referencing schemas from the wrong database. +- Fixed an issue where ALTER TYPE ... DROP + VALUE could fail on enums referenced by very large tables when + the validation scan ran long enough for GC to invalidate its + read timestamp. The schema changer now installs a + protected timestamp over referencing tables for the + duration of the scan. + + Co-Authored-By: roachdev-claude +- Fixed a bug where `RESTORE TABLE` of a multi-region table backed up mid-`ALTER TABLE ... SET LOCALITY` would fail with a descriptor rewrite error. +- Fixed a bug where formatting a unique + constraint or primary key with both storage parameters and a WHERE + or visibility clause produced output that didn't match the grammar + and couldn't be re-parsed. +- ST_3DDistance, ST_3DDWithin, ST_3DShortestLine, + and ST_3DClosestPoint now return correct results for polygons lying in + a vertical plane, and detect when a line passes through a 3D polygon's + interior. +- Fixed a bug where Physical Cluster Replication (PCR) reader virtual clusters could permanently fail authentication, causing all SQL connections to fail with "descriptor not found". +- Fix a bug where some scalar expressions would + incorrectly fail type checking with "unsupported binary operator" + errors. These scalar expressions now make it further in type checking, + which either leads to success or more accurate error messages. + + Co-Authored-By: roachdev-claude +- Fixed a bug in `cockroach debug tsdump` + where labeled per-changefeed histogram child series (e.g. + `changefeed.sink_backpressure_nanos{scope="default"}-count`, + `-p99`, etc.) were absent from the dump output even with the + `timeseries.persist_child_metrics.enabled` cluster setting on. The + recorder writes these series correctly; the dump path's child-metric + scan was missing them due to the wrong scan prefix and an allowlist + lookup mismatch. +- Fixed a data race in the multi-metric allocator between gossip-driven store load updates and concurrent lease/replica rebalancing decisions. +- Fixed a bug where DROP COLUMN CASCADE could + return a confusing error mentioning an internal placeholder column + name when concurrent writes raced with the schema change. + + Epic: none + + Co-Authored-By: Claude Opus 4.7 (1M context) +- make_date, make_timestamp, and + make_timestamptz now treat a negative year argument as "N BC", + matching PostgreSQL semantics. Previously the result was off by one + year for negative inputs because of Go's underlying time.Date type. + For example, make_date(-2013, 7, 15) now returns 2013-07-15 BC instead of the + 2014-07-15 BC. + + Co-Authored-By: roachdev-claude +- A long-running `BACKUP` to S3 using `AUTH=implicit` no longer fails with an `ExpiredToken` error when it races the rotation of the underlying short-lived credentials. The S3 client now retries `ExpiredToken`, `ExpiredTokenException`, and `RequestExpired` errors the same way the legacy `aws-sdk-go` v1 client did. +- The AWS S3 and KMS clients now refresh short-lived credentials a few seconds before they expire, rather than only after expiry. This avoids `ExpiredToken` errors that could occasionally fail long-running `BACKUP`, `RESTORE`, or other operations when running with `AUTH=implicit` against credentials providers that issue short-lived tokens. +- Columns produced by set-returning functions + in FROM clauses can now be referenced using the function name as a + qualifier (e.g. `SELECT jsonb_each_text.key FROM jsonb_each_text(j)`), + matching PostgreSQL behavior. + + Co-Authored-By: roachdev-claude +- Fixed an assertion failure in the job profiler + that could occur when requesting execution details for a job that is + not currently running. + + Co-Authored-By: roachdev-claude +- Fixed a rare nil pointer panic in the internal SQL executor. +- The `^` operator and `power()`/`pow()` builtins + now return errors instead of NaN or Inf for invalid float power + operations (negative base with non-integer exponent, or zero base with + negative exponent), matching PostgreSQL behavior and preventing crashes + in downstream geometry functions. + + Epic: none + + Co-Authored-By: roachdev-claude +- Fixed a bug introduced in v26.1 where dropping + a table marked exclude_data_from_backup=true could cause a concurrent + backup holding a protected timestamp over the dropped table to fail + with a "batch timestamp must be after replica GC threshold" error. + + Co-Authored-By: roachdev-claude +- The `storage.compression.cr` metric now includes blob files. +- The `pg_get_function_arguments` and `pg_get_function_identity_arguments` built-in functions now include parameter names, parameter modes (`OUT` and `INOUT`), `VARIADIC` parameters, and `DEFAULT` clauses for user-defined routines, matching PostgreSQL behavior. Previously, these functions returned only comma-separated input argument types. +- Fixed a bug where using the pgwire extended + query protocol to prepare a statement after rolling back to a + savepoint could cause an internal error + ("read sequence number is ignored after savepoint rollback"). This + affected client drivers that use the Parse message (extended protocol) + rather than simple query execution. + + Co-Authored-By: roachdev-claude +- Fixed a bug where using the pgwire extended + query protocol to bind parameters (including enum types) to a + prepared statement after rolling back to a savepoint could cause an + internal error ("read sequence number is ignored after savepoint + rollback"). + + Co-Authored-By: roachdev-claude +- Fixed a panic of the form "runtime error: index + out of range [N] with length N" that could occur when running a COPY + FROM concurrently with an ALTER TABLE ADD COLUMN. The bug has been + present since v23.1. + + Co-Authored-By: roachdev-claude +- Fixed a bug where `IMPORT INTO` from Parquet files would crash a node when the column list excluded a non-last table column. The crash cascaded to other nodes as the job coordinator relocated, causing full cluster unavailability. +- Fixed a compatibility bug where casting an OID + to regclass, regproc, regprocedure, or a user-defined regtype and then + to text emitted only the bare entity name. CockroachDB now follows + Postgres and emits the schema-qualified name (`schema.name`, with each + component quoted only when necessary) whenever the bare name would not + resolve back to the same OID through the current search_path. + + Co-Authored-By: roachdev-claude +- pg_function_is_visible now matches Postgres's + signature-aware semantics: a function in a non-search-path schema + whose signature is disjoint from same-named functions in earlier + search-path schemas is correctly reported as visible (true) rather + than shadowed. + + Co-Authored-By: roachdev-claude +- Fixed a `no stores for meansForStoreSet` panic in the multi-metric allocator (MMA) store rebalancer that could occur when the rebalancer's periodic tick raced gossip propagation of store descriptors during process startup. The rebalancer now skips its work for that tick and retries on the next interval. +- Limitation/warning for enabling ash on high + core machines as been addressed. + + Co-Authored-By: roachdev-claude +- Fixed a crash that could occur when + `st_linemerge` was called on a geometry with NaN coordinates, such as + one produced by `st_rotatez` with an infinite rotation angle. + + Co-Authored-By: roachdev-claude +- Fixed a bug where queries calling a UDF that + transitively performs mutations could incorrectly use a LeafTxn, + potentially leading to incorrect behavior. +- Fix a few node-to-node connection error paths in + DistSQL execution to return error code 58C01 (InternalConnectionFailure) + instead of XXUUU (Uncategorized). + + Co-Authored-By: roachdev-claude +- Fixed an internal optimizer assertion that + could cause queries — most visibly the planning of INSPECT index + consistency checks — to fail with "estimated distinct count must be + non-zero" when an internal statistics-estimation path produced + inconsistent column statistics. + + Co-Authored-By: roachdev-claude +- Fixed a bug in the legacy replica allocator where ranges with `voter_constraints` discriminating sibling stores on the same node could get stuck on the wrong sibling indefinitely. +- Fixed an unaccounted memory blowup in + the large-row event logging path that could OOM a node when a + single statement wrote many rows above the + sql.guardrails.max_row_size_log threshold (default 16 MiB), + particularly with wide primary keys. The pretty-printed primary + key in LargeRow / LargeRowInternal events is now bounded in + size and emissions are rate-limited process-wide to one per + second, with a new SkippedLargeRows field reporting how many + violations were suppressed since the last event. + + Co-Authored-By: roachdev-claude +- Fixed an internal error that could occur when + executing a prepared statement with an untyped NULL argument. + + Co-Authored-By: roachdev-claude +- Fixed a regression in v26.2 where the Jobs + page displayed duplicate titles when embedded in CockroachDB Cloud + Console with the new navigation enabled. + + Co-Authored-By: roachdev-claude +- Fixed a bug where the DB Console on virtual + clusters showed zero values for all histogram-based charts (such as + Service Latency and SQL Execution Latency) even though the underlying + metrics were being recorded correctly. The metrics were visible in + Prometheus scrapes (`/_status/vars`) and Datadog but not in the DB + Console, which reads from the internal time-series database. This + affected CockroachDB v26.2 deployments using virtual clusters + (including CockroachDB Cloud). + + Co-Authored-By: roachdev-claude +- Fixed a bug where `ALTER DATABASE system DROP + REGION` would fail with "unsupported comparison: bytes to + crdb_internal_region" when the system database was configured as + multi-region. + + Co-Authored-By: roachdev-claude +- DDL and current_user inside a SECURITY + DEFINER stored procedure now resolve against the procedure owner, + matching PostgreSQL. Previously they evaluated against the invoker. +- Fixed a bug where `pg_class.relhastriggers` always reported `false`, even for tables that had triggers defined. +- Fixed an internal error that could occur during + INSERT/UPDATE/UPSERT on a REGIONAL BY ROW table configured with the + infer_rbr_region_col_using_constraint storage parameter when the + referenced parent table did not have a unique constraint covering the + foreign key's non-region columns. The optimizer now picks an arbitrary + matching parent row to infer the region from. +- Fixed a bug where creating a user-defined + function or view whose body contained a NULL REGCLASS expression (e.g. + NULL::REGCLASS, or an uninitialized OUT parameter of type REGCLASS) could + fail with an internal error. + + Co-Authored-By: Claude Opus 4.8 +- Fixed a planner issue where + "ORDER BY LIMIT k FOR UPDATE SKIP LOCKED" could lock + all input rows and cause concurrent sessions to return fewer rows than + expected. The optimizer now places the sort below the lock so only ~k + rows are locked. + + Co-Authored-By: roachdev-claude + +

Performance improvements

+ +- Fixed a performance bug that + prevented query plans containing user-defined functions from being + cached. Repeated executions of prepared statements containing UDFs + will now have less planning overhead. +- We now inline placeholder + equalities into other references of the same column, such as correlated + subqueries. This allows constrained index scans in prepared statements + where previously a full scan was required. +- Statement executions using canary stats will no longer use cached plans, which prevents cache thrashing but causes a slight increase in planning time over statement executions using stable stats. +- Improve performance of + information_schema.routines when querying role information for builtins. +- Pretty-printing of large SQL + statements will no longer fail due to exceeding max recursion depth. +- The kafka v2 changefeed sink now + allows up to 5 concurrent produce requests per broker, matching the v1 + sink's behavior and improving throughput. +- Fixed a bug where the optimizer + could fail to generate efficient generic plans for queries with filters + referencing placeholders when the filters also contained subqueries + (EXISTS, scalar subqueries, or ANY) referencing the same placeholder. + + Co-Authored-By: roachdev-claude +- Concurrent protected timestamp + protect and release calls (used heavily by backup and changefeed) now + serialize on the meta row rather than racing into WriteTooOld retries. + Workloads that create or release many protected timestamp records at + once see substantially higher throughput. + + Co-Authored-By: roachdev-claude +- The `server.gc_assist.enabled` cluster setting now defaults to `false`, disabling the Go runtime's GC assist mechanism. Production evidence shows that GC assist can increase tail latencies in certain scenarios, while CockroachDB workloads have not been observed to require it in practice. Users who wish to re-enable GC assist can set `server.gc_assist.enabled` to `true`. +- The average lookup ratio + heuristic for parallelizing multi-key lookup joins is now applied to all + lookup joins by default in mutations, not just mutations of multi-region + tables. The previous behavior can be restored by setting the session + variable `parallelize_multi_key_lookup_joins_only_on_mr_mutations` to + `true`. +- Queries with ORDER BY ... LIMIT + on a hash-sharded secondary index now use an efficient union-all plan + instead of a full table scan, even when the index is + non-covering. Previously either an index hint or `SET + unconstrained_non_covering_index_scan_enabled = on;` were required to + get an efficient union-all plan when the index was non-covering. + + Co-Authored-By: roachdev-claude + +

Build changes

+ +- Migrated cluster-ui npm publishing + workflow to OIDC trusted publishers. + + Co-Authored-By: roachdev-claude + +

Miscellaneous

+ +- Added a new session variable `optimizer_span_limit` that bounds the number of spans the optimizer will allow in a single constrained index scan. If a single `IN` set has more items than this limit, that `IN` set will not be used to build a constrained index scan. If the cross product of two or more `IN` sets would produce more spans than this limit for a composite index, then only a prefix of the `IN` sets will be used to produce spans. + + For example, for the following table and query, only the predicates on columns `a` and `b` will be used to construct the constrained scan of `abc_idx`, because including the predicate on column `c` would produce more spans than `optimizer_span_limit`: + + ```sql + CREATE TABLE abc (a INT, b INT, c INT, INDEX abc_idx (a, b, c)); + SET optimizer_span_limit = 10; + SELECT * FROM abc WHERE a IN (1, 3, 5) AND b IN (2, 4, 6) AND c IN (7, 9, 11); + ``` +- Upgrade to Go 1.26.2 + Epic: DEVINF-1699 + From b1ef2fa2f4c0f9c835916fcb400769016a0d2df9 Mon Sep 17 00:00:00 2001 From: Automated Release Bot Date: Thu, 4 Jun 2026 06:58:02 +0000 Subject: [PATCH 4/6] Update release notes for v26.3-v26.3.0-alpha.1 From 89eb584e5603ab9b966f375565b79b1e69b9e1a0 Mon Sep 17 00:00:00 2001 From: Automated Release Bot Date: Thu, 4 Jun 2026 06:58:06 +0000 Subject: [PATCH 5/6] Update release notes for v26.3-v26.3.0-alpha.1 --- src/current/_data/releases.yml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml index b5c9eb74db1..8a883075a96 100644 --- a/src/current/_data/releases.yml +++ b/src/current/_data/releases.yml @@ -11620,13 +11620,6 @@ docker_arm_limited_access: false source: true previous_release: v26.1.4 - cloud_only: true - cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters' - cloud_only_message: > - This version is currently available only for select - CockroachDB Cloud clusters. To request to upgrade - a CockroachDB self-hosted cluster to this version, - [contact support](https://support.cockroachlabs.com/hc/requests/new). - release_name: v25.4.11 major_version: v25.4 @@ -11654,13 +11647,6 @@ docker_arm_limited_access: false source: true previous_release: v25.4.10 - cloud_only: true - cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters' - cloud_only_message: > - This version is currently available only for select - CockroachDB Cloud clusters. To request to upgrade - a CockroachDB self-hosted cluster to this version, - [contact support](https://support.cockroachlabs.com/hc/requests/new). - release_name: v25.2.19 major_version: v25.2 @@ -11688,13 +11674,6 @@ docker_arm_limited_access: false source: true previous_release: v25.2.18 - cloud_only: true - cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters' - cloud_only_message: > - This version is currently available only for select - CockroachDB Cloud clusters. To request to upgrade - a CockroachDB self-hosted cluster to this version, - [contact support](https://support.cockroachlabs.com/hc/requests/new). - release_name: v26.3.0-alpha.1 From 5e14e4d3f8b0a3d19cf827188f9407d149cc2caf Mon Sep 17 00:00:00 2001 From: Automated Release Bot Date: Thu, 4 Jun 2026 06:58:06 +0000 Subject: [PATCH 6/6] Update release notes for v26.3-v26.3.0-alpha.1