What's New in v25.4

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:

docker pull cockroachdb/cockroach-unstable:v25.4.0-alpha.1

Source tag

To view or download the source code for CockroachDB v25.4.0-alpha.1 on Github, visit v25.4.0-alpha.1 source tag.

Security updates

• CockroachDB can now synchronize SQL role membership from the groups claim contained in a JWT when server.jwt_authentication.authorization.enabled = true. The claim name and the fallback userinfo JSON key are configurable by server.jwt_authentication.group_claim and server.jwt_authentication.userinfo_group_key respectively. The behavior matches the existing LDAP role-sync feature. #147318
• CockroachDB can now synchronize SQL role membership from the groups claim provided by an OpenID Connect (OIDC) Identity Provider when server.oidc_authentication.authorization.enabled = true. . At login, the DB Console gathers the groups claim from the verified ID token and, when available, the access token (if a JWT). Any groups found in either token are combined and deduplicated. If no claim is present in either, the provider's /userinfo endpoint is queried for groups, as a final fallback. #147706
• The JWT Authorization settings which were added in #147318 are no longer visible to users in v25.3. They will be re-introduced in v25.4. #149189

• The following provisioning usability metric counters were added for LDAP-based user provisioning.

  • An enablement tracking counter for organizations enabling LDAP provisioning (auth.provisioning.ldap.enable)
  • A counter for number of organizations & tenants which have enabled ldap to auto-provision users(auth.provisioning.ldap.begin).
  • A counter for the number of auto-provisioned users (auth.provisioning.ldap.success).
  • A telemetry counter for number of logins performed by provisioned users (auth.provisioning.login_success). #150476

General changes

• For virtual clusters, hot range logging is now performed by a single job on one node, rather than by tasks on every node. #145549
• The CREATE CHANGEFEED statement now supports the extra_headers option, which can be used to specify extra headers for webhook and kafka sinks. This can be used to add headers to all messages sent to the sink. #146813
• Added new metrics: changefeed.stage.pts.create.latency, changefeed.stage.pts.manage.latency, changefeed.stage.pts.manage_error.latency, to measure the performance of managing protected ts records. #148471
• Added an OTLP log sink that exports logs in OpenTelemetry Protocol format over gRPC to compatible targets such as otel-collector, Datadog, and Loki. #148525
• Kafka v2 changefeed sinks now support a cluster setting that enables detailed error logging for messages exceeding Kafka v2 size limit. #148753
• The CockroachDB spatial libraries now rely on GEOS 3.12 instead of GEOS 3.11. #148859
• Changefeeds with the protobuf format now support the resolved option for emitting resolved timestamps. #149622
• Changefeeds using the protobuf format now support wrapped envelopes in kafka sinks #149696
• Restore jobs now log errors on retry to the job messages table. #149821
• A warning is now emitted when creating or altering a changefeed with resolved or min_checkpoint_frequency set below 500ms. This helps users understand the tradeoff between message latency and cluster CPU usage. #149975
• The protobuf format for changefeeds now support enriched envelopes. #150501
• Added HTTP mode to the OTLP sink, allowing logs to be exported to OpenTelemetry Protocol (OTLP) targets over HTTP. This enhancement enables agentless deployments, where logs can be sent directly to supported targets like Datadog or Grafana, without requiring an intermediary such as the OpenTelemetry Collector or Datadog Agent. #150655
• Added headers configuration option to OTLP log sink. #150696
• CockroachDB spatial libraries now rely on GEOS 3.13 instead of GEOS 3.12. #151186
• Reduced the maximum backoff for changefeed retries from 10 minutes to 1 minute, which results in faster recovery from transient errors. #146448
• Added changefeed.sink_backpressure_nanos metric to track time spent waiting for quota when emitting to the sink. #150666
• To improve changefeed performance, the session variable create_table_with_schema_locked is enabled by default. This means all new tables are created with the schema_locked storage parameter. This setting must be explicitly unset for explicit transactions or for schema changes that do not support automatic disabling (e.g., ALTER TABLE ... SET LOCALITY). #148576
• The download phase of restore operations now will retry downloads before giving up, when faced with an error. #148821
• Fixed a memory accounting issue in the client certificate cache that caused multiple allocations to be reported for the same certificate. The cache now accurately tracks memory usage and includes a safeguard to prevent it from negatively affecting SQL operations. #151041
• Fixed a rare bug in restore where an object storage error on restore start could cause restore to report success without creating the restored tables or databases. #151148
• Tuned S3 client retry behavior to be more reliable in the presence of correlated errors. #151817

SQL language changes

• Implemented the levenshtein_less_equal(string, string, int) and levenshtein_less_equal(string, string, int, int, int, int) built-in functions, which calculate the Levenshtein distance between two strings. #104649
• The owner of a database can now set default session variables per database using the ALTER ROLE ALL IN DATABASE ... SET or ALTER DATABASE ... SET commands. #130547
• Added support for camelCase parameter names (e.g., SharedAccessKeyName) in Azure Event Hub Kafka sink configuration #144735
• Added a new PROVISIONSRC role option. This role option should be prefixed with the HBA auth method for provisioning, i.e. ldap followed by the IDP URI, for example ldap:ldap.example.com. This is intended to be used only internally for user provisioning and should be view-only when checking set role options for a user. #147272
• Added a new cluster setting server.provisioning.ldap.enabled which can be set to true to conditionally enable user provisioning during SQL cluster authentication. The user authenticates with the LDAP server and CockroachDB will only validate identity lookup on IDP was successful for provisioning the user. All roles created thus will be privileged to perform SQL authentication and will mandatory have a role option for PROVISIONSRC set to ldap:<idp_url>. Any group roles that are to be assigned via LDAP authorization must be pre created prior to the authentication start. #148200
• Added the ability to automatically provision users authenticating via JWT. This is controlled by the new cluster setting security.provisioning.jwt.enabled. When set to true, a successful JWT authentication for a non-existent user will create that user in CockroachDB. The newly created role will have the PROVISIONSRC role option set to jwt_token:<issuer>, identifying the token's issuer as the source of the provisioned user. #149415
• The CITEXT data type is now supported, enabling case-insensitive comparisons for CITEXT columns. Internally, CITEXT is equivalent to using the undetermined level 2 collation und-u-ks-level2. For example, under CITEXT, the expression 'test' = 'TEST' returns TRUE. #147864
• The functionality provided by session variable enforce_home_region_follower_reads_enabled was deprecated in v24.2.4 and is now removed. (The variable itself remains for backward compatibility but has no effect.) Note that the related session variable enforce_home_region is not deprecated and still functions normally. #148314
• Added support for automatically determining the region column for a REGIONAL BY ROW table using a foreign key constraint. The foreign key is specified by setting a new table storage parameter infer_rbr_region_col_using_constraint, and must contain the region column. This can be useful for applications that are unable to guarantee that a child row is inserted or updated from the same region as the matching parent row. #148540
• Added support for invoking a UDF from a view query. Renaming or setting the schema on the routine is currently not allowed if it is referenced by a view. #148616
• Updated the SHOW CREATE FUNCTION and SHOW CREATE PROCEDURE statements to show fully qualified table names rather than assuming they are qualified with the current database. #148746
• Added the has_system_privilege builtin function, which can be used to check if a user has the given system privilege. #149051
• Updated schema change job status messages to be more user-friendly and descriptive, instead of using internal schema change architecture terminology. #149096
• The logical cluster now uses an external connection and automatically updates its configuration when that connection changes. #149261
• Fixed a bug where extra quotes or escaped quote characters would be added to topic names in changefeeds. Can be turned off by setting feature.changefeed.bare_table_names to false. #149438
• The users with the role option PROVISIONSRC assigned to them will be unable to change their own password overriding any config set for sql.auth.change_own_password.enabled cluster setting. Changing other role options still has the same privilege requirements as before (either CREATEROLE or CREATELOGIN, depending on the option). The role option for PROVISIONSRC is also only assignable and cannot be altered using ALTER role command. #149463
• The session setting optimizer_prefer_bounded_cardinality is now enabled by default. This setting instructs the optimizer to prefer query plans where every expression has a guaranteed upper-bound on the number of rows it will process. #149486
• The session setting optimizer_min_row_count, which sets a lower bound on row count estimates for relational expressions during query planning, is now set to 1 by default. #149602
• WITH header_row flag is added to EXPORT. Returns error for non-csv type. Another row is prepended to the csv file with the column names. #149686
• Users can now ALTER EXTERNAL CONNECTION to change the external connection URI when granted UPDATE privilege on EXTERNAL CONNECTION.

Fixes #98610 #149869 - The json ? string, json ?& array, json ?| array, and array && array operators are now index-accelerated for INVERTED JOIN statements if there is an inverted index on the JSON column referenced on the left-hand side of the expression. #149898 - The SHOW ROLES and SHOW USERS commands now include an estimated_last_login_time column that displays the estimated timestamp of when each user last authenticated to the database. This column shows NULL for users who have never logged in, and for existing users after upgrading to v25.3 until their next login. The tracking is performed on a best-effort basis and may not capture every login event. #150105 - The options column in the output of SHOW ROLES and SHOW USERS is now returned as an array of strings (e.g., {NOLOGIN,CREATEDB}) rather than as a single comma-separated string. This enables more efficient querying of role options using array functions like unnest(). For example: SELECT * FROM [SHOW ROLES] AS r WHERE EXISTS (SELECT 1 FROM unnest(r.options) AS m(option) WHERE option LIKE 'SUBJECT=cn%'); #148532 - The session setting optimizer_min_row_count, which sets a lower bound on row count estimates for relational expressions during query planning, is now set to 1 by default. #150376 - LTREE is now supported with ancestry operators and with the concat operator. Specifically, CockroachDB now allows ltree @> ltree, ltree[] @> ltree, ltree @> ltree[], ltree <@ ltree, ltree[] <@ ltree, and ltree <@ ltree[] binary comparisons, as well as ltree[] ?@> ltree, ltree[] ?<@ ltree, and ltree || ltree binary operations. The ?@> and ?<@ are new binary operators that return the first ltree (or NULL) that is an ancestor or descendant of the right ltree argument in the array. #150598 - Clusters utilizing cluster virtualization, such as those running Physical Cluster Replication (PCR), apply the same admission control (AC) pacing to various bulk operations used by clusters that are not running with cluster virtualization. #150633 - All PostgreSQL built-in functions for LTREE are now supported: subltree(), subpath(), nlevel(), index(), text2ltree(), ltree2text(), and lca(). While the lca() function in PostgreSQL specifically limits up to 8 LTREE args, the CockroachDB lca() function accepts any variable number of ltree args. #150647 - CREATE USER and GRANT role operations now wait for full-cluster visibility of the new user table version rather than blocking on convergence. #150747 - Improved the optimizer to hoist projections above joins in more cases, which can lead to better query plans. This behavior can be enabled with the new session variable optimizer_use_improved_hoist_join_project. #150887 - Previously, using a pausable portal with a procedure call could cause a panic, depending on the function body. Now, transaction control statements such as procedure calls (e.g., CALL myfunc()) are disallowed within pausable portals. #151153 - Added the allow_unsafe_internals session variable and sql.defaults.allow_unsafe_internals cluster setting to gate access to system database internals. Default access is allowed to support testing. #151362 - When sql_safe_updates is enabled, the ALTER TABLE ... LOCALITY statement will be blocked when trying to convert an existing table to REGIONAL BY ROW, unless a region column has been added to the table. This protects against undesired behavior that caused UPDATE or DELETE statements to fail against the table while the locality change was in progress. #151423 - Added metrics for statements executed within a stored procedure or function. The following metrics count statements that began execution, including those that failed: sql_routine_select_started_count, sql_routine_update_started_count, sql_routine_insert_started_count, and sql_routine_delete_started_count. The following metrics count only successful executions: sql_routine_select_count, sql_routine_update_count, sql_routine_insert_count, and sql_routine_delete_count. All counters are global and increment before the transaction is committed or aborted. #151689 - Introduced the inspect_errors system table. #151821 - Added a new session variable, disable_optimizer_rules, which allows users to provide a comma-separated list of optimizer rules to disable during query optimization. This allows users to avoid rules that are known to create a suboptimal query plan for specific queries. #151959 - The SQL observability statements SHOW TRANSACTIONS, SHOW QUERIES, and SHOW SESSIONS now include an isolation_level column that shows the isolation level of the active transaction, or the session's default isolation level when there is no active transaction. #152352 - The default value of use_soft_limit_for_distribute_scan session variable is now true. This means that, by default, the soft limit (if available) will be used to determine whether a scan is "large" and, thus, should be distributed. For example, with estimated row count: 100 - 10,000, CockroachDB will use 100 as the estimate to compare against the value of distribute_scan_row_count_threshold. #152557

Operational changes

• The /health/restart_safety endpoint indicates when it is unsafe to terminate a node. #142930
• Added the following cluster settings for configuring blob file rewrite compactions: storage.value_separation.rewrite_minimum_age and storage.value_separation.compaction_garbage_threshold. #148782
• The default value of server.mem_profile.total_dump_size_limit (which controls how much space can be used by automatically collected heap profiles) has been increased from 256MiB to 512MiB. #148848
• Added new experimental values for compression cluster settings to the storage engine. #148849
• The storage.value_separation.enabled cluster setting is now enabled by default. This enables value separation for SSTables, where values exceeding a certain size threshold are stored in separate blob files rather than inline in the SSTable. This helps improve write performance (write amplification) by avoiding rewriting such values during compactions. #148857
• A structured event is now logged to the SQL_SCHEMA channel when the REFRESH MATERIALIZED VIEW statement is executed. #149153
• Removed the storage.columnar_blocks.enabled cluster setting; columnar blocks are always enabled. #149371
• A new feature is now available that automatically captures Go execution traces on a scheduled interval. This feature incurs a performance penalty and is generally intended for use under the guidance of Cockroach Labs Support. It can be configured using the following cluster settings:
  • obs.execution_tracer.interval: Enables the tracer and sets the interval for capturing traces. Set to a value greater than 0 to activate.
  • obs.execution_tracer.duration: Specifies the duration for each captured trace.
  • obs.execution_tracer.total_dump_size_limit: Sets the maximum disk space allowed for storing execution traces. Older traces are automatically deleted when this limit is reached. #149373
• Introduced the cluster setting sql.stats.error_on_concurrent_create_stats.enabled, which modifies how CockroachDB reacts to concurrent auto stats jobs. The default, true, maintains the previous behavior. Setting sql.stats.error_on_concurrent_create_stats.enabled to false will cause the concurrent auto stats job to be skipped with just a log entry and no increased error counters. #149538
• The value of sql.stats.error_on_concurrent_create_stats.enabled now defaults to false, suppressing error counters for auto stats jobs that fail due to concurrent stats jobs in progress. #149848
• Updated TTL job replanning to be less sensitive by focusing specifically on detecting when nodes become unavailable rather than reacting to all plan differences. The cluster setting sql.ttl.replan_flow_threshold may have been set to 0 to work around the TTL replanner being too sensitive; this fix will alleviate that and any instance that had set replan_flow_threshold to 0 can be reset back to the default. #150771
• Added auth.ldap.conn.latency.internal metric to denote the internal authentication time for LDAP auth method. #151105
• Introduced two new logging channels: KV_EXEC and CHANGEFEED. The KV_EXEC channel is intended for KV events that are currently logged to the KV_DISTRIBUTION channel. The CHANGEFEED channel is intended for changefeed-related events that are currently logged to the TELEMETRY channel. This change does not include logic to move existing logs to the new channels. #151692
• Restricted access to internal tables in the crdb_internal schema. Only a predefined allowlist of internal objects is accessible when the session variable allow_unsafe_internals is enabled or when the caller is internal. #151804
• In v26.1, changefeed events will be logged to the CHANGEFEED logging channel instead of TELEMETRY. To test the impact of this change before upgrading, set the cluster setting log.channel_compatibility_mode.enabled to false. This redirects changefeed logs to the CHANGEFEED channel and should be tested only in non-production environments. #151807
• In v26.1, SQL performance events will be logged to the SQL_EXEC channel instead of the SQL_PERF and SQL_INTERNAL_PERF channels. To test the impact of this change, you can set the new cluster setting log.channel_compatibility_mode.enabled to false. This redirects SQL performance logs to the SQL_EXEC channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. #151827
• Restricted access to all crdb_internal built-ins unless the session variable allow_unsafe_internals is set to true, or the caller is internal. #151887
• In v26.1, sampled_query and sampled_transaction events will move from the TELEMETRY channel to the SQL_EXEC logging channel. To test for potential logging pipeline impacts of these changes, set log.channel_compatibility_mode.enabled to false. Avoid testing in production, as this setting changes live log behavior. #151949
• Delegate queries (such as SHOW DATABASES) are now excluded from unsafe SQL checks that restrict access to the system database and crdb_internal schema. This change ensures that these commands continue to function even when access to internal components is otherwise restricted. #152084
• The Physical Cluster Replication (PCR) reader tenant is always destroyed on cutover #152509
• SYSTEM privileges are inherited in read-only mode in standby Physical Cluster Replication (PCR) clusters. #149708
• You can now output transaction traces to the logs in Jaeger-compatible JSON format. This is controlled by the sql.trace.txn.jaeger_json_output.enabled cluster setting, which is disabled by default. When enabled, traces triggered by probabilistic sampling or statement latency thresholds will be formatted for easier ingestion by tools that support the Jaeger tracing format. #151414
• You can now exclude internal transactions from probabilistic transaction tracing and latency-based logging by setting the sql.trace.txn.include_internal.enabled cluster setting to false. This setting is enabled by default to preserve the current behavior, but disabling it is recommended when debugging customer workloads to reduce noise in trace output. #151433

Command-line changes

• The internal generator used by cockroach workload now supports parsing DDL schemas into a structured YAML format, enabling more flexible and detailed workload generation configurations. #149513
• Improved the performance of the debug zip query that collects transaction_contention_events data. This change reduces the risk of encountering “memory budget exceeded” or “query execution canceled due to statement timeout” errors. #149570
• The cockroach workload internals have been updated with built-in generators and wrappers for various SQL types—enabling modular, extensible, and reusable workload data generation. #149728
• Updated the internals of cockroach workload so there is one primary CLI entry point for workload generation, wiring together DDL parsing, schema construction, generator factory, and output routines. #150321
• Updated the redaction policy for cluster settings in debug zip output. All "sensitive" settings are now redacted in all debug zips, whether or not redaction is explicitly requested. In redacted debug zips, both "sensitive" and "non-reportable" settings are redacted. This replaces the previous behavior, which redacted all string-type settings only in redacted debug zips. #150364
• Added SQL workload extraction and rewriting support to the internals of cockroach workload, enabling placeholder‐driven data-generation workflows from CockroachDB debug logs. #150614
• Updated the help text for the --database and --url CLI flags to document support for virtual cluster syntax. The --database flag now shows examples of both simple database names and the cluster:virtual-cluster/database format. The --url flag examples now include the virtual cluster syntax in PostgreSQL connection URLs. #150624
• Updated cockroach workload internals to read init‑time schema and SQL artifacts and run SQL workloads with placeholder‑driven data generation. #150836
• Added support for simple CHECK constraints and bit/bytes column generators to cockroach workload's workload generator. #150926
• Added a new file, cluster_settings_history.txt, to debug zips. This file contains a history of cluster setting changes based on the system event log table. The history is only available while the corresponding events remain in the table. Sensitive settings are always redacted, and non-reportable settings are redacted when the debug zip is generated with redaction enabled. #151066

DB Console changes

• Renamed the 'Hot Ranges' page in the DB Console to 'Top Ranges' to clarify that it shows the highest-ranked ranges by various metrics, not necessarily those experiencing high activity. #149713
• Fixed a bug where Drop Unused Index recommendations were not populated on the Schema Insights tab after a hard refresh of the Insights page. #149838
• Updated the DB Console so that the tenant dropdown now appears in insecure mode when multiple virtual clusters are available. #150535

Bug fixes

• Fixed an issue where hot range logging for virtual clusters omitted some hot ranges. #143775
• Removed unnecessary Kafka topic creation that could cause changefeed startup to fail when using changefeed.new_kafka_sink_enabled=false. #146476
• Fixed a bug that would cause a CALL statement executed via a portal in the extended wire protocol to result in an error like unknown portal "" if the stored procedure contained COMMIT or ROLLBACK statements. The bug had existed since PL/pgSQL transaction control statements were introduced in v24.1. The fix is off by default in versions prior to v25.3. #147923
• Fixed a bug present since v24.1 where the allocator could make rebalancing decisions based on stale data, failing to account for recent local lease transfers not yet reflected in store capacity or gossip. #148476
• A bug where a changefeed that was created before v25.2 could fail after upgrading to v25.2 with the error message both legacy and current checkpoint set on change aggregator spec has now been fixed. #148617
• CockroachDB now supports decoding VECTOR and BOX2D types from the binary format of the PostgreSQL extended protocol (pgwire). #148719

• The RESET ALL statement no longer affects the following session variables:

  • is_superuser
  • role
  • session_authorization
  • transaction_isolation
  • transaction_priority
  • transaction_status
  • transaction_read_only

  This better matches PostgreSQL behavior for RESET ALL. In addition, the DISCARD ALL statement no longer errors when default_transaction_use_follower_reads is enabled. #148770

• CockroachDB now prohibits ORDER BY and join equality operations on REFCURSOR types, matching PostgreSQL behavior. #148863

• Previously, CockroachDB could hit an internal error when performing a DELETE, UPDATE, or UPSERT where the initial scan of the mutation is locking and is on a table different from the one being mutated. A possible workaround was SET enable_implicit_select_for_update = false, but this could increase contention. The bug was introduced in v25.2 and is now fixed. #149093

• Fixes a race condition when advancing a changefeed aggregator's frontier. When hit, the race condition could result in an internal error that would shut down the kvfeed and cause the changefeed to retry. #149119

• CockroachDB now supports case-insensitive matching for keyword identifiers in JSONPath queries. Note that the special identifiers TRUE, FALSE, and NULL are parsed case-insensitively in CockroachDB, but are case-sensitive in PostgreSQL. For example, SELECT '$.active == TrUe'::jsonpath; succeeds in CockroachDB, but fails in PostgreSQL. #149251

• In v25.1, automatic partial statistics collection was enabled by default (by setting the sql.stats.automatic_partial_collection.enabled cluster setting to true). Partial statistics collection may encounter certain expected scenarios that were previously reported as failed stats jobs with PostgreSQL error code 55000. These errors are benign and are no longer reported. Instead, the stats job will be marked as "succeeded," though no new statistics will be created. #149279

• Fixed a minor bug that caused inconsistent behavior with the very rarely used "char" type (distinct from CHAR). #149433

• CockroachDB now allows EXPLAIN of mutation statements in read-only transaction mode, matching PostgreSQL behavior. Note that EXPLAIN ANALYZE of mutations is still disallowed, since this variant actually executes the statement. #149449

• Fixed an issue where some SQL metrics were not reported when server.child_metrics.enabled was enabled, server.child_metrics.include_aggregate.enabled was disabled, and sql.metrics.application_name.enabled and sql.metrics.database_name.enabled were also disabled. Specifically, metrics with no children now report their aggregate metrics regardless of the server.child_metrics.include_aggregate.enabled cluster setting. #149540

• Fixed a bug where database login could fail during LDAP, JWT, or OIDC authentication if the user's external group memberships did not correspond to any existing roles in the database. The login will now succeed, and no roles will be granted or revoked in this scenario. #149638

• Fixed a slow memory leak that was introduced in v25.1.8, v25.2.1, v25.2.2, and v25.3 betas. The leak would accumulate whenever a node executed a part of the distributed plan (although the gateway node of the plan was not affected), and could only be mitigated by restarting the node. #149800

• Attempting to create a vector index with the legacy schema changer will now fail gracefully instead of crashing the node. #149812

• Improved split and scatter behavior for CREATE INDEX when statistics are available for key columns. #150238

• Fixed a bug that was preventing the row-level TTL table storage parameters (e.g., ttl_select_batch_size, ttl_delete_batch_size, ttl_delete_rate_limit, ttl_select_rate_limit) from being set to 0, which is their default value. #150253

• Fixed an issue where discarding zone configs on sequences did not actually remove the configuration. #150255

• Fixed a bug where modifying a changefeed with ALTER CHANGEFEED that either unset or left the gc_protect_expires_after option unset would cause the changefeed's max PTS age to become unbounded instead of being set to the default value configured by the changefeed.protect_timestamp.max_age cluster setting. #150283

• Fixed a bug that would allow a race condition in foreign key cascades under READ COMMITTED and REPEATABLE READ isolation levels. #150291

• Fixed a bug where the entire schema would become inaccessible if a table was referenced as an implicit record type by a user-defined function (UDF) while the table was undergoing an IMPORT. #150350

• Fixed invalid zone configurations that were generated when adding a super region to a 3-region database with a secondary region and region survivability. Previously, this could result in assigning more than the allowed number of replicas. #150413

• Addressed a bug on schema_locked tables when a column is dropped, and schema_locked is toggled for the user. #150435

• Fixed the pg_catalog.pg_type enties for the "any" and "trigger" pseudotypes. #150777

• Fixed an issue where Row Level Security (RLS) policies with missing dependencies during table-level restores could cause inconsistent state or restore failures. #151045

• Fixed a bug that could cause some errors returned by attempts to upload backup data to external storage providers to go undetected, potentially causing incomplete backups. #151058

• Previously, CockroachDB could encounter an internal error trying to add a column of UNKNOWN type at ... in rare cases when handling CASE or OR operations. This bug was present since v20.2 and is now fixed. #151093

• Fixed a bug where debug.zip files collected from clusters with disallow_full_table_scans enabled were missing system table data. #151185

• Fix handling of empty arrays in JSONPath lax mode comparisons. Empty arrays now return false for comparisons in lax mode and null in strict mode, matching PostgreSQL behavior. #151226

• Fixed a bug where DROP USER succeeded even though a role owned default privileges, which could leave invalid privilege entries in the system. #151472

• Fixed a bug where sequences could lose references to triggers, allowing them to be dropped incorrectly. #151546

• Previously, CockroachDB could incorrectly elevate the number of rows deleted on tables with multiple column families. The bug was present v19.2 and is now fixed. Note that the data was deleted correctly, but the "rows affected" number was wrong. #151563

• Added an automatic repair for dangling or invalid entries in the system.comments table. #151737

• Previously, CockroachDB could hit an error ERROR: span with results after resume span... when evaluating some queries with ORDER BY ... DESC in an edge case. This bug was present since v22.1 and is now fixed. #151774

• Fixed a bug where updating column default expressions would incorrectly remove sequence ownerships for the affected column. #151947

• Fixed a bug where executing certain statements with BETWEEN SYMMETRIC expressions could panic if used with values of different types, such as ... b'bytes' BETWEEN SYMMETRIC 'a' AND 'c'. #151951

• Fixed a bug where SHOW TABLES would show inaccurate row counts if the most recent statistics collection was partial. #152033

• Fixed a bug that prevented RESTORE from working if there were computed columns or ON UPDATE expressions that referenced user-defined functions (UDFs). This bug was introduced in v25.3.0. #152193

• Fixed a bug that allowed foreign-key violations to result from some combinations of concurrent READ COMMITTED and SERIALIZABLE transactions. If both SERIALIZABLE and weaker-isolation transactions will concurrently modify rows involved in foreign-key relationships, the SERIALIZABLE transactions must have the following session variables set in order to prevent any possible foreign-key violations:

  • SET enable_implicit_fk_locking_for_serializable = on;
  • SET enable_shared_locking_for_serializable = on;
  • SET enable_durable_locking_for_serializable = on; #152245

• Added the use_soft_limit_for_distribute_scan session variable (default: false), which controls whether CockroachDB uses the soft row count estimate when deciding whether an execution plan should be distributed. In v25.1, the physical planning heuristics were changed such that large constrained table scans, estimated to scan at least 10,000 rows (controlled via distribute_scan_row_count_threshold), would force plan distribution when distsql=auto. However, if the scan had a "soft limit" CockroachDB would still use the full estimate (for example, 10,000 in estimated row count: 100–10,000), sometimes unnecessarily distributing queries and increasing latency. The use_soft_limit_for_distribute_scan session variable addresses this by allowing the planner to use the soft limit when deciding whether a scan is "large". #152300

• pg_class.pg_depend now contains entries with deptype='i' (internal) for identity columns that own sequences. These previously had deptype='a' (auto). #152309

• Fixed a bug that caused an error when dropping a column and a UNIQUE WITHOUT INDEX constraint that referenced it in the same transaction. #152447

• Fixed a bug where views could not reference the crdb_region column from their underlying tables in expressions. #152670

Performance improvements

• Some queries with filters of the form x IS NOT DISTINCT FROM y now have more optimal query plans. #146494
• Mutation statements (UPDATE and DELETE) that perform lookup joins into multi-region tables (perhaps as part of a CASCADE) are now more likely to parallelize the lookups across ranges, improving their performance. #148186
• LIKE filter expressions of the form x LIKE '%' are now normalized to TRUE if x is non-NULL within a SELECT expression. #148763
• Filters of the form x LIKE '%' are now normalized to x IS NOT NULL, enabling performance improvements on both nullable and non-nullable columns. Previously, such filters were normalized directly to TRUE, which only applied to non-NULL columns. #149614
• Updated the storage engine to reduce write amplification by storing Raft log values in separate blob files. This reduces write bandwidth, especially on stores with many replicas. This in turn can increase throughput and reduce latency. This behavior is active as long as the storage.value_separation.enabled cluster setting is enabled. #149712
• Improved the efficiency and throughput of catch-up scans used by Change Data Capture (CDC) and Physical Cluster Replication (PCR) in cases where substantial catch-up work is required. #150738
• Certain types of simple queries on tables with row-level security enabled are now more efficiently executed. #151337
• LTREE is now index-accelerated with the @> operator. #152353
• LTREE is now index-accelerated with the <@ operator. #152353
• Lookup joins can now be used on tables with virtual columns even if the type of the search argument is not identical to the column type referenced in the virtual column. #152399

Build changes

• Upgraded to Go 1.23.12 #152207