> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Bytebase 3.11.0 - Oct 10, 2025

> Environment rollout policy update

### 🔔 Notable Changes

* **Environment rollout policy update**
  * **Issue Creators** and **Last Issue Approvers** can no longer roll out issues. Manual rollouts now require specifying workspace/project roles or users with the `bb.taskRuns.create` permission.
  * The force rollout mechanism has been replaced by [configurable rollout requirements](/change-database/environment-policy/rollout-policy#configurable-rollout-requirements):
    * **Require Issue Approval** – ensures issues must be approved before rollout can proceed (default: enabled).
    * **Plan Check Enforcement** – controls rollout behavior based on plan check results (default: block on errors only).

* Deprecate `bb.sql.export` permission and `roles/projectExporter` role. It’s merged into `SQL Editor User` role, which now can export directly in SQL Editor; Developer can still create Export issue as before.

* Deprecate `request.row_limit` in the project IAM policy. Use `maximum_result_rows` in `QueryDataPolicy` instead.

* **API**

  * Standardize CEL attribute naming with prefixes: `resource.*`, `statement.*`, `request.*` (e.g., environment\_id → resource.environment\_id)
  * Unify risk levels to single `RiskLevel` enum; changed from integers (`100`, `200`, `300`) to strings (`LOW`, `MODERATE`, `HIGH`); CEL expressions migrate from `format level == 300` to `level == "HIGH"`
  * Simplify approval template to singleton with flat role array; replace `approval_finding_done`/`approval_finding_error` with `approval_status` enum
  * Consolidate task types into `DATABASE_MIGRATE` (with `migrate_type`: DDL/DML/GHOST) and `DATABASE_SDL`. Split changelog Type into `Type` and `MigrationType` enums. Merged `DatabaseSchemaUpdate` and `DatabaseDataUpdate` into `DatabaseUpdate`.

* **Terraform** (provider version: 3.11.1)

  * Use `RiskLevel` enum instead of numeric values for level in `bytebase_risk`. Example: [risk.tf](https://github.com/bytebase/terraform-provider-bytebase/blob/main/examples/setup/risk.tf)
  * Remove `disable_copy_data_policy`; moved into `query_data_policy` as the `disable_copy_data` field. Example: [environment.tf](https://github.com/bytebase/terraform-provider-bytebase/blob/main/examples/setup/environment.tf#L60)
  * Update structure of the `approval_flow` setting. Example: [approval\_flow.tf](https://github.com/bytebase/terraform-provider-bytebase/blob/main/examples/setup/approval_flow.tf)
  * Remove `row_limit` from `bytebase_iam_policy` setting.

* Remove `Format on Save` feature from **SQL Editor**.

### 🎄 Enhancements

* Support key-value instance labels.
* Optimize **Schema Editor** performance.
* Add pre-flight validation and circuit breaker to **gh-ost workflow**.
* **AWS Elasticsearch** – Add cross-account support.

### 🐞 Bug Fixes

* Add fallback behavior for **PostgreSQL** dump topological sorting to prevent blocking dump functionality.

## ⚙️ Install and Upgrade

* [Fresh install](/get-started/self-host/deploy-with-docker)

* [Upgrade](/get-started/self-host/upgrade)

*Before upgrading: 1) Back up the [metadata](https://www.bytebase.com/docs/administration/back-up-restore-metadata/) — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.*
