> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Bytebase 3.13.0 - Dec 18, 2025

> Support MCP integration and simplified approval flow configuration

## 🔔 Notable Changes

* **Consolidate DDL and DML changes** so users no longer need to select them explicitly when initiating New Plan or configuring approval flow.
* **Simplify approval workflows**:
  * Approval flows are defined directly using CEL expressions, without intermediate risk definitions.
  * Risk level is automatically evaluated using a standardized assessment framework.
  * `risk.level` is an optional CEL factor for CHANGE\_DATABASE approval flows.
  * For non-Terraform, existing approval flows are automatically migrated.
  * For Terraform, approval flows are defined via bytebase\_setting (settings/WORKSPACE\_APPROVAL) using approval\_flow\.rules.flow, and risk resources are removed.(e.g. [approval\_flow.tf](https://github.com/bytebase/terraform-provider-bytebase/blob/main/examples/setup/approval_flow.tf))
* Update SQL review configuration for Terraform: (e.g. [sql\_review.tf](https://github.com/bytebase/terraform-provider-bytebase/blob/main/examples/setup/sql_review.tf))
  * SQL review rules use typed payload fields (`number_payload`, `string_payload`, `string_array_payload`, `naming_payload`, etc.).
  * Generic payload and comment fields are removed.
  * Rule level enums migrate from `SQLReviewRuleLevel_WARNING/ERROR` to `SQLReviewRule_WARNING/ERROR`.
* Move rollout policy checkers from environment to project level: **Require issue approval** and **Plan check enforcement**. Project settings are checked if any checker is previously used via automatic migration.
* Migrate user identifiers: User references change from `users/{id}` to `users/{email}` in APIs and storage. Audit logs store user emails directly.
* Rename **Masking Exception** to **Masking Exemption**:
  * APIs rename `MaskingException` to `MaskingExemption`.
  * The action field is removed.
  * `member` is replaced with a `members` list.
  * For Terraform, `masking_exception_policy` is renamed to `masking_exemption_policy`.
* **Disallow Copy Policy** now applies to Admin and DBA roles (previously exempted).
* Refine database group permissions:
  * Roles with `bb.projects.get` gain `bb.databaseGroups.list/get`.
  * Roles with `bb.projects.update` gain `bb.databaseGroups.create/update/delete`.
  * For Terraform, please update the permissions of custom roles accordingly.
* Update batch task APIs: The `reason` field is removed from `BatchRunTasks` and `BatchCancelTaskRuns`. `reason` is supported only for skip operations.
* Remove **Schema Template** functionality.

## 🚀 Features

* Support [MCP integration](/integrations/mcp).
* Add **Workload Identity** as a dedicated account type for OIDC-based authentication, with [GitHub Actions support](/administration/workload-identity/github-actions).
* Support direct messages for **Microsoft Teams**.

## 🎄 Enhancements

* Improve the rollout page with a timeline view, auto-expanded task details, and collapsible task run logs with auto-refresh.
* Allow filtering in SQL Editor results to quickly locate rows.
* Allow selecting a database group to query from in the SQL Editor.
* **Snowflake** - Support passphrase-protected private keys.
* **PostgreSQL** - Add event trigger sync and SDL support.
* **Trino** - Support TLS/SSL.
* **Doris** - Improve SQL parser compatibility.

## ⚙️ Install and Upgrade

* [Fresh install](/get-started/self-host/deploy-with-docker)

* [Upgrade](/get-started/self-host/upgrade)

*Before upgrading: 1) Back up the [metadata](https://www.bytebase.com/docs/administration/back-up-restore-metadata/) — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.*
