> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Bytebase 3.14.0 - Jan 15, 2026

> Separate CI and CD phases and Redefine Webhook Events

## 🌟 Sequel to New CI/CD Experience

* Database **CI (review)** and **CD (deployment)** are 2 separated phases, aligning with industry standard CI/CD practices (GitHub, GitLab):
  * **CI (review)** - issue page displays plan changes directly, no more context switching between tabs.
  * **CD (deployment)** - rollout is now a standalone page, clearly separating review from execution.
  * Rollout UI now supports release-based tasks — showing per-file execution status, command duration, and release info in task items.
  * Rollout creation: introduce creation dependency between issue and rollout, with 2 rollout creation modes - 1) automatic creation, if issue is approved AND SQL review check pass; 2) manual creation, in other cases, e.g. issue approved BUT review not passed. After rollout is created, issue status will be automatically set to `DONE`.
  * Rollout permission: as a result of introducing manual creation, `bb.rollouts.create` permission is added to **Project Releaser** role . All custom roles for rollout initiation are advised to be assigned `bb.rollouts.create` permission (it only controls who can create a rollout, but it does not bypass approval requirements or task execution).
* Remove `auto_resolve_issue` and `allow_modify_statement` from **Project Settings**.
* For Terraform, remove `allow_modify_statement` and `auto_resolve_issue` from the project resource, remove `auto_resolve_issue` from the workspace\_profile setting resource.

## 🔔 Other Notable Changes

* Update [**Project Webhook events**](/change-database/webhook#supported-events).
  <Expandable title="details" defaultOpen={false}>
    * For Terraform, the `notification_types` in the project webhook are changed to `ISSUE_CREATED`, `ISSUE_APPROVAL_REQUESTED`, `ISSUE_SENT_BACK`, `PIPELINE_FAILED` and `PIPELINE_COMPLETED`.
  </Expandable>
* Improve permission guards and access control:
  * Stop hiding UI elements when users lack permissions and show a no permission alert instead.
  * Allow users with `bb.issues.create` permission to request Project roles directly from the UI.
  * Allow **Project Owners** to disable the self-service role request workflow in **Project Settings**.
  <Expandable title="details" defaultOpen={false}>
    - Introduce more granular permission management:
      * Add new policy permissions:
        * `bb.policies.getMaskingRulePolicy`
        * `bb.policies.updateMaskingRulePolicy`
        * `bb.policies.createMaskingRulePolicy`
        * `bb.policies.deleteMaskingRulePolicy`
        * `bb.policies.getMaskingExemptionPolicy`
        * `bb.policies.updateMaskingExemptionPolicy`
        * `bb.policies.createMaskingExemptionPolicy`
        * `bb.policies.deleteMaskingExemptionPolicy`
      * Add new settings permissions:
        * `bb.settings.getEnvironment`
        * `bb.settings.setEnvironment`
        * `bb.settings.getWorkspaceProfile`
        * `bb.settings.setWorkspaceProfile`
      * Permission assignments are updated accordingly:
        * The **Workspace Admin** and **DBA** receive all these new permissions.
        * The **Project Owner** receives the new policy permissions.
        * The **Workspace Member** receives `bb.settings.getEnvironment` and `bb.settings.getWorkspaceProfile`.
    - Tighten **Workspace Members** permissions:
      * Revoke `bb.settings.get`, `bb.settings.list`, `bb.projects.list`.
      * If **Workspace Members** should not access the user list, create a custom role and revoke `bb.users.list` and `bb.users.get`.
    - For Terraform, support configure `allow_request_role`, `data_classification_config_id`, `enforce_sql_review`, `force_issue_labels`, `issue_labels`, `labels`, `require_issue_approval`, `require_plan_check_no_error` for the project resource.
  </Expandable>
* Redesign the **Database Changelog** and **Revision** pages.
* Remove **Schema Drift Detection** feature:
  <Expandable title="details" defaultOpen={false}>
    * Remove `drifted` field from `Database message` in `v1/database_service.proto`.
    * Remove `drifted` filter option from `ListDatabases` API (previously supported `drifted == true` filter).
    * Remove `dump_version` field from `ChangelogPayload` in store proto.
  </Expandable>
* Update core APIs `CreateSheet`, `CreatePlan`, `CreateRollout`, and `CreateRelease`, please refer to the latest API documentation for updated request/response definitions.
  <Expandable title="details" defaultOpen={false}>
    * Sheet: Remove `engine`, `title`, `creator`, `create_time` fields; remove `UpdateSheet` RPC (sheets are now immutable).
    * Plan: Remove `rollout` field (use `has_rollout` boolean); remove `ChangeDatabaseConfig.type` field.
    * Rollout: Resource path changed from `projects/*/rollouts/*` to `projects/*/plans/*/rollout`; remove `rollout` field from `CreateRolloutRequest`.
    * Release: Move `File.type` to release level; remove `File.id` field; remove `SearchReleases` RPC.
    * Common: Remove `DatabaseChangeType` enum; consolidate `DATABASE_SDL` into `DATABASE_MIGRATE`.
  </Expandable>
* Remove `maximum_connections` from **Instance Settings** and use `Parallel tasks per rollout` in **Project Settings** instead. For Terraform, remove `maximum_connections` from the instance resource.
* Unify `TRUNCATE_TABLE` and `TRUNCATE` into a single `TRUNCATE` statement type for **Custom Approval** CEL expressions.
* Releases are now identified by `release_id` (e.g., `my-release-RC00`) with automatic train/RC iteration numbering. The `title`, `digest` fields are removed from the Release API, and UpdateRelease returns `UNIMPLEMENTED`. For Terraform, update `bytebase_release` resource if using `title` or `digest` fields.

## 🚀 Features

* Improve access and refresh token support. Add refresh tokens (previously only access tokens on the web were supported) and allow separate configuration of **access token duration** and **refresh token duration** (previously the sign-in frequency setting).
* Allow setting `No approval required` in approval rules when configured conditions are met.
* Support [**Workload Identity** with **GitLab**](/administration/workload-identity/gitlab-ci).

## 🎄 Enhancements

* Add list sorting for projects, instances, and databases.
* **Grant Exemption** supports CEL expressions and includes a database selector.
* **PostgreSQL** - Support ENUM value additions via `ALTER TYPE ... ADD VALUE` in schema sync.
* **MySQL** - Prettify generated DDL statements.

## 🐞 Bug Fixes

* Fix AI setting cache modification issues.
* **PostgreSQL** – Fix cyclic foreign key dependency handling in schema diff.
* **TiDB** – Fix DML dry run handling for BATCH syntax.
* **PostgreSQL** – Fix using identifiers as SELECT target field aliases.
* **Oracle** – Fix SQL Review incorrectly flagging GRANT / REVOKE as reserved keywords.

## ⚙️ Install and Upgrade

* [Fresh install](/get-started/self-host/deploy-with-docker)

* [Upgrade](/get-started/self-host/upgrade)

*Before upgrading: 1) Back up the [metadata](https://www.bytebase.com/docs/administration/back-up-restore-metadata/) — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.*
