> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Bytebase 3.18.0 - May 14, 2026

> Bytebase Cloud Upgrade

## ☁️ Bytebase Cloud Upgrade

Bytebase Cloud is now a true multi-tenant SaaS.

* One account, many workspaces — with a workspace switcher and self-serve leave/delete.
* Passwordless sign-in by email code (no more passwords in Cloud).
* Global SSO — sign in with Google, GitHub, or your org's IdP without picking a workspace first.
* Self-serve subscription plan upgrade and cancel from inside the app.
* Pro plan: unlimited user seats available, billed per user.

## 🔔 Other Notable Changes

* **Plan edits surfaced in issue activity** — Plan edits now appear in the issue activity feed for approver visibility.

* **API breaking changes** — `require_2fa` → `require_mfa`, `plan_spec_update` → `plan_update` (restructured payload), and `Issue.ApprovalStatus` moved to top-level. See [Change Details](#api-breaking-changes).

* **Terraform provider 3.18.0 required** — Adds write-only sensitive fields and a provider-level `custom_header` block. Requires Terraform CLI 1.11+. See [Migration Guide](https://github.com/bytebase/terraform-provider-bytebase/blob/main/migration/3.18.0.md).

## 🚀 Features

* **AWS RDS IAM auth for the Bytebase metadata database** — Authenticate the metadata PostgreSQL via AWS RDS IAM tokens.

* **Google Chat webhook integration** — Add Google Chat as a project webhook destination.

* **MariaDB** — Support DML rollback / prior-backup, matching MySQL behavior.

* **CosmosDB** — Support cross-partition queries.

## 🎄 Enhancements

* **Bytebase Action** — Add `--custom-header` flag for header-based access proxies in CI/CD pipelines.

* Issues stuck in `CHECKING` can be retried via a new `RetryIssueApproval` API.

* Improve SQL analysis reliability across PostgreSQL, MySQL, and MSSQL for advisor rules, query span, completion, and schema diff.

* Improve PostgreSQL and CockroachDB metadata-backed schema diff reliability.

* Show gh-ost start/end events in task run logs.

* Show DDL/DML environment warnings across role grant, role request, and issue creation flows.

* Show expired roles inline in the members table and member detail panel.

* Show database group titles in plan selectors and human-readable instance/database names in member-role scopes.

* Whitelist redirect URIs in OAuth dynamic client registration.

* Restore audit logs for Login / Signup / ExchangeToken; add audit events for retry approval and email-code / password-reset paths.

* Default the SQL Editor query role to the least-privileged SQL select role.

* Improve the SQL statement matching for JIT access grants.

* **TiDB** — Support extra DataSource connection parameters, including connection packet compression.

* **TiDB** — SQL Editor `Ctrl+Enter` now runs the cursor statement, matching MySQL / PostgreSQL behavior.

* **ClickHouse** — `AggregateFunction(...)` errors from `SELECT *` now suggest using `-Merge` + `GROUP BY` or `finalizeAggregation()`.

## 🐞 Bug Fixes

* Fix multi-change plans targeting the same database group being rejected.

* Fix `PIPELINE_COMPLETED` webhook event missing when failed tasks are skipped.

* Fix per-sheet plan check summary preservation during approval checks.

* **PostgreSQL** — Fix query span bugs affecting masking and query analysis.

* **Databricks** — Apply user-selected row limit to SQL Editor queries.

## 📃 Change Details

### API Breaking Changes

**1. `require_2fa` renamed to `require_mfa`**

The field on `WorkspaceProfileSetting` reflects the broader MFA scope (no longer 2FA-only).

| Field                                 | Before               | After                |
| ------------------------------------- | -------------------- | -------------------- |
| `WorkspaceProfileSetting.require_2fa` | `require_2fa` (bool) | `require_mfa` (bool) |

Affected routes: any caller updating workspace profile settings via `SettingService.UpdateSetting` writing `WorkspaceProfileSetting`. Update references in your config or IaC.

**2. `IssueComment.plan_spec_update` renamed to `plan_update`**

The per-spec event (single sheet replacement) is replaced by a before/after snapshot of `Plan.Spec[]`, so the comment carries the full diff of every plan spec change in one event.

| Field                                                                                                        | Before                                                                                    | After |
| ------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------- | ----- |
| `IssueComment.plan_spec_update` — `PlanSpecUpdate { spec, from_sheet, to_sheet }` (single spec/sheet change) | `IssueComment.plan_update` — `PlanUpdate { from_specs, to_specs }` (repeated `Plan.Spec`) |       |

Affected routes: any consumer of `IssueService.ListIssueComments` or issue activity events that previously read `plan_spec_update`. Update to read `plan_update.from_specs` / `to_specs`.

**3. `Issue.ApprovalStatus` moved to top-level `ApprovalStatus`**

Nested enum `Issue.ApprovalStatus` is removed; the same enum now lives at the top level in `common.proto` and is referenced by both `Issue.approval_status` and `Plan.approval_status`. Enum values and ordinals are unchanged (`CHECKING=1`, `PENDING=2`, `APPROVED=3`, `REJECTED=4`, `SKIPPED=5`).

| Type          | Before                             | After                        |
| ------------- | ---------------------------------- | ---------------------------- |
| Enum location | `bytebase.v1.Issue.ApprovalStatus` | `bytebase.v1.ApprovalStatus` |

Affected routes: clients that referenced the nested enum type by name (for example, generated Go or TS types). Update imports or type references; wire format is unchanged.

## ⚙️ Install and Upgrade

* [Fresh install](/get-started/self-host/deploy-with-docker)

* [Upgrade](/get-started/self-host/upgrade)

*Before upgrading: 1) Back up the [metadata](https://www.bytebase.com/docs/administration/back-up-restore-metadata/) — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.*
