Skip to main content

🔔 Notable Changes

  • CI/CD change issues now open on the Plan detail page — Opening a CI/CD database-change issue (from the issue list, a link, or a notification) now takes you to the Plan detail page — where the review happens, with approval flow, activity, and comments inline — instead of the Issue detail page. Access-request and data-export issues still open on the Issue detail page, and existing issue links keep working (they redirect).
  • Cap the duration of access requests — Admins can now enforce a maximum duration on access requests; a request can no longer exceed the workspace’s configured cap. The workspace setting is renamed accordingly. See Change Details.
  • Export Center and data-export approval flow deprecated — The standalone Export Center and the separate data-export approval flow are deprecated; data export is handled through the just-in-time data-export approval flow in the SQL Editor.
  • 7 low-signal SQL review rules removed — These rules only fired when the top-level statement was a SELECT, so they never applied to the DDL/DML change-review workflow. Existing review policies are cleaned automatically on upgrade. See Change Details.
  • Terraform provider 3.20.0 required — Upgrade the Bytebase server first, then move to provider 3.20.0. It covers this release’s breaking changes: EXPORT_DATA deprecated in the approval flow; announcement level deprecated in favor of theme; the workspace maximum request-expiration field renamed; and environment and issue-label colors moved to the color protocol message. It also adds Vault token_type support and fixes review-config state-diff and webhook-URL-in-state handling. Remove the seven deleted SQL review rule types from your review configs. See Change Details.

🚀 Features

  • Custom theme for SQL Editor and announcements — Choose the SQL Editor color theme or define your own from Settings. Workspace announcements get the same treatment, with configurable background and text colors, replacing the deprecated announcement level.
  • Self-hosted — GCP Cloud SQL IAM authentication for the external PostgreSQL metadata database. On GKE with Workload Identity, the metadata database connects to Cloud SQL via IAM authentication with no static password — over public IP, private IP, or Private Service Connect (PSC), with Helm chart support. See Metadata database IAM authentication.

🎄 Enhancements

  • SQL parsing — Improved Omni parser compatibility across multiple SQL engines, covering SQL Review, schema workflows, statement splitting, completion, and execution. For MariaDB specifically, the SQL Editor no longer flags valid MariaDB-only syntax as errors: sequences and NEXT VALUE FOR, RETURNING on INSERT/REPLACE/DELETE, system-versioned and application-time-period tables, parenthesized row constructors, and UUID/INET types.
  • Plan detail — Consolidated plan-lifecycle actions in the header, which now shows the plan’s primary “what’s next” action (or current status) at every stage, plus a consolidated review-activity timeline.
  • gh-ost parameter configuration — Restores the in-product editor for gh-ost online-migration flags (max-load, chunk-size, and more), so tuning no longer requires hand-writing the JSON directive.
  • Vault — The HashiCorp Vault external-secret integration adds a token_type field: the token can be provided as PLAIN, ENVIRONMENT (environment variable), or FILE.
  • Allow just-in-time requests for info-level permissions.

🐞 Bug Fixes

  • GitOps — Fix release checks not populating risk levels, which made high-risk statements such as DROP TABLE show None in the GitHub Action check output.
  • Custom OAuth2 SSO — Fix userinfo lookup failing against Oracle Cloud Infrastructure (OCI) IAM Identity Domains, which surfaced as a misleading JSON parse error.
  • Fix the “Manually select” database picker freezing the browser on large deployments, by loading one page on open with a “Load more” affordance instead of draining every page at once.
  • Fix the workspace title being uneditable on the setup page, and a missing project-scope feature check when listing database groups.
  • MySQL/MariaDB — Fix schema sync over-fetching foreign-key and trigger metadata across databases, and use the MariaDB-native CHECK_CONSTRAINTS query.
  • gh-ost — Trim a trailing semicolon so the attempt-instant-DDL path stays valid.

📃 Change Details

Access Request Expiration

Access requests are now bounded by the workspace maximum expiration, and the workspace setting field is renamed.
ChangeBeforeAfter
Workspace setting fieldmaximum_role_expiration_in_secondsmaximum_request_expiration_in_seconds
BehaviorRequesters could set an expiration independent of the capRequest duration is capped at the workspace maximum
The existing value is carried to the new field automatically on upgrade.

Removed SQL Review Rules

These 7 rules are removed — each only triggered on a top-level SELECT statement:
Removed rule
STATEMENT_SELECT_FULL_TABLE_SCAN
STATEMENT_QUERY_MINIMUM_PLAN_LEVEL
STATEMENT_DISALLOW_USING_FILESORT
STATEMENT_DISALLOW_USING_TEMPORARY
STATEMENT_MAXIMUM_JOIN_TABLE_COUNT
STATEMENT_JOIN_STRICT_COLUMN_ATTRS
STATEMENT_MAXIMUM_LIMIT_VALUE
Stored review policies are cleaned automatically on upgrade, so existing configurations continue to load. Rules that also cover DML or VIEW statements are intentionally kept.

Terraform Impact

Move to terraform-provider-bytebase 3.20.0 after upgrading the server. See Migration Guide.
ChangeTypeAction
EXPORT_DATA approval source deprecatedBreakingRemove EXPORT_DATA from approval-flow config; use the JIT data-export flow
Announcement levelthemeBreakingReplace level with theme (background / text) under workspace_profile.announcement
Maximum request-expiration field renamedBreakingRename maximum_role_expiration_in_seconds to maximum_request_expiration_in_seconds in workspace_profile
Environment and issue-label colors moved to color protocol messageBreakingUpdate color values to the new color message representation
Vault token_typeFeatureOptionally set PLAIN, ENVIRONMENT, or FILE in data_sources.external_secret
Review-config state diff / webhook URL in stateFixNo action required
Seven SQL review rules removedBreakingRemove the removed rule types (e.g. STATEMENT_MAXIMUM_LIMIT_VALUE) from your review config

⚙️ Install and Upgrade

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.