🔔 Notable Changes
- CI/CD change issues now open on the Plan detail page — Opening a CI/CD database-change issue (from the issue list, a link, or a notification) now takes you to the Plan detail page — where the review happens, with approval flow, activity, and comments inline — instead of the Issue detail page. Access-request and data-export issues still open on the Issue detail page, and existing issue links keep working (they redirect).
- Cap the duration of access requests — Admins can now enforce a maximum duration on access requests; a request can no longer exceed the workspace’s configured cap. The workspace setting is renamed accordingly. See Change Details.
- Export Center and data-export approval flow deprecated — The standalone Export Center and the separate data-export approval flow are deprecated; data export is handled through the just-in-time data-export approval flow in the SQL Editor.
-
7 low-signal SQL review rules removed — These rules only fired when the top-level statement was a
SELECT, so they never applied to the DDL/DML change-review workflow. Existing review policies are cleaned automatically on upgrade. See Change Details. -
Terraform provider 3.20.0 required — Upgrade the Bytebase server first, then move to provider 3.20.0. It covers this release’s breaking changes:
EXPORT_DATAdeprecated in the approval flow; announcementleveldeprecated in favor oftheme; the workspace maximum request-expiration field renamed; and environment and issue-label colors moved to the color protocol message. It also adds Vaulttoken_typesupport and fixes review-config state-diff and webhook-URL-in-state handling. Remove the seven deleted SQL review rule types from your review configs. See Change Details.
🚀 Features
-
Custom theme for SQL Editor and announcements — Choose the SQL Editor color theme or define your own from Settings. Workspace announcements get the same treatment, with configurable background and text colors, replacing the deprecated announcement
level. - Self-hosted — GCP Cloud SQL IAM authentication for the external PostgreSQL metadata database. On GKE with Workload Identity, the metadata database connects to Cloud SQL via IAM authentication with no static password — over public IP, private IP, or Private Service Connect (PSC), with Helm chart support. See Metadata database IAM authentication.
🎄 Enhancements
-
SQL parsing — Improved Omni parser compatibility across multiple SQL engines, covering SQL Review, schema workflows, statement splitting, completion, and execution. For MariaDB specifically, the SQL Editor no longer flags valid MariaDB-only syntax as errors: sequences and
NEXT VALUE FOR,RETURNINGon INSERT/REPLACE/DELETE, system-versioned and application-time-period tables, parenthesized row constructors, and UUID/INET types. - Plan detail — Consolidated plan-lifecycle actions in the header, which now shows the plan’s primary “what’s next” action (or current status) at every stage, plus a consolidated review-activity timeline.
-
gh-ost parameter configuration — Restores the in-product editor for gh-ost online-migration flags (
max-load,chunk-size, and more), so tuning no longer requires hand-writing the JSON directive. -
Vault — The HashiCorp Vault external-secret integration adds a
token_typefield: the token can be provided asPLAIN,ENVIRONMENT(environment variable), orFILE. - Allow just-in-time requests for info-level permissions.
🐞 Bug Fixes
-
GitOps — Fix release checks not populating risk levels, which made high-risk statements such as
DROP TABLEshowNonein the GitHub Action check output. - Custom OAuth2 SSO — Fix userinfo lookup failing against Oracle Cloud Infrastructure (OCI) IAM Identity Domains, which surfaced as a misleading JSON parse error.
- Fix the “Manually select” database picker freezing the browser on large deployments, by loading one page on open with a “Load more” affordance instead of draining every page at once.
- Fix the workspace title being uneditable on the setup page, and a missing project-scope feature check when listing database groups.
-
MySQL/MariaDB — Fix schema sync over-fetching foreign-key and trigger metadata across databases, and use the MariaDB-native
CHECK_CONSTRAINTSquery. - gh-ost — Trim a trailing semicolon so the attempt-instant-DDL path stays valid.
📃 Change Details
Access Request Expiration
Access requests are now bounded by the workspace maximum expiration, and the workspace setting field is renamed.| Change | Before | After |
|---|---|---|
| Workspace setting field | maximum_role_expiration_in_seconds | maximum_request_expiration_in_seconds |
| Behavior | Requesters could set an expiration independent of the cap | Request duration is capped at the workspace maximum |
Removed SQL Review Rules
These 7 rules are removed — each only triggered on a top-levelSELECT statement:
| Removed rule |
|---|
STATEMENT_SELECT_FULL_TABLE_SCAN |
STATEMENT_QUERY_MINIMUM_PLAN_LEVEL |
STATEMENT_DISALLOW_USING_FILESORT |
STATEMENT_DISALLOW_USING_TEMPORARY |
STATEMENT_MAXIMUM_JOIN_TABLE_COUNT |
STATEMENT_JOIN_STRICT_COLUMN_ATTRS |
STATEMENT_MAXIMUM_LIMIT_VALUE |
Terraform Impact
Move toterraform-provider-bytebase 3.20.0 after upgrading the server. See Migration Guide.
| Change | Type | Action |
|---|---|---|
EXPORT_DATA approval source deprecated | Breaking | Remove EXPORT_DATA from approval-flow config; use the JIT data-export flow |
Announcement level → theme | Breaking | Replace level with theme (background / text) under workspace_profile.announcement |
| Maximum request-expiration field renamed | Breaking | Rename maximum_role_expiration_in_seconds to maximum_request_expiration_in_seconds in workspace_profile |
| Environment and issue-label colors moved to color protocol message | Breaking | Update color values to the new color message representation |
Vault token_type | Feature | Optionally set PLAIN, ENVIRONMENT, or FILE in data_sources.external_secret |
| Review-config state diff / webhook URL in state | Fix | No action required |
| Seven SQL review rules removed | Breaking | Remove the removed rule types (e.g. STATEMENT_MAXIMUM_LIMIT_VALUE) from your review config |

