> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Bytebase 3.20.0 - Jul 02, 2026

> Custom Theme

## 🔔 Notable Changes

* **CI/CD change issues now open on the Plan detail page** — Opening a CI/CD database-change issue (from the issue list, a link, or a notification) now takes you to the Plan detail page — where the review happens, with approval flow, activity, and comments inline — instead of the Issue detail page. Access-request and data-export issues still open on the Issue detail page, and existing issue links keep working (they redirect).

* **Cap the duration of access requests** — Admins can now enforce a maximum duration on access requests; a request can no longer exceed the workspace's configured cap. The workspace setting is renamed accordingly. See [Change Details](#access-request-expiration).

* **Export Center and data-export approval flow deprecated** — The standalone Export Center and the separate data-export approval flow are deprecated; data export is handled through the just-in-time data-export approval flow in the SQL Editor.

* **7 low-signal SQL review rules removed** — These rules only fired when the top-level statement was a `SELECT`, so they never applied to the DDL/DML change-review workflow. Existing review policies are cleaned automatically on upgrade. See [Change Details](#removed-sql-review-rules).

* **Terraform provider 3.20.0 required** — Upgrade the Bytebase server first, then move to provider 3.20.0. It covers this release's breaking changes: `EXPORT_DATA` deprecated in the approval flow; announcement `level` deprecated in favor of `theme`; the workspace maximum request-expiration field renamed; and environment and issue-label colors moved to the color protocol message. It also adds Vault `token_type` support and fixes review-config state-diff and webhook-URL-in-state handling. Remove the seven deleted SQL review rule types from your review configs. See [Change Details](#terraform-impact).

## 🚀 Features

* **Custom theme for SQL Editor and announcements** — Choose the SQL Editor color theme or define your own from Settings. Workspace announcements get the same treatment, with configurable background and text colors, replacing the deprecated announcement `level`.

* **Self-hosted** — GCP Cloud SQL IAM authentication for the external PostgreSQL metadata database. On GKE with Workload Identity, the metadata database connects to Cloud SQL via IAM authentication with no static password — over public IP, private IP, or Private Service Connect (PSC), with [Helm chart support](/get-started/self-host/deploy-with-kubernetes#deploy-with-helm). See [Metadata database IAM authentication](/get-started/self-host/external-postgres#gcp-cloud-sql-iam-authentication).

## 🎄 Enhancements

* **SQL parsing** — Improved Omni parser compatibility across multiple SQL engines, covering SQL Review, schema workflows, statement splitting, completion, and execution. For MariaDB specifically, the SQL Editor no longer flags valid MariaDB-only syntax as errors: sequences and `NEXT VALUE FOR`, `RETURNING` on INSERT/REPLACE/DELETE, system-versioned and application-time-period tables, parenthesized row constructors, and UUID/INET types.

* **Plan detail** — Consolidated plan-lifecycle actions in the header, which now shows the plan's primary "what's next" action (or current status) at every stage, plus a consolidated review-activity timeline.

* **gh-ost parameter configuration** — Restores the in-product editor for gh-ost online-migration flags (`max-load`, `chunk-size`, and more), so tuning no longer requires hand-writing the JSON directive.

* **Vault** — The HashiCorp Vault external-secret integration adds a `token_type` field: the token can be provided as `PLAIN`, `ENVIRONMENT` (environment variable), or `FILE`.

* Allow just-in-time requests for info-level permissions.

## 🐞 Bug Fixes

* **GitOps** — Fix release checks not populating risk levels, which made high-risk statements such as `DROP TABLE` show `None` in the GitHub Action check output.

* **Custom OAuth2 SSO** — Fix userinfo lookup failing against Oracle Cloud Infrastructure (OCI) IAM Identity Domains, which surfaced as a misleading JSON parse error.

* Fix the "Manually select" database picker freezing the browser on large deployments, by loading one page on open with a "Load more" affordance instead of draining every page at once.

* Fix the workspace title being uneditable on the setup page, and a missing project-scope feature check when listing database groups.

* **MySQL/MariaDB** — Fix schema sync over-fetching foreign-key and trigger metadata across databases, and use the MariaDB-native `CHECK_CONSTRAINTS` query.

* **gh-ost** — Trim a trailing semicolon so the attempt-instant-DDL path stays valid.

## 📃 Change Details

### Access Request Expiration

Access requests are now bounded by the workspace maximum expiration, and the workspace setting field is renamed.

| Change                  | Before                                                    | After                                               |
| ----------------------- | --------------------------------------------------------- | --------------------------------------------------- |
| Workspace setting field | `maximum_role_expiration_in_seconds`                      | `maximum_request_expiration_in_seconds`             |
| Behavior                | Requesters could set an expiration independent of the cap | Request duration is capped at the workspace maximum |

The existing value is carried to the new field automatically on upgrade.

### Removed SQL Review Rules

These 7 rules are removed — each only triggered on a top-level `SELECT` statement:

| Removed rule                         |
| ------------------------------------ |
| `STATEMENT_SELECT_FULL_TABLE_SCAN`   |
| `STATEMENT_QUERY_MINIMUM_PLAN_LEVEL` |
| `STATEMENT_DISALLOW_USING_FILESORT`  |
| `STATEMENT_DISALLOW_USING_TEMPORARY` |
| `STATEMENT_MAXIMUM_JOIN_TABLE_COUNT` |
| `STATEMENT_JOIN_STRICT_COLUMN_ATTRS` |
| `STATEMENT_MAXIMUM_LIMIT_VALUE`      |

Stored review policies are cleaned automatically on upgrade, so existing configurations continue to load. Rules that also cover DML or VIEW statements are intentionally kept.

### Terraform Impact

Move to `terraform-provider-bytebase` 3.20.0 after upgrading the server. See [Migration Guide](https://github.com/bytebase/terraform-provider-bytebase/blob/main/migration/3.20.0.md).

| Change                                                             | Type     | Action                                                                                                        |
| ------------------------------------------------------------------ | -------- | ------------------------------------------------------------------------------------------------------------- |
| `EXPORT_DATA` approval source deprecated                           | Breaking | Remove `EXPORT_DATA` from approval-flow config; use the JIT data-export flow                                  |
| Announcement `level` → `theme`                                     | Breaking | Replace `level` with `theme` (`background` / `text`) under `workspace_profile.announcement`                   |
| Maximum request-expiration field renamed                           | Breaking | Rename `maximum_role_expiration_in_seconds` to `maximum_request_expiration_in_seconds` in `workspace_profile` |
| Environment and issue-label colors moved to color protocol message | Breaking | Update color values to the new color message representation                                                   |
| Vault `token_type`                                                 | Feature  | Optionally set `PLAIN`, `ENVIRONMENT`, or `FILE` in `data_sources.external_secret`                            |
| Review-config state diff / webhook URL in state                    | Fix      | No action required                                                                                            |
| Seven SQL review rules removed                                     | Breaking | Remove the removed rule types (e.g. `STATEMENT_MAXIMUM_LIMIT_VALUE`) from your review config                  |

## ⚙️ Install and Upgrade

* [Fresh install](/get-started/self-host/deploy-with-docker)

* [Upgrade](/get-started/self-host/upgrade)

*Before upgrading: 1) Back up the [metadata](https://www.bytebase.com/docs/administration/back-up-restore-metadata/) — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.*
