Skip to content

Releases: bytebase/bytebase

Release 3.20.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 15:01
dcc03f7

🔔 Notable Changes

  • Export Center and data-export approval flow deprecated — The standalone Export Center and the separate data-export approval flow are deprecated; data export is handled through the just-in-time data-export approval flow in the SQL Editor.

  • 7 low-signal SELECT-only SQL review rules removed — These rules only ever fired on SELECT, and served no purpose in the DDL/DML change-review workflow. Stored review policies are cleaned automatically on upgrade, so existing configurations keep working. See Change Details.

  • Terraform provider 3.20.0 required — Upgrade the Bytebase server first, then move to provider 3.20.0. It covers this release's breaking changes: EXPORT_DATA deprecated in the approval flow; announcement level deprecated in favor of theme; the workspace maximum request-expiration field renamed; and environment and issue-label colors moved to the color protocol message. It also adds Vault token_type support and fixes review-config state-diff and webhook-URL-in-state handling. Remove the seven deleted SQL review rule types from your review configs. See Change Details.

🚀 Features

  • Access requests always use the maximum expiration cap — Requesting access no longer lets a user pick a longer window than the workspace allows; the request duration is bounded by the configured maximum. The workspace setting is renamed accordingly. See Change Details

  • Custom theme for SQL Editor and announcements — Choose the SQL Editor color theme or define your own from Settings. Workspace announcements get the same treatment, with configurable background and text colors, replacing the deprecated announcement level.

  • Workspace announcement theme — The announcement level field is deprecated; announcements now take an explicit theme with configurable background and text colors.

  • Self-hosted — GCP Cloud SQL IAM authentication for the external PostgreSQL metadata database. On GKE with Workload Identity, the metadata database connects to Cloud SQL via IAM authentication with no static password, with Helm chart and high-availability documentation.

🎄 Enhancements

  • Plan detail — Consolidated plan-lifecycle actions in the header, which now shows the plan's primary "what's next" action (or current status) at every stage; relative times reveal their absolute timestamp on hover across the app; plus editing targets beside the title, adding a change from the changes tab strip, a consolidated review-activity timeline, the matched approval-flow title on the AIO page, and skipped-task reasons.

  • SQL parsing — Improved Omni parser compatibility across multiple SQL engines, covering SQL Review, schema workflows, statement splitting, completion, and execution. For MariaDB specifically, the SQL Editor no longer flags valid MariaDB-only syntax as errors: sequences and NEXT VALUE FOR, RETURNING on INSERT/REPLACE/DELETE, system-versioned and application-time-period tables, parenthesized row constructors, and UUID/INET types.

  • Vault — The HashiCorp Vault external-secret integration adds a token_type field: the token can be provided as PLAIN, ENVIRONMENT (environment variable), or FILE.

🐞 Bug Fixes

  • GitOps — Fix release checks not populating risk levels, which made high-risk statements such as DROP TABLE show None in the GitHub Action check output.

  • Custom OAuth2 SSO — Fix userinfo lookup failing against Oracle Cloud Infrastructure (OCI) IAM Identity Domains, which surfaced as a misleading JSON parse error.

  • Fix the "Manually select" database picker freezing the browser on large deployments, by loading one page on open with a "Load more" affordance instead of draining every page at once.

  • Fix the workspace title being uneditable on the setup page, and a missing project-scope feature check when listing database groups.

  • MySQL/MariaDB — Fix schema sync over-fetching foreign-key and trigger metadata across databases, and use the MariaDB-native CHECK_CONSTRAINTS query.

  • gh-ost — Trim a trailing semicolon so the attempt-instant-DDL path stays valid.

📃 Change Details

Access Request Expiration

Access requests are now bounded by the workspace maximum expiration, and the workspace setting field is renamed.

Change Before After
Workspace setting field maximum_role_expiration_in_seconds maximum_request_expiration_in_seconds
Behavior Requesters could set an expiration independent of the cap Request duration is capped at the workspace maximum

The existing value is carried to the new field automatically on upgrade.

Removed SQL Review Rules

These 7 SELECT-only review rules are removed:

Removed rule
STATEMENT_SELECT_FULL_TABLE_SCAN
STATEMENT_QUERY_MINIMUM_PLAN_LEVEL
STATEMENT_DISALLOW_USING_FILESORT
STATEMENT_DISALLOW_USING_TEMPORARY
STATEMENT_MAXIMUM_JOIN_TABLE_COUNT
STATEMENT_JOIN_STRICT_COLUMN_ATTRS
STATEMENT_MAXIMUM_LIMIT_VALUE

Stored review policies are cleaned automatically on upgrade, so existing configurations continue to load. Rules that also cover DML or VIEW statements are intentionally kept.

Terraform Impact

Move to terraform-provider-bytebase 3.20.0 after upgrading the server.

Change Type Action
EXPORT_DATA approval source deprecated Breaking Remove EXPORT_DATA from approval-flow config; use the JIT data-export flow
Announcement leveltheme Breaking Replace level with theme (background / text) under workspace_profile.announcement
Maximum request-expiration field renamed Breaking Rename maximum_role_expiration_in_seconds to maximum_request_expiration_in_seconds in workspace_profile
Environment and issue-label colors moved to color protocol message Breaking Update color values to the new color message representation
Vault token_type Feature Optionally set PLAIN, ENVIRONMENT, or FILE in data_sources.external_secret
Review-config state diff / webhook URL in state Fix No action required
Seven SQL review rules removed Breaking Remove the removed rule types (e.g. STATEMENT_MAXIMUM_LIMIT_VALUE) from your review config

3.19.1...3.20.0

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.

Release 3.19.1

Choose a tag to compare

@github-actions github-actions released this 18 Jun 14:08
746c44b

🎄 Enhancements

  • Plan review on the plan detail page — A unified Review section now lives directly on the plan detail page: approval flow, activity timeline, and rejection banner.
  • SQL Editor query history — Query history is reworked, and any history item now has a direct, shareable URL that reopens its exact statement and database connection.
  • Faster large SQL scripts and reviews — Splitting, DML transform, statement-range mapping, and SQL review now scale linearly on large multi-statement scripts, reducing the processing time of a 100k-line-SQL-statement by 98% (from 22s to 0.45s).
  • StarRocks — Dedicated StarRocks parser support: stops false syntax errors on StarRocks-specific DDL/DML (generated columns, async materialized views, INSERT OVERWRITE, CTE-prefixed DELETE/UPDATE), adds query lineage, and syncs StarRocks materialized views.
  • Consistent date & time picker — All date/time controls (run-task scheduler, role/permission expiration, time-range filters) now use one styled, app-themed picker; the whole field opens the picker, and custom expiration times are available again.

🐞 Bug Fixes

  • Fix table- and schema-scoped bb.sql.ddl / bb.sql.dml grants being silently denied for writes in the SQL Editor — such grants are now honored per write-target table.
  • PostgreSQL — Fix SQL Editor crash when a query returns a timestamp outside the supported range, and make metadata sync read columns and foreign tables from pg_catalog so privilege filtering can no longer hide them, producing valid, replayable schema dumps.
  • MySQL — Fix Sync Schema reporting false-positive diffs between identical databases (a regression from 3.17.0), and produce valid SQL for CHECK constraints and stored-routine headers in schema dumps.
  • MSSQL — Fix SQL Editor failing to resolve columns of an encrypted or otherwise unparseable view by falling back to synced column metadata.
  • Fix the instance Databases tab resetting to the first page after clicking Load more, and missing-license feedback when adding a read-only connection to an unlicensed instance.
  • Fix SQL review rules with required list values failing to save with an InvalidArgument error when no values were added.
  • Fix GitOps release checks reporting a None risk level — per-result and aggregate risk levels are now reported correctly in bytebase-action output.
  • DingTalk — Fix direct-message webhook notifications failing to resolve recipients when their phone numbers were not populated.

3.19.0...3.19.1

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.

Release 3.19.0

Choose a tag to compare

@github-actions github-actions released this 05 Jun 15:37
770d941

🔔 Notable Changes

  • Just-in-time data export - Users can now request just-in-time data export access in the SQL editor and go through the approval workflow to export. Your existing data-export approval rules are migrated to the just-in-time approval flow. Please review and update the ordering of migrated rules according to the instruction on top of the Custom Approval page. See Details.

  • Terraform - Just-in-time data export flows through REQUEST_ACCESS approval, please add data-export rules (request.data_export == true) under the REQUEST_ACCESS source in your Terraform configuration - otherwise the next terraform apply will drop the auto-backfilled rules and JIT exports skip approval.

  • Active VCS user tracking for GitOps — Non-bot PR/MR authors seen by bytebase-release workflows on GitHub, GitLab, and Bitbucket now count as active VCS users over a 90-day window and are enforced against the license user limit. Track usage and download the user list as CSV from the Subscription page.

  • bytebase-action enforces the version compatibility windowbytebase-action check and bytebase-action rollout now fail with an error (previously a warning) when the action version is too far from the server version. Pin your CI to a compatible action version, or use the cloud tag on Bytebase Cloud. See Change Details.

🎄 Enhancements

  • MySQL — Improve gh-ost prerequisite validation messages by distinguishing inaccessible binlog status, disabled binary logging, missing replication privileges, unsupported binlog format, and validation query failures.

  • SQL Editor — Saving an untitled worksheet now prompts for a title, and searching the result panel indicates when nothing matches.

🐞 Bug Fixes

  • SQL Editor — Fixed query execution and admin mode being blocked when opening the editor from a database page, along with several smaller UI fixes. Local editor state is now scoped per workspace on Bytebase Cloud.

  • Restore the custom expiration time option when granting project roles, honoring the workspace maximum role expiration cap.

  • Fix AI assistant compatibility with GPT-5-style models by omitting unsupported request parameters.

  • Fix hosted MCP clients (claude.ai web, ChatGPT, VS Code for the Web) being rejected during OAuth dynamic client registration on self-hosted instances. Callbacks are pinned to exact vendor hosts, so arbitrary https:// redirects remain blocked.

  • Self-hosted (Helm) — Chart 1.1.3 restores bytebase.version as the single image knob; non-Azure deployments no longer silently resolve to the latest image.

  • Spanner — Fix SQL Editor queries failing with "disallowed query type" in normal mode.

  • Doris/StarRocks — Fix window functions inside a CTE body failing to parse in the SQL Editor.

  • TiDB — Fix prior-backup rollback for alias-target multi-table DELETE, cyclic view references crashing query analysis, and advisor line numbers for statements separated by blank lines.

📃 Change Details

bytebase-action Compatibility Window

bytebase-action check and bytebase-action rollout now fail with an error when the action/CLI version falls outside the supported compatibility window of the target Bytebase server (previously a warning).

Deployment Compatibility requirement
Bytebase Cloud Dated action versions (cloud-YYYYMMDD) within the last 7 days; use the cloud action tag to stay current
Self-hosted Same major version, within a 2-minor-version window of the server
Version relationship Behavior
Exact match Success log
Within window, mismatched Warn and continue (unchanged)
Outside window Error — command exits non-zero (new)

Action required: pin your CI to an action version within the window of your server version (self-hosted), or use the cloud tag (Cloud).

3.18.1...3.19.0

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.

Release 3.18.1

Choose a tag to compare

@github-actions github-actions released this 01 Jun 09:35
a247a09

🎄 Enhancements

  • Plan detail page improvements.

    • Refreshed layout. Cleaner layout with at-a-glance plan-check status across all specs and consistent database-target display through every phase.
    • Release-backed plan flow simplified. Release-backed (GitOps) plans now show only two phases — CHANGES and DEPLOY — with minor UI refinements throughout.
  • SaaS: MCP discovery works against Bytebase Cloud. MCP clients (Claude Code, Cursor, etc.) can now complete the OAuth flow against cloud.bytebase.com without manual configuration.

  • PostgreSQL — Compatible with pgbouncer transaction pooling (statement cache disabled) and PostgreSQL 18 (built-ins like uuidv7() and 80+ others are recognized by SQL analysis and schema diff).

  • TiDB — DML rollback / prior-backup preview now works. Queries against columns added out-of-band trigger the standard metadata-resync-and-retry path (matching MySQL / PostgreSQL).

  • gh-ost migrations honor the configured data-source SSH tunnel for both the MySQL connection and the binlog reader.

  • Query data source — Non-read-only automatic SQL Editor queries now use the admin data source when the query data policy allows it. Read-only queries are unaffected.

  • Demo mode removed. The --demo server flag has been removed. This mode was for internal demos (it loads a baked-in SQL dump and a sample admin) and was never intended for production use — if you have --demo in your startup script, drop it and configure instances and users normally.

🐞 Bug Fixes

  • Workload identities are distinguished from service accounts in the members table, and the graphical CEL expression editor is restored for project member role grants.

  • Large target sets in the issue / plan target overflow view no longer freeze or mis-render.

  • The plan list creator filter actually returns users now, and the review badge ("Bypassed" / "Under Review") reads consistently with plan detail.

  • PostgreSQL — Multi-host failover honors Bytebase's configured TLS material on every host, not just the primary.

  • The Sync Database success toast renders the actual database name instead of the literal {{name}} placeholder.

🏗️ Terraform Update

  • Terraform provider 3.18.1 required — Marks the webhook URL as write-only and adds APP_IM support to bytebase_setting. See Migration Guide.

3.18.0...3.18.1

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.

Release 3.18.0

Choose a tag to compare

@github-actions github-actions released this 14 May 14:17
dd181a2

☁️ Bytebase Cloud Upgrade

Bytebase Cloud is now a true multi-tenant SaaS.

  • One account, many workspaces — with a workspace switcher and self-serve leave/delete.
  • Passwordless sign-in by email code (no more passwords in Cloud).
  • Global SSO — sign in with Google, GitHub, or your org's IdP without picking a workspace first.
  • Self-serve subscription plan upgrade and cancel from inside the app.
  • Pro plan: unlimited user seats available, billed per user.

🔔 Other Notable Changes

  • Plan edits surfaced in issue activity — Plan edits now appear in the issue activity feed for approver visibility.

  • API breaking changesrequire_2farequire_mfa, plan_spec_updateplan_update (restructured payload), and Issue.ApprovalStatus moved to top-level. See Change Details.

  • Terraform provider 3.18.0 required — Adds write-only sensitive fields and a provider-level custom_header block. Requires Terraform CLI 1.11+. See Migration Guide.

🚀 Features

  • AWS RDS IAM auth for the Bytebase metadata database — Authenticate the metadata PostgreSQL via AWS RDS IAM tokens.

  • Google Chat webhook integration — Add Google Chat as a project webhook destination.

  • MariaDB — Support DML rollback / prior-backup, matching MySQL behavior.

  • CosmosDB — Support cross-partition queries.

🎄 Enhancements

  • Bytebase Action - Add --custom-header flag for header-based access proxies in CI/CD pipelines.

  • Issues stuck in CHECKING can be retried via a new RetryIssueApproval API.

  • Improve SQL analysis reliability across PostgreSQL, MySQL, and MSSQL for advisor rules, query span, completion, and schema diff.

  • Improve PostgreSQL and CockroachDB metadata-backed schema diff reliability.

  • Show gh-ost start/end events in task run logs.

  • Show DDL/DML environment warnings across role grant, role request, and issue creation flows.

  • Show expired roles inline in the members table and member detail panel.

  • Show database group titles in plan selectors and human-readable instance/database names in member-role scopes.

  • Whitelist redirect URIs in OAuth dynamic client registration.

  • Restore audit logs for Login / Signup / ExchangeToken; add audit events for retry approval and email-code / password-reset paths.

  • Default the SQL Editor query role to the least-privileged SQL select role.

  • Improve the SQL statement matching for JIT access grants.

  • TiDB — Support extra DataSource connection parameters, including connection packet compression.

  • TiDB — SQL Editor Ctrl+Enter now runs the cursor statement, matching MySQL / PostgreSQL behavior.

  • ClickHouseAggregateFunction(...) errors from SELECT * now suggest using -Merge + GROUP BY or finalizeAggregation().

🐞 Bug Fixes

  • Fix multi-change plans targeting the same database group being rejected.

  • Fix PIPELINE_COMPLETED webhook event missing when failed tasks are skipped.

  • Fix per-sheet plan check summary preservation during approval checks.

  • PostgreSQL — Fix query span bugs affecting masking and query analysis.

  • Databricks — Apply user-selected row limit to SQL Editor queries.

📃 Change Details

API Breaking Changes

1. require_2fa renamed to require_mfa

The field on WorkspaceProfileSetting reflects the broader MFA scope (no longer 2FA-only).

Field Before After
WorkspaceProfileSetting.require_2fa require_2fa (bool) require_mfa (bool)

Affected routes: any caller updating workspace profile settings via SettingService.UpdateSetting writing WorkspaceProfileSetting. Update references in your config or IaC.

2. IssueComment.plan_spec_update renamed to plan_update

The per-spec event (single sheet replacement) is replaced by a before/after snapshot of Plan.Spec[], so the comment carries the full diff of every plan spec change in one event.

Field Before After
IssueComment.plan_spec_updatePlanSpecUpdate { spec, from_sheet, to_sheet } (single spec/sheet change) IssueComment.plan_updatePlanUpdate { from_specs, to_specs } (repeated Plan.Spec)

Affected routes: any consumer of IssueService.ListIssueComments or issue activity events that previously read plan_spec_update. Update to read plan_update.from_specs / to_specs.

3. Issue.ApprovalStatus moved to top-level ApprovalStatus

Nested enum Issue.ApprovalStatus is removed; the same enum now lives at the top level in common.proto and is referenced by both Issue.approval_status and Plan.approval_status. Enum values and ordinals are unchanged (CHECKING=1, PENDING=2, APPROVED=3, REJECTED=4, SKIPPED=5).

Type Before After
Enum location bytebase.v1.Issue.ApprovalStatus bytebase.v1.ApprovalStatus

Affected routes: clients that referenced the nested enum type by name (for example, generated Go or TS types). Update imports or type references; wire format is unchanged.

3.17.1...3.18.0

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.

Release 3.17.1

Choose a tag to compare

@github-actions github-actions released this 23 Apr 09:08
e87f06a

🎄 Enhancements

  • Instance TLS — Support reading TLS certificates from a configured file path, and redesign TLS configuration with Disabled / TLS / Mutual TLS options.

  • SQL Review — Add STATEMENT_DISALLOW_TRUNCATE rule for Oracle, PostgreSQL, MySQL, and MSSQL. Improve STATEMENT_WHERE_DISALLOW_FUNCTIONS_AND_CALCULATIONS to only flag functions and calculations on indexed columns, and extend it to Oracle and PostgreSQL.

🐞 Bug Fixes

  • Fix access/role grant issue approval showing a spurious "project not found" error toast.

  • Fix Test Connection on instance create dropping passwords resolved from AWS Secrets Manager and other external secret backends.

  • Oracle — Fix PL/SQL parser to accept expressions (e.g. DATE literals) in CREATE TABLE partition range bounds.

  • MSSQL — Fix query span extraction for views whose WHERE clause contains a correlated EXISTS / NOT EXISTS subquery.

  • Cassandra — Fix request context propagation in query span extraction.

3.17.0...3.17.1

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.

Release 3.17.0

Choose a tag to compare

@github-actions github-actions released this 09 Apr 14:53
79dd009

🔔 Notable Changes

  • Unified Plan lifecycle view — the Plan detail page shows the full lifecycle of a database change, giving developers one place to follow a change from draft to deployment.

    • The three phases of a database change — change, review, deploy — are shown in sections, allowing developers to edit change, view approval result, and execute deployment in this single page.
    • Issue page is now dedicated primarily for review and approval. Developers will need to go to the plan page to edit changes and create a rollout when needed.
  • API breaking changes — Worksheet API moves to project scope (/v1/projects/{id}/worksheets), ListDatabases now requires workspace ID (/v1/workspaces/{id}/databases), branding_logo moves from workspace profile setting to workspace message, GRANT_REQUEST issue type renamed to ROLE_GRANT, UpdateSubscription API deprecated in favor of UploadLicense, and classification description and level description fields removed with level type changed from string to number. See Change Details.

  • CEL filter syntax change — Substring-search filters now use contains() instead of matches() across plan, database, instance, project, group, user, service account, workload identity, query history, access grant, and database metadata table filters. See Change Details.

  • Read-only data source consolidation — Each instance now allows at most one read-only data source. If more than one is configured, only the first is kept after migration; extra read-only data sources are removed.

  • Remove Pro plan 20-user seat cap — Pro plan no longer has a user limit.

  • Terraform provider — Updated for 3.17.0 API breaking changes. Supports get, create, update, and list identity providers. See Migration Guide.

🚀 Features

  • High Availability (HA) — Support licensed multi-replica deployments backed by a shared external PostgreSQL metadata database. Active replicas are tracked via heartbeats, and background runners coordinate safely across replicas.

  • Page Agent — Add an in-app AI assistant with tool-calling, threaded resumable conversations, DOM-aware autocomplete, and token usage tracking.

  • Issue Approved webhook event — Support a new webhook event type for issue approval, with redesigned Slack message format.

  • MCP query_database tool — Add a new MCP tool for executing SQL queries against managed databases with automatic database resolution.

  • CosmosDB — Support local emulator connection and dynamic data masking for all 13 query feature areas.

🎄 Enhancements

  • Support executing stored procedures (CALL / EXEC) in SQL Editor by classifying stored procedure execution as DML.

  • Support issue type filter in advanced search (Database Change, Role Grant, Database Export, Access Grant).

  • Replace data classification file upload with an inline JSON editor and enhance the data classification editor.

  • Support masking exemption by classification level, and redesign masking exemption list page.

  • Redesign data export creation UI.

  • Migrate the frontend from Vue to React across all major pages including settings, projects, databases, instances, plans, issues, and audit logs.

  • Upgrade SQL parsing engine for PostgreSQL, MySQL, MongoDB, and CosmosDB from ANTLR to omni parser, improving SQL syntax coverage, consistency across SQL review / schema diff / auto-completion, and error message quality.

  • Add configurable --timeout flag for bytebase-action for large SQL checks.

  • Expose --enable-json-logging flag in the Helm chart for structured log output.

🐞 Bug Fixes

  • Fix false schema diff noise caused by PostgreSQL trigger ordering and CRLF / whitespace normalization.

  • Fix SQL editor metadata sync retry flood.

  • Fix OAuth discovery to return usable URLs in self-hosted mode.

  • Fix stale debounced query reverts in advanced search.

  • Fix gh-ost directives in migration-based GitOps workflow.

  • PostgreSQL — Fix CRLF line endings causing query truncation in SQL splitter, schema load failure by excluding aggregates from function sync, array subscript handling in column reference normalization, whitespace between LIMIT and FOR UPDATE clause, and nested SELECTs in wrapper statements and CTEs for SQL review.

  • MySQL — Fix unqualified SET columns in prior backup for UPDATE JOIN, missing multiStatements param in IAM auth DSN, and role sync for anonymous users.

  • TiDB — Remove non-transaction statement handling.

  • Oracle — Strip trailing null bytes from schema definitions.

📃 Change Details

API Breaking Changes

1. Worksheet API moves to project scope:

Method Before After
List /v1/worksheets /v1/{parent=projects/*}/worksheets
Get /v1/{name=worksheets/*} /v1/{name=projects/*/worksheets/*}
Create /v1/worksheets /v1/{parent=projects/*}/worksheets
Update /v1/{worksheet.name=worksheets/*} /v1/{worksheet.name=projects/*/worksheets/*}
Delete /v1/{name=worksheets/*} /v1/{name=projects/*/worksheets/*}

2. APIs that no longer accept workspaces/- (must use workspaces/{id}):

Service Affected Operations
DatabaseService ListDatabases

3. Other breaking changes:

Change Affected Routes Details
Branding logo GET/PATCH /v1/workspaces/{id} branding_logo removed from workspace profile setting; use logo field on workspace message
Issue type enum POST /v1/{parent=projects/*}/issues, GET /v1/{parent=projects/*}/issues, POST /v1/{parent=projects/*}/issues:search GRANT_REQUEST renamed to ROLE_GRANT
Subscription API PATCH /v1/subscription Deprecated; use PATCH /v1/subscription/license (UploadLicense)
Data source ID POST /v1/{name=instances/*/databases/*}:query, POST /v1/{name=instances/*/databases/*}:export data_source_id auto-resolved server-side; at most one read-only data source per instance (extra removed during migration)
Classification level GET/PATCH /v1/settings/{name}, POST /v1/queryHistories:search Level type changed from string to int; description field removed

CEL Filter Syntax Change

Substring-search CEL filters now use contains() instead of matches(). Existing clients that send filters such as title.matches("..."), name.matches("..."), resource_id.matches("..."), email.matches("..."), host.matches("..."), port.matches("..."), statement.matches("..."), query.matches("..."), or table.matches("...") must switch to the corresponding contains() form.

This applies to plan, database, instance, project, group, user, service account, workload identity, query history, access grant, and database metadata table filters.

3.16.1...3.17.0

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.

Release 3.16.1

Choose a tag to compare

@github-actions github-actions released this 26 Mar 08:38
924d293

🎄 Enhancements

  • Change issue approval status label from "Done" to "Approved" for clarity.

  • Add fast-follow refresh mode so rollout status updates more quickly after user actions.

  • CosmosDB — Support more query syntax in SQL editor.

🐞 Bug Fixes

  • Fix internal error after login caused by InputOtp null check regression.

  • Fix popover dismissing when interacting with label selector during plan/issue creation.

  • Fix invalid issue type filter in Export Center.

  • Fix webhook detail page broken by UUID resource_id migration.

  • Harden 3.16 upgrade migration scripts to be idempotent and handle edge cases.

  • PostgreSQL — Fix schema dump incorrectly including pg_bitmapindex system schema.

3.16.0...3.16.1

Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.

Release 3.16.0

Choose a tag to compare

@github-actions github-actions released this 12 Mar 10:47
c8ccd58

🔔 Notable Changes

  • Workspace API breaking changes - Policy API: /v1/policies/v1/workspaces/{id}/policies. All workspace-scoped APIs now require explicit workspace ID instead of /v1/workspaces/-. See change details at the bottom.

  • User API breaking changes - Decouple identity types and migrate Service Accounts and Workload Identities into separate data models. The unified User API no longer handles these identity types; User.user_type and UserType enum are removed. See change details at the bottom.

  • Legacy service account email migration - Legacy emails with {name}@service.bytebase.com and {name}@{project}.service.bytebase.com are auto-migrated. Use the dedicated Service Account and Workload Identity services introduced in 3.15.0.

  • Resource ID migration - Several API resource IDs migrate from sequential integers to opaque UUID strings (revision, changelog, issue comment, project webhook). Previously bookmarked integer IDs will no longer work. See change details at the bottom.

  • Non-release database migrations now run in parallel; only release-based migrations remain sequential per database.

  • Terraform provider 3.16.1 required - Covers workspace policy API changes, UserType removal, resource ID migration, and JIT approval flow. See Migration Guide

🚀 Features

  • Just-In-Time (JIT) Data Access - Users without database access can request approval to execute a specific read-only query. Enable JIT in project settings and configure approval rules with the new REQUEST_ACCESS source type. Once approved, the grant is scoped to that query and auto-expires after the configured duration.

  • Add GitOps landing page with guided setup for workload identity selection and CI/CD YAML generation.

  • Elasticsearch & MongoDB - Support dynamic data masking. Masking is configured per-collection through the Catalog using objectSchema (not the column-based configuration used by relational databases). Global masking rules and masking exemption are not supported for document databases at this time.

🎄 Enhancements

  • Redesign issue list with streamlined layout and improved information density. Support sorting by created/updated time, all approval status options (Checking, Pending, Approved, Rejected, Skipped) in advanced search filter, and more prominent approval status in issue detail.

  • Standardize timestamp display to relative time with absolute time tooltip.

  • Redesign Create Instance page as a full-page layout.

  • Support access-token authentication for Bytebase Action, enabling CI/CD pipelines to authenticate to Bytebase via workload identity federation.

  • Add pre-execution drift validation that detects schema changes before executing stale tasks.

  • Support copying the entire query result in SQL Editor.

  • Update default AI model placeholders to current-generation models (GPT-4o, Gemini 2.5 Flash, Claude Sonnet 4).

  • MongoDB & Elasticsearch - Preview query results in document view or table view. Live syntax checking and auto-complete in SQL Editor.

  • BigQuery & Spanner - Support Workload Identity Federation credentials for non-GCP hosted Bytebase.

  • Oracle - Add ROW STORE COMPRESS syntax support.

  • PostgreSQL - Support search_path resolution via current user in schema

  • PostgreSQL & Oracle - Improve schema sync accuracy.

🐞 Bug Fixes

  • Fix issues incorrectly moved to DONE by migration 3.14/0034.

  • Skip databases without environments during task creation.

  • Classify CALL/EXEC stored procedure statements as DML to allow execution in SQL Editor.

  • MariaDB - Fix SQL review plan check not blocking rollout on ERROR-level violations.

  • MSSQL - Fix error messages missing line number when rolling out multiple statements.

  • Oracle - Fix UTF-8 encoding issues in comment fields during schema sync.

  • TiDB - Fix DROP INDEX IF EXISTS walk-through, CHECK_CONSTRAINTS query compatibility for TiDB < 7.4.0, and SQL export resource extraction.
    3.15.1...3.16.0

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

📃 Change Details

Workspace API Breaking Changes

1. Policy API path changes (workspace-level policies only):

Method Before After
Get /v1/{name=policies/*} /v1/{name=workspaces/*/policies/*}
List /v1/policies /v1/{parent=workspaces/*}/policies
Create /v1/policies /v1/{parent=workspaces/*}/policies
Update /v1/{policy.name=policies/*} /v1/{policy.name=workspaces/*/policies/*}
Delete /v1/{name=policies/*} /v1/{name=workspaces/*/policies/*}

Environment, instance, and database-level policy bindings are unchanged.

2. APIs that no longer accept workspaces/- (must use workspaces/{id}):

Service Affected Operations
ServiceAccountService CreateServiceAccount, ListServiceAccounts
WorkloadIdentityService CreateWorkloadIdentity, ListWorkloadIdentities
DatabaseService ListDatabases
WorkspaceService GetIamPolicy, SetIamPolicy

User API Breaking Changes

Change Details
User.user_type field removed Reserved field 5. Use dedicated Service Account / Workload Identity services.
UserType enum removed Deleted from user_service.proto.
WorkloadIdentityConfig moved From User message to workload_identity_service.proto.
ActuatorInfo.user_stats removed Replaced with int32 activated_user_count.
CreateUser behavior Only creates end users. Service accounts / workload identities must use their dedicated services.
ListUsers behavior Only returns end users.

Resource ID Migration

Resource IDs in the following API resource names change from sequential integers to UUID strings:

Resource Resource Name Pattern ID Format Change
Revision instances/{id}/databases/{db}/revisions/{id} integer → UUID
Changelog instances/{id}/databases/{db}/changelogs/{id} integer → UUID
Issue Comment projects/{id}/issues/{uid}/issueComments/{id} integer → UUID
Project Webhook projects/{id}/webhooks/{id} integer → UUID

Existing records receive randomly generated UUIDs during migration. Any previously bookmarked or cached integer IDs will stop working.

Release 3.15.1

Choose a tag to compare

@github-actions github-actions released this 26 Feb 12:03
354f68f

🎄 Enhancements

  • Add SQL Editor Read User role for read-only SQL Editor access (SELECT, EXPLAIN, INFO — no DDL/DML).

  • Enforce bb.issues.update permission requirement to edit issues, even for issue creators.

🐞 Bug Fixes

  • Fix DDL/DML error modal not showing.

  • Fix REST API GetSchemaString endpoint returning parse error.

  • Fix SQL Editor double-click-drag word selection in reverse direction.

  • PostgreSQL — Fix schema dump losing overloaded functions and missing quotes for CamelCase columns in index/constraint DDL.

3.15.0...3.15.1

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.