Release history
bytebase releases
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
All releases
26 shown
3.17.1
New feature
Notable features
- TLS configuration from file path
- STATEMENT_DISALLOW_TRUNCATE rule for Oracle, PostgreSQL, MySQL, MSSQL
Full changelog
🎄 Enhancements
-
Instance TLS — Support reading TLS certificates from a configured file path, and redesign TLS configuration with Disabled / TLS / Mutual TLS options.
-
SQL Review — Add
STATEMENT_DISALLOW_TRUNCATErule for Oracle, PostgreSQL, MySQL, and MSSQL. ImproveSTATEMENT_WHERE_DISALLOW_FUNCTIONS_AND_CALCULATIONSto only flag functions and calculations on indexed columns, and extend it to Oracle and PostgreSQL.
🐞 Bug Fixes
-
Fix access/role grant issue approval showing a spurious "project not found" error toast.
-
Fix Test Connection on instance create dropping passwords resolved from AWS Secrets Manager and other external secret backends.
-
Oracle — Fix PL/SQL parser to accept expressions (e.g. DATE literals) in
CREATE TABLEpartition range bounds. -
MSSQL — Fix query span extraction for views whose WHERE clause contains a correlated
EXISTS/NOT EXISTSsubquery. -
Cassandra — Fix request context propagation in query span extraction.
https://github.com/bytebase/bytebase/compare/3.17.0...3.17.1
Before upgrading: 1) Back up the metadata — in-place downgrade is not supported. 2) Do not run multiple containers on the same data directory. 3) Terraform users: upgrade Bytebase server first, then apply the new Terraform config.
3.17.0
Breaking risk
Breaking changes
- Worksheet API scoped to projects: /v1/worksheets → /v1/projects/{id}/worksheets
- ListDatabases requires workspace ID: /v1/workspaces/{id}/databases
- CEL filter syntax: substring-search filters use contains() instead of matches()
Notable features
- High Availability (HA) with multi-replica deployments and shared PostgreSQL metadata database
- Page Agent in-app AI assistant with tool-calling and threaded conversations
- MCP query_database tool for executing SQL queries against managed databases
3.16.0
Breaking risk
Breaking changes
- Policy API: /v1/policies → /v1/workspaces/{id}/policies
- User API no longer handles service accounts/workload identities; User.user_type and UserType enum removed
- Workspace-scoped APIs require explicit workspace ID instead of workspaces/-
Notable features
- Just-In-Time (JIT) Data Access with approval rules and auto-expiring grants
- GitOps landing page with workload identity and CI/CD YAML generation
- Dynamic data masking for Elasticsearch and MongoDB
3.15.1
Bug fix
Notable features
- SQL Editor Read User role for read-only access
3.15.0
Breaking risk
Breaking changes
- Machine identities managed via dedicated ServiceAccountService and WorkloadIdentityService instead of User API
- IAM member prefixes: user:{email} → serviceAccount:{email} / workloadIdentity:{email}
- Service account/workload identity API endpoints: /v1/serviceAccounts → /v1/workspaces/-/serviceAccounts
Notable features
- Project-level Service Accounts and Workload Identities for isolated automation
- DDL/DML execution control via environment conditions in role grants
- MongoDB native driver with auto-complete and statement-type access control
3.14.1
Bug fix
Fixes transaction deadlock and SQL check bypass issues; improves multi-database masking performance.
3.14.0
Breaking risk
Breaking changes
- Plan and Rollout lifecycle separated: Plan for review, Rollout for deployment
- Rollout creation decoupled from issue creation with automatic/manual modes
- Webhook events changed to: ISSUE_CREATED, ISSUE_APPROVAL_REQUESTED, ISSUE_SENT_BACK, PIPELINE_FAILED, PIPELINE_COMPLETED
Notable features
- Refresh token support with configurable access/refresh token durations
- No approval required option in approval rules
- Workload Identity support with GitLab CI
3.13.0
Breaking risk
Breaking changes
- Approval flows defined directly via CEL expressions without intermediate risk definitions
- User identifiers changed: users/{id} → users/{email}
- MaskingException renamed to MaskingExemption; action field removed, member → members list
Notable features
- Workload Identity support with GitHub Actions integration
- MCP integration support
- Microsoft Teams direct messages support
3.12.2
Bug fix
Notable features
- SQL Server visualized EXPLAIN support in SQL Editor
Full changelog
🎄 Enhancements
- Enhance database and query permission checks.
- Improve selector performance with lazy loading for large workspaces.
- SQL Server - Add visualized EXPLAIN support in SQL Editor.
- Doris - Improve syntax compatibility.
🐞 Bug Fixes
- Prevent DML statements from being incorrectly wrapped in CTEs in SQL Editor.
- Fix popup handling for database change statements in SQL Editor.
- Improve and isolate SQL Editor state management across browser tabs.
- Format Cassandra, Spanner, and ClickHouse result data instead of showing raw protobuf.
https://github.com/bytebase/bytebase/compare/3.12.1...3.12.2
Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.
3.12.1
New feature
Notable features
- Stdout audit logger for log aggregation
- Nested folder organization for Worksheets
- Project-level data query policies
Full changelog
🚀 Features
- Add stdout audit logger for integration with log aggregation systems.
- Add folder-based organization to Worksheets, including:
- Nested folders with drag-and-drop reordering
- Inline actions (rename, star/unstar, sharing)
- Filters for worksheet types
- Add project-level data query policies (previously workspace-only).
- Support cross-account AWS IAM Authentication.
- PostgreSQL - Add AI-driven custom SDL review.
🔔 Notable changes
- Add TLS configuration support for Vault connections.
🎄 Enhancements
- Revamp issue search UI.
- Add GitOps Service Agent role for automated CI/CD workflows.
- PostgreSQL - Support SDL for materialized views, enum types, and extensions.
- BigQuery - Add dry-run support in SQL Editor to validate queries before execution.
https://github.com/bytebase/bytebase/compare/3.12.0...3.12.1
Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.
3.12.0
Breaking risk
Breaking changes
- APP_IM configuration format changed from nested object to settings array
- Removal of identity provider permissions from Workspace DBA role
- Removal of URL-based secret retrieval via URL template format
Notable features
- State-based GitOps workflow for PostgreSQL
- IdP-initiated SSO flow support
Full changelog
🚀 Features
- Add State-based GitOps workflow for PostgreSQL.
- Add support for IdP-initiated SSO flow.
🔔 Notable Changes
-
Remove identity provider permissions from the Workspace DBA role.
-
Remove support for URL-based secret retrieval via
URLtemplate format. -
Deprecate changelist feature.
-
Add character length limits to prevent overly long entries and ensure data consistency. Length limits applied:
- 200 characters: Titles and names (groups, issues, plans, projects, instances, users, etc.)
- 1,000 characters: Short descriptions (group descriptions, operation reasons for cancel/skip/restart tasks)
- 10,000 characters: Long descriptions (issue details, plan details)
- 65,536 characters: Comments and long-form text (issue comments)
-
Update
APP_IMconfiguration format in API and UI.Before:
{ "slack": { "enabled": true, "token": "xxx" }, "lark": { "enabled": true, ... }, "feishu": { "enabled": true, ... } }After:
{ "settings": [ { "type": "slack", "slack": { "token": "xxx" } }, { "type": "lark", "lark": {} } ] }
🎄 Enhancements
- Issue comment editor now supports searching and linking to other issues within the same project.
- Support data export for multi-statement queries in SQL Editor.
- Enhance SSO state management to align with OAuth 2.0 best practices.
- Add 5-minute expiration for MFA temporary tokens.
- Clarify label types with explicit naming: Project Labels, Issue Labels, Database Labels.
🐞 Bug Fixes
- Fix the role selector reverting SQL edits during edit mode when the issue poller runs.
- Fix the false positive
Primary Key missingerror during SQL Review when adding a PK in a separate statement for PostgreSQL.
https://github.com/bytebase/bytebase/compare/3.11.1...3.12.0
Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.
3.11.1
Breaking risk
Breaking changes
- Check() RPC removed
- SQL Review functionality removed from SQL Editor
- --check-plan option removed from bytebase-action rollout command
Notable features
- Apache Doris support for system views and functions in SQL Editor
- Inactive session timeout configuration
3.11.0
Breaking risk
Breaking changes
- Issue Creators and Last Issue Approvers can no longer roll out issues
- Risk levels changed from integers (100, 200, 300) to strings (LOW, MODERATE, HIGH)
- CEL attribute naming standardized with prefixes: resource.*, statement.*, request.*
Notable features
- Key-value instance labels support
- Configurable rollout requirements
- AWS Elasticsearch cross-account support
3.10.1
Breaking risk
Breaking changes
- Issue Creator and Last Issue Approver roles no longer appear in new environments
- Database label filter syntax changed to labels.region == "asia"
Notable features
- Project labels support (up to 64 key-value pairs)
- Improved Data Export issue page with flat task list
- Transaction mode switching in Plan
3.10.0
Mixed
Notable features
- Cassandra data masking support
- TLS certificate verification toggle for instances
- Gemini AI enabled automatically in Bytebase Cloud
3.9.2
Breaking risk
Breaking changes
- UpdateMask values in UpdatePolicy changed to field names only
Notable features
- Hard-delete support for projects and instances
- Adding/removing changes in draft plans
- One-click ready for review in approval workflow
3.9.1
Breaking risk
Breaking changes
- --pg flag removed (use PG_URL environment variable)
- --disable-metric flag replaced with workspace setting
- --disable-sample flag removed
Notable features
- Support importing database revisions from releases or local files
- Support reading PG_URL from file with hot-reload
- IAM authentication for AWS OpenSearch
3.9.0
New feature
New database CI/CD experience redesigned with dedicated tabs and multi-task rollback.
3.8.1
Breaking risk
Breaking changes
- default_expression, default_string, default_null removed from ColumnMetadata API - use unified default field
Notable features
- New database CI/CD experience available in preview
- Show masking reason for sensitive data in SQL Editor and audit log
3.7.1
New feature
Notable features
- All database change features free in Community Plan
- Documentation site overhaul with improved navigation and search
- SQL Editor statement-level highlighting
3.7.0
Breaking risk
Breaking changes
- Custom approval pricing changed: no longer instance-limited, now requires Enterprise subscription
- earliest_allowed_time removed from Plan; gh-ost/backup/SQL statement toggles moved from task to issue level
- API removals: steps and target from Plan, PreviewPlan RPC, BASELINE from ChangeDatabaseConfig
Notable features
- Batch data export from multiple databases or database groups
- Support for requesting any project roles
- CHECK constraint display in SQL Editor