What's New in v24.3

On this page Carat arrow pointing down

CockroachDB v24.3 is a required Regular Release.

Refer to Major release types before installing or upgrading for release timing and support details. To learn what’s new in this release, refer to its Feature Highlights.

On this page, you can read about changes and find downloads for all production and testing releases of CockroachDB v24.3

Get future release notes emailed to you:


Release Date: March 1, 2025



Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.7.linux-amd64.tgz
ARM cockroach-v24.3.7.linux-arm64.tgz
Intel cockroach-v24.3.7.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.7.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.7.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach:v24.3.7

Source tag

To view or download the source code for CockroachDB v24.3.7 on Github, visit v24.3.7 source tag.


View a detailed changelog on GitHub: v24.3.6...v24.3.7

SQL language changes

  • The optimizer_prefer_bounded_cardinality session setting has been added which instructs the optimizer to prefer query plans where every expression has a guaranteed upper-bound on the number of rows it will process. This may help the optimizer produce better query plans in some cases. This setting is disabled by default. #140998
  • The optimizer_prefer_bounded_cardinality session setting has been added which instructs the optimizer to prefer query plans where every expression has a guaranteed upper-bound on the number of rows it will process. This may help the optimizer produce better query plans in some cases. This setting is disabled by default. #140255
  • The optimizer_min_row_count session setting has been added which sets a lower bound on row count estimates for relational expressions during query planning. A value of zero, which is the default, indicates no lower bound. Note that if this is set to a value greater than zero, a row count of zero can still be estimated for expressions with a cardinality of zero, e.g., for a contradictory filter. Setting this to a value higher than 0, such as 1, may yield better query plans in some cases, such as when statistics are frequently stale and inaccurate. #140255
  • The optimizer_min_row_count session setting has been added which sets a lower bound on row count estimates for relational expressions during query planning. A value of zero, which is the default, indicates no lower bound. Note that if this is set to a value greater than zero, a row count of zero can still be estimated for expressions with a cardinality of zero, e.g., for a contradictory filter. Setting this to a value higher than 0, such as 1, may yield better query plans in some cases, such as when statistics are frequently stale and inaccurate. #140998
  • Since v23.2 table statistics histograms have been collected for non-indexed JSON columns. Histograms are no longer collected for these columns if sql.stats.non_indexed_json_histograms.enabled is set to false. This reduces memory usage during table statistics collection, for both automatic and manual collection via ANALYZE and CREATE STATISTICS. #139897
  • The optimizer_check_input_min_row_count session setting has been added to control the minimum row count estimate for buffer scans of foreign key and unqiueness checks. It defaults to 0. #141375
  • Since v23.2 table statistics histograms have been collected for non-indexed JSON columns. Histograms are no longer collected for these columns if sql.stats.non_indexed_json_histograms.enabled is set to false. This reduces memory usage during table statistics collection, for both automatic and manual collection via ANALYZE and CREATE STATISTICS. #140998
  • Added support for a new index hint, AVOID_FULL_SCAN, which will prevent the optimizer from planning a full scan for the specified table if any other plan is possible. The hint can be used in the same way as other existing index hints. For example, SELECT * FROM table_name@{AVOID_FULL_SCAN};. This hint is similar to NO_FULL_SCAN, but will not error if a full scan cannot be avoided. Note that normally a full scan of a partial index would not be considered a "full scan" for the purposes of the NO_FULL_SCAN and AVOID_FULL_SCAN hints, but if the user has explicitly forced the partial index via FORCE_INDEX=index_name, we do consider it a full scan. #140255
  • Added support for a new index hint, AVOID_FULL_SCAN, which will prevent the optimizer from planning a full scan for the specified table if any other plan is possible. The hint can be used in the same way as other existing index hints. For example, SELECT * FROM table_name@{AVOID_FULL_SCAN};. This hint is similar to NO_FULL_SCAN, but will not error if a full scan cannot be avoided. Note that normally a full scan of a partial index would not be considered a "full scan" for the purposes of the NO_FULL_SCAN and AVOID_FULL_SCAN hints, but if the user has explicitly forced the partial index via FORCE_INDEX=index_name, we do consider it a full scan. #140998
  • Fixed a bug existing only in pre-release versions of v25.1 which could cause unexpected errors during planning for VALUES expressions containing function calls with multiple overloads. #140646

Operational changes

  • Reduce noise when using dynamically provisioned logging sinks.

Fixes: https://cockroachlabs.atlassian.net/browse/CLOUDOPS-8044 #139643 - the node decommission cli command now waits until the target node is drained before marking it as fully decommissioned. Previously, it would start drain but not wait, leaving the target node briefly in a state where it would be unable to communicate with the cluster but would still accept client requests (which would then hang or hit unexpected errors). #139556

Command-line changes

  • Improves the performance of the debug zip query that collects transaction_contention_events data, reducing the chances of "memory budget exceeded" or "query execution canceled due to statement timeout" errors. #139754

Bug fixes

  • Fixed a bug that could cause SHOW TABLES and other introspection operations to encounter a "batch timestamp must be after replica GC threshold" error. #140084
  • Fixed a bug that could cause SHOW TABLES and other introspection operations to encounter a "batch timestamp must be after replica GC threshold" error. #140284
  • Fixed a bug where dropping a table with a trigger using the legacy schema changer could leave an orphaned reference in the descriptor. This occurred when two tables were dependent on each other via a trigger, and the table containing the trigger was dropped. #141179
  • Fixed a bug that could cause SHOW TABLES and other introspection operations to encounter a "batch timestamp must be after replica GC threshold" error. #141720
  • Fixes a bug where sometimes activating diagnostics for sql activity appears unresponsive, with no state or status update upon activating. Now, the status should always reflect that diagnosticsa are active or that a statement bundle is downloadable. #139585
  • Fixed a bug that would cause an internal error when the result of a RECORD-returning UDF was wrapped by another expression (such as COALESCE) within a VALUES clause. #140646
  • We have resolved an issue in the Kafka v2 sink configuration within CockroachDB, where users were previously unable to set negative GZIP compression levels. Now, users can configure the CompressionLevel for the Kafka sink in the range of [-2, 9]. Please update the user guide to include the new valid GZIP compression level range of [-2, 9], where -2 enables Huffman encoding and -1 sets the default compression. #141037
  • Bounded memory leak that could previously occur when evaluating some memory-intensive queries via the vectorized engine in CockroachDB has now been fixed. The leak has been present since 20.2 version. #139095
  • Fixed a bug that could prevent SHOW CREATE TABLE from working if a database was offline (e.g., due to a RESTORE on that database). #141509
  • Data distribution page in advanced debug will no longer crash if there are null values for raw_sql_config in crdb_internal.zones. #140661
  • Fixed possible index corruption caused by triggers that could occur when the following conditions were satisfied:
    1. A query calls a UDF or stored procedure, and also performs a mutation on a table.
    2. The UDF/SP contains a statement that either fires an AFTER trigger, or fires a cascade that itself fires a trigger.
    3. The trigger modifies the same row as the outer statement.
    4. Either the outer or inner mutation is something other than an INSERT without an ON CONFLICT clause. #138361
  • Fix a rare bug in which a query might fail with error "could not find computed column expression for column in table" while dropping a virtual computed column from the table. This bug was introduced in v23.2.4. #139833
  • fix a bug that prevented starting multi-table LDR streams on tables that used user-defined types. Epic: none.

Fixes #141598. #141793 - A bug has been fixed that could cause "nil pointer dereference" errors when executing statements with UDFs. The error could also occur when executing statements with some built-in functions, like obj_description. #141652 - Removes duplicate columns in the parquet output from changefeeds using cdc queries. #140153


Release Date: February 19, 2025



Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.6.linux-amd64.tgz
ARM cockroach-v24.3.6.linux-arm64.tgz
Intel cockroach-v24.3.6.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.6.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.6.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach:v24.3.6

Source tag

To view or download the source code for CockroachDB v24.3.6 on Github, visit v24.3.6 source tag.


View a detailed changelog on GitHub: v24.3.5...v24.3.6

Bug fixes

  • Fixed a bug that could cause SHOW TABLES and other introspection operations to encounter a "batch timestamp ... must be after replica GC threshold" error. #141655

This fix is present in v24.3.4 and v24.3.6, but was not released in v24.3.5.


Release Date: February 6, 2025



Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.5.linux-amd64.tgz
ARM cockroach-v24.3.5.linux-arm64.tgz
Intel cockroach-v24.3.5.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.5.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.5.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach:v24.3.5

Source tag

To view or download the source code for CockroachDB v24.3.5 on Github, visit v24.3.5 source tag.


View a detailed changelog on GitHub: v24.3.4...v24.3.5

General changes

  • The protected timestamp records of running changefeeds are now updated when the set of targets changes, such as when system tables are added to the protected tables list. #138654

Backward-incompatible changes

  • In v24.3.4, a bug was fixed that could cause SHOW TABLES and other introspection operations to encounter a "batch timestamp ... must be after replica GC threshold" error. This fix is not present in v24.3.5, but has been released in v24.3.6. #140175

SQL language changes

  • Since v23.2 table statistics histograms have been collected for non-indexed JSON columns. Histograms are no longer collected for these columns if the sql.stats.non_indexed_json_histograms.enabled cluster setting is set to false. This reduces memory usage during table statistics collection, for both automatic and manual collection via ANALYZE and CREATE STATISTICS. #140265
  • Added support for a new index hint, AVOID_FULL_SCAN, which will prevent the optimizer from planning a full scan for the specified table if any other plan is possible. The hint can be used in the same way as other existing index hints. For example, SELECT * FROM table_name@{AVOID_FULL_SCAN};. This hint is similar to NO_FULL_SCAN, but will not error if a full scan cannot be avoided. Note that normally a full scan of a partial index would not be considered a "full scan" for the purposes of the NO_FULL_SCAN and AVOID_FULL_SCAN hints, but if the user has explicitly forced the partial index via FORCE_INDEX=index_name, CockroachDB does consider it a full scan. #140270
  • Added the optimizer_prefer_bounded_cardinality session setting, which instructs the optimizer to prefer query plans where every expression has a guaranteed upper-bound on the number of rows it will process. This may help the optimizer produce better query plans in some cases. This setting is disabled by default. #140270
  • Added the optimizer_min_row_count session setting, which sets a lower bound on row count estimates for relational expressions during query planning. A value of zero, which is the default, indicates no lower bound. Note that if this is set to a value greater than zero, a row count of zero can still be estimated for expressions with a cardinality of zero, e.g., for a contradictory filter. Setting this to a value higher than 0, such as 1, may yield better query plans in some cases, such as when statistics are frequently stale and inaccurate. #140270

Operational changes

  • Schema object identifiers (e.g., database names, schema names, table names, and function names) are no longer redacted when logging statements in the EXEC or SQL_SCHEMA channels. If redaction of these names is required, then the new cluster setting sql.log.redact_names.enabled can be set to true. The default value of the setting is false. #138563
  • Schema object identifiers (e.g., table names, schema names, function names, and type names) are no longer redacted in the SQL_SCHEMA log channel. #138563
  • Added the metric sql.schema_changer.object_count, which counts the number of objects in the cluster. #138837
  • The changefeed.max_behind_nanos metric now supports scoping with metrics labels. #139234

DB Console changes

  • Added the /debug/pprof/fgprof endpoint to capture off-CPU stack traces. Use of this endpoint will have a noticable impact to performance while the endpoint is being triggered. #138843

Bug fixes

  • CLOSE CURSOR statements are now allowed in read-only transactions, similar to PostgreSQL. The bug had been present since at least v23.1. #137793
  • ALTER BACKUP SCHEDULE no longer fails on schedules whose collection URI contains a space. #138082
  • Previously, SHOW CREATE TABLE was showing incorrect data for inverted indexes. It now shows the correct data that can be input to CockroachDB to recreate the same table. #138083
  • Fixed a timing issue between ALTER VIEW .. RENAME and DROP VIEW that caused repeated failures in the DROP VIEW job. #137889
  • Fixed a bug where querying the pg_catalog.pg_constraint table while the schema changer was dropping a constraint could result in a query error. #137875
  • On the Databases page, users should no longer see console errors when visiting the Databases page directly after node/SQL pod startup. #138377
  • In the Databases > Tables page, the CREATE statement will now show up as expected for tables with custom schema names. #138378
  • Queries that perform a cast from the string representation of an array containing GEOMETRY or GEOGRAPHY types to a SQL ARRAY type will now succeed. #138695
  • Previously, cluster backups taken in a multi-region cluster that had configured the system database with a region configuration could not be restored into a non-multi-region cluster. This is now fixed. #138787
  • Fixed a bug that disregarded tuple labels in some cases. This could cause unexpected behavior, such as when converting a tuple to JSON with to_jsonb. See #136167 for more details. The incorrect removal of tuple labels bug was introduced in v22.1.0, and changes in v24.3.0 made unexpected behavior due to the bug more likely. #138840
  • Previously, CockroachDB could encounter an internal error comparison of two different versions of enum in some cases when a user-defined type was modified within a transaction and the following statements read the column of that user-defined type. The bug was introduced in v24.2 and is now fixed. #138052
  • Secondary tenants will no longer fatal when issuing HTTP requests during tenant startup. #138755
  • Fixed a bug where columns created with GENERATED ... AS IDENTITY with the SERIAL type could incorrectly fail internal validations. #139101
  • When the session variable allow_role_memberships_to_change_during_transaction is set, it is now possible to create and drop users quickly even when there are contending transactions on the system.users and system.role_options system tables. #139032
  • Fixed a bug where the error batch timestamp ... must be after replica GC threshold could occur during a schema change backfill operation, and cause the schema change job to retry infinitely. Now this error is treated as permanent, and will cause the job to enter the failed state. #139250
  • Fixed a bug that prevented the CREATE statement for a routine from being shown in a statement bundle. This happened when the routine was created on a schema other than public. The bug had existed since v23.1. #136124


Release Date: January 31, 2025



Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.4.linux-amd64.tgz
ARM cockroach-v24.3.4.linux-arm64.tgz
Intel cockroach-v24.3.4.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.4.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.4.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach:v24.3.4

Source tag

To view or download the source code for CockroachDB v24.3.4 on Github, visit v24.3.4 source tag.


View a detailed changelog on GitHub: v24.3.3...v24.3.4

Bug fixes

  • Fixed a bug that could cause SHOW TABLES and other introspection operations to encounter a "batch timestamp ... must be after replica GC threshold" error. #140175

This fix is present in v24.3.4 and v24.3.6, but was not released in v24.3.5.


Release Date: January 9, 2025



Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.3.linux-amd64.tgz
ARM cockroach-v24.3.3.linux-arm64.tgz
Intel cockroach-v24.3.3.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.3.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.3.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach:v24.3.3

Source tag

To view or download the source code for CockroachDB v24.3.3 on Github, visit v24.3.3 source tag.


View a detailed changelog on GitHub: v24.3.2...v24.3.3

General changes

  • To improve the granularity of changefeed pipeline metrics, the changefeed metrics changefeed.admit_latency and changefeed.commit_latency have histogram buckets from 5ms to 60m (previously 500ms to 5m). The following changefeed metrics have histogram buckets from 5ms to 10m (previously 500ms to 5m):
    • changefeed.parallel_io_queue_nanos
    • changefeed.parallel_io_result_queue_nanos
    • changefeed.sink_batch_hist_nanos
    • changefeed.flush_hist_nanos
    • changefeed.kafka_throttling_hist_nanos #136604
  • Added support for multiple seed brokers in the new Kafka sink. #136727
  • Added a new metric distsender.rangefeed.catchup_ranges_waiting_client_side that counts how many rangefeeds are waiting on the client-side limiter to start performing catchup scans. #136838
  • Added support for a new AWS_USE_PATH_STYLE parameter in S3 URI parsing. #136934

SQL language changes

  • Added support for SHOW TRIGGERS, which displays the names of all triggers on a table, and whether each trigger is enabled. The user must have any privilege on the table, or be its owner. #135862
  • Added support for SHOW CREATE TRIGGER, which displays the CREATE statement for a trigger. The user must have any privilege on the table, or be its owner. #135862
  • The names of BEFORE triggers fired by a mutation are now included in the EXPLAIN output, with the trigger-function invocations also visible in the output of verbose EXPLAIN. #135864
  • AFTER triggers are now included in the output of EXPLAIN and EXPLAIN ANALYZE. #135864
  • Added the legacy_varchar_typing session setting, which reverts the changes of #133037 that causes the change in typing behavior described in #137837. Specifically, it makes type-checking and overload resolution ignore the newly added "unpreferred" overloads. This setting defaults to on. #137919

Operational changes

  • Removed the sql.auth.resolve_membership_single_scan.enabled cluster setting. This was added out of precaution in case it was necessary to revert back to the old behavior for looking up role memberships, but this escape hatch has never been needed in practice since this was added in v23.1. #136162
  • Telemetry delivery is now considered successful even in cases of a network timeout. This will prevent throttling in cases outside an operator's control. #136480
  • When a schema change job is completed, rolls back, or encounters a failure, the time taken since the job began is now logged in a structured log in the SQL_SCHEMA log channel. #136929
  • Added a new configurable parameter kv.transaction.max_intents_and_locks that will prevent transactions from creating too many intents. #137687
  • Added the metric txn.count_limit_rejected, which tracks the KV transactions that have been aborted because they exceeded the max number of writes and locking reads allowed. #137687
  • Added the metric txn.count_limit_on_response, which tracks the number of KV transactions that have exceeded the count limit on a response. #137687

DB Console changes

  • The link on the Plan Details page to the legacy Table page has been removed. #136504

Bug fixes

  • Previously, CockroachDB would encounter an internal error when evaluating FETCH ABSOLUTE 0 statements, and this is now fixed. The bug has been present since v22.1. #134995
  • Fixed an issue where corrupted table statistics could cause the cockroach process to crash. #136042
  • A table that is participating in a logical replication stream can no longer be dropped. Previously this was allowed, which would cause all the replicated rows to end up in the dead-letter queue. #136255
  • ALTER COLUMN SET NOT NULL was not enforced consistently when the table was created in the same transaction. #136323
  • Fixed a bug where CREATE RELATION / TYPE could leave dangling namespace entries if the schema was concurrently being dropped. #136378
  • security.certificate.* metrics will now be updated if a node loads new certificates while running. #136226
  • The idle_in_session_timeout setting now excludes the time spent waiting for schema changer jobs to complete, preventing unintended session termination during schema change operations. #136490
  • Fixed a bug that causes the optimizer to use stale table statistics after altering an ENUM type used in the table. #136630
  • Changes the table, index contents of the hot ranges page in DB console. #134988
  • Table statistics collection in CockroachDB could previously run into no bytes in account to release errors in some edge cases (when the SQL memory budget, configured via --max-sql-memory flag, was close to being exhausted). The bug has been present since v21.2 and is now fixed. #136166
  • CockroachDB now better respects statement_timeout limit on queries involving the top K sort and merge join operations. #136653
  • Fixed an issue where license enforcement was not consistently disabled for single-node clusters started with cockroach start-single-node. The fix ensures proper behavior on cluster restarts. #137012
  • Fixed a bug that caused queries against tables with user-defined types to sometimes fail with errors after restoring those tables. #137353
  • Fixed a bug that causes an incorrect filesystem to be logged as part of the store information. #137115
  • Fixed a bug affecting uniqueness enforcement in regional by row tables when using read-committed isolation. The bug, introduced in v24.3.0, could cause internal errors or incorrect uniqueness enforcement in tables that had both non-unique and unique indexes when the region column was not part of the uniqueness constraints. #137366
  • Fixed a bug that has existed since v24.1 that would cause a set-returning UDF with OUT parameters to return a single row. #137376
  • Fixed an issue where adding an existing column with the IF NOT EXISTS option could exit too early, skipping necessary handling of the abstract syntax tree (AST). This could lead to failure of the ALTER statement. #137675
  • An issue where a schema change could incorrectly cause a changefeed to fail with an assertion error like received boundary timestamp ... of type ... before reaching existing boundary of type ... has now been fixed. #137706
  • Internal scans are now exempt from the sql.defaults.disallow_full_table_scans.enabled setting, allowing index creation even when the cluster setting is active. #137725
  • The pg_catalog.pg_type table no longer contains NULL values for the columns typinput, typoutput, typreceive, and typsend. NULL values were erroneously added for these columns for the trigger type in v24.3.0. This could cause unexpected errors with some client libraries. #137941

Performance improvements

  • Improved the internal caching logic for role membership information. This reduces the latency impact of commands such as DROP ROLE, CREATE ROLE, and GRANT role TO user, which cause the role membership cache to be invalidated. #136162


Release Date: December 26, 2024



Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.2.linux-amd64.tgz
ARM cockroach-v24.3.2.linux-arm64.tgz
Intel cockroach-v24.3.2.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.2.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.2.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach:v24.3.2

Source tag

To view or download the source code for CockroachDB v24.3.2 on Github, visit v24.3.2 source tag.


View a detailed changelog on GitHub: v24.3.1...v24.3.2

SQL language changes

  • Added the legacy_varchar_typing session setting. When set to on, type-checking comparisons involving VARCHAR columns behave as they did in all previous versions. When set to off, type-checking of these comparisons is more strict and queries that previously succeeded may now error with the message unsupported comparison operator. These errors can be fixed by adding explicit type casts. The legacy_varchar_typing session setting is on by default. #137943


Release Date: December 12, 2024



Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.1.linux-amd64.tgz
ARM cockroach-v24.3.1.linux-arm64.tgz
Intel cockroach-v24.3.1.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.1.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.1.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach:v24.3.1

Source tag

To view or download the source code for CockroachDB v24.3.1 on Github, visit v24.3.1 source tag.


View a detailed changelog on GitHub: v24.3.0...v24.3.1

SQL language changes

  • When triggers fire one another cyclically, the new recursion_depth_limit setting now limits the depth of the recursion. By default, the limit is 1000 nested trigger executions. #135046

Operational changes

  • The metrics scrape HTTP endpoint at / _status/vars will now truncate HELP text at the first sentence, reducing the metadata for metrics with large descriptions. Customers can still access these descriptions via our docs. #135021
  • The row-level TTL job now periodically updates the progress meter in the jobs introspection interfaces, including SHOW JOBS and the Jobs page in the DB console. #135171
  • Telemetry delivery is now considered successful even in cases where we experience a network timeout. This will prevent throttling in cases outside an operator's control. #136481

DB Console changes

  • When activating statement diagnostics in the DB Console, users now have the option to produce a redacted bundle as output. This bundle will omit sensitive data. #134993

Other changes

  • Protected timestamp records for changefeeds now include the system.users table. This ensures that user information remains available when running CDC queries against historical data. #134238

Bug fixes

  • Fixed a bug that could cause DELETE triggers not to fire on cascading delete, and which could cause INSERT triggers to match incorrectly in the same scenario. #134896
  • Reduced the duration of partitions in the gossip network when a node crashes in order to eliminate false positives in the ranges.unavailable metric. #134480
  • When a non-admin user runs DROP ROLE IF EXISTS on a user that does not exist, an error is no longer returned. #134970
  • Fixed a bug that could cause incorrect query results when the optimizer planned a lookup join on an index containing a column of type CHAR(N), VARCHAR(N), BIT(N), VARBIT(N), or DECIMAL(M, N), and the query held that column constant to a single value (e.g. with an equality filter). #135037
  • Fixed an unhandled error that would occur if DROP SCHEMA was executed on the public schema of the system database, or on an internal schema like pg_catalog or information_schema. #135181
  • A bug has been fixed that caused incorrect evaluation of some binary expressions involving CHAR(N) values and untyped string literals with trailing whitespace characters. For example, the expression 'f'::CHAR = 'f ' now correctly evaluates to true. #134710
  • Prevent ALTER DATABASE operations that modify the zone config from hanging if an invalid zone config already exists. #135216
  • CREATE SCHEMA now returns the correct error if a schema name is missing. #135928
  • percentile_cont and percentile_disc aggregate functions now support float4 data type inputs. Previously, these functions would return an error when used with float4 values. #135764
  • security.certificate.* metrics now update correctly when certificates are reloaded during node runtime. Previously, these metrics would not reflect changes to certificates after node startup. #136227
  • SQL roles created from LDAP groups that contain periods (.) or hyphens (-) in their Common Names (CN) no longer result in authorization failures. #134942
  • LDAP authorization now supports partial group mapping, allowing users to authenticate even when some LDAP groups do not have corresponding CockroachDB roles. Previously, authentication would fail if any LDAP group lacked a matching database role. #135587
  • Regional by row tables with uniqueness constraints where the region is not part of those uniqueness constraints and which also contain non-unique indices will now have those constraints properly enforced when modified at READ COMMITTED isolation. This bug was introduced in v24.3.0. #137367

Performance improvements

  • The _status/nodes_ui API no longer returns unnecessary metrics in its response. This decreases the payload size of the API and improves the load time of various DB Console pages and components. #135209
  • PL/pgSQL loops now execute up to 3-4x faster through improved optimization, particularly when they contain subqueries. This enhancement improves performance for routines with many iterations or nested operations. #135648


Release Date: November 18, 2024

With the release of CockroachDB v24.3, we've added new capabilities to help you migrate, build, and operate more efficiently. Refer to our summary of the most significant user-facing changes under Feature Highlights.



Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0.linux-amd64.tgz
ARM cockroach-v24.3.0.linux-arm64.tgz
Intel cockroach-v24.3.0.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.0.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.0.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach:v24.3.0

Source tag

To view or download the source code for CockroachDB v24.3.0 on Github, visit v24.3.0 source tag.


View a detailed changelog on GitHub: v24.3.0-rc.1...v24.3.0

Feature highlights

This section summarizes the most significant user-facing changes in v24.3.0 and other features recently made available to CockroachDB users across versions. For a complete list of features and changes in v24.3, including bug fixes and performance improvements, refer to the release notes for previous v24.3 testing releases. You can also search the docs for sections labeled New in v24.3.

CockroachDB Licensing

Feature Availability
Ver. Self-hosted Advanced Standard Basic

Licensing changes

All versions of CockroachDB starting from the release date of 24.3.0 onward, including patch fixes for versions 23.1-24.2, are made available under the CockroachDB Software License.

See below for a summary of license options for self-hosted deployments. All Cloud deployments automatically have a valid Enterprise license.

  • Enterprise: This paid license allows usage of all CockroachDB features in accordance with the terms specified in the CockroachDB Software License.

  • Enterprise Free: Same functionality as Enterprise, but free of charge for businesses with less than $10M in annual revenue. Clusters will be throttled after 7 days without sending telemetry. License must be renewed annually.

  • Enterprise Trial: A 30 day self-service trial license. Telemetry is required during the trial. Clusters will be throttled after 7 days without sending telemetry. Telemetry can be disabled once the cluster is upgraded to a paid Enterprise license.

See the Licensing FAQs page for more details on the CockroachDB Software License and license options. You may acquire CockroachDB licenses through the CockroachDB Cloud console.

24.3 Green checkmark (Yes) Green checkmark (Yes) Green checkmark (Yes) Green checkmark (Yes)

CockroachDB Cloud

Feature Availability
Ver. Self-hosted Advanced Standard Basic

Free trial on CockroachDB Cloud

New CockroachDB Cloud organizations can benefit from a 30-day free trial that enables you to consume up to $400 worth of free credits. Get started by signing up for CockroachDB Cloud

All Gray circle with horizontal white line (No) Gray circle with horizontal white line (No) Green checkmark (Yes) Green checkmark (Yes)

Change Data Capture

Feature Availability
Ver. Self-hosted Advanced Standard Basic

IAM authentication support for Amazon MSK Serverless

Changefeeds support IAM Authentication with Amazon MSK Serverless clusters (Amazon Managed Streaming for Apache Kafka). This feature is generally available.

24.3 Green checkmark (Yes) Green checkmark (Yes) Green checkmark (Yes) Green checkmark (Yes)

Disaster Recovery

Feature Availability
Ver. Self-hosted Advanced Standard Basic

SELECT now supported on PCR standby clusters

Physical cluster replication (PCR) has been enhanced to support SELECT operations on standby clusters. This enables you to scale read performance by running, for example, non-critical workloads on standby clusters.

24.3 Green checkmark (Yes) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No)

Logical Data Replication in Preview

Logical data replication (LDR) continuously replicates tables between an active source CockroachDB cluster to an active destination CockroachDB cluster. Both source and destination can receive application reads and writes, and participate in bidirectional LDR replication for eventual consistency in the replicating tables.

The active-active setup between clusters can provide protection against cluster, datacenter, or region failure while still achieving single-region low latency reads and writes in the individual CockroachDB clusters. Each cluster in an LDR job still benefits individually from multi-active availability with CockroachDB's built-in Raft replication providing data consistency across nodes, zones, and regions.

This feature is in Preview.

24.3 Green checkmark (Yes) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No)


Feature Availability
Ver. Self-hosted Advanced Standard Basic

User-defined functions and stored procedures support SECURITY DEFINER

You can create or alter a user-defined function (UDF) or stored procedure with [EXTERNAL] SECURITY DEFINER instead of the default [EXTERNAL] SECURITY INVOKER. With [SECURITY DEFINER], the privileges of the owner are checked when the UDF or stored procedure is executed, rather than the privileges of the executor. The EXTERNAL keyword is optional and exists for SQL language conformity.

24.3 Green checkmark (Yes) Green checkmark (Yes) Green checkmark (Yes) Green checkmark (Yes)

CockroachDB now supports triggers in Preview

CockroachDB now supports triggers. Triggers allow automatic execution of specified functions in response to specified events on a particular table or view. They can be used for automating tasks, enforcing business rules, and maintaining data integrity. This feature is in Preview.

24.3 Green checkmark (Yes) Green checkmark (Yes) Green checkmark (Yes) Green checkmark (Yes)


Feature Availability
Ver. Self-hosted Advanced Standard Basic

LDAP support in Preview

CockroachDB supports authentication and authorization using LDAP-compatible directory services, such as Active Directory and Microsoft Entra ID. This allows you to integrate CockroachDB clusters with your organization's existing identity infrastructure for centralized user management and access control. This feature is available in Preview.

24.3 Green checkmark (Yes) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No)


Feature Availability
Ver. Self-hosted Advanced Standard Basic

Improved usability for the DB Console Metrics page

Introduced several enhancements to the DB Console Metrics page to support large scale clusters, including the following:

  • Added on-hover cursor support that will display the closest time-series value and highlight the node in the legend to allow users to quickly pinpoint outliers.

  • Improved legend visibillity and made legends scrollable to improve usability and reduce vertical scrolling.

24.3 Green checkmark (Yes) Green checkmark (Yes) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No)

Improved peformance and scalability for the DB Console Databases pages

CockroachDB now caches the data that is surfaced in the Databases page. This enhances the performance and scalability of the Databases page for large-scale clusters.

24.3 Green checkmark (Yes) Green checkmark (Yes) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No)

Improved admission control observability

The DB Console Overload page now provides additional metrics to help identify overload in the system. Graphs and metrics on this page provide quick signals on which resource is exhausted and whether it is due to background activity or foreground.

There are now 4 graphs for admission queue delay:

  1. Foreground (regular) CPU work

  2. Store (IO) work

  3. Background (elastic) CPU work

  4. Replication admission control (store overload on replicas)

24.3 Green checkmark (Yes) Green checkmark (Yes) Gray circle with horizontal white line (No) Gray circle with horizontal white line (No)
Feature detail key
Features marked "All★" were recently made available in the CockroachDB Cloud platform. They are available for all supported versions of CockroachDB, under the deployment methods specified in their row under Availability.
★★ Features marked "All★★" were recently made available via tools maintained outside of the CockroachDB binary. They are available to use with all supported versions of CockroachDB, under the deployment methods specified in their row under Availability.
Green checkmark (Yes) Feature is available for this deployment method of CockroachDB as specified in the icon’s column: CockroachDB Self-hosted, CockroachDB Advanced, CockroachDB Standard, or CockroachDB Basic.
Gray circle with horizontal white line (No) Feature is not available for this deployment method of CockroachDB as specified in the icon’s column: CockroachDB Self-hosted, CockroachDB Advanced, CockroachDB Standard, or CockroachDB Basic.

Backward-incompatible changes

Before upgrading to CockroachDB v24.3, be sure to review the following backward-incompatible changes, as well as key cluster setting changes, and adjust your deployment as necessary.

If you plan to upgrade to v24.3 directly from v24.1 and skip v24.2, be sure to also review the v24.2 release notes for backward-incompatible changes from v24.1.

  • Upgrading to v24.3 is blocked if no license is installed, or if a trial/free license is installed with telemetry disabled. #130576

Features that Require Upgrade Finalization

During a major-version upgrade, certain features and performance improvements may not be available until the upgrade is finalized.

  • A cluster must have an Enterprise license or a trial license set before an upgrade to v24.3 can be finalized.
  • New clusters that are initialized for the first time on v24.3, and clusters that are upgraded to v24.3 will now have a zone config defined for the timeseries range if it does not already exist, which specifies the value for gc.ttlseconds, but inherits all other attributes from the zone config for the default range.

Key Cluster Setting Changes

Changes to cluster settings should be reviewed prior to upgrading. New default cluster setting values will be used unless you have manually set a value for a setting. This can be confirmed by running the SQL statement SELECT * FROM system.settings to view the non-default settings.

Settings added
  • goschedstats.always_use_short_sample_period.enabled: when set to true, helps to prevent unnecessary queueing due to CPU admission control by forcing 1ms sampling of runnable queue lengths. The default value is false. #133585

  • kv.range.range_size_hard_cap: allows you to limit how large a range can grow before backpressure is applied. This can help to mitigate against a situation where a range cannot be split, such as when a range is comprised of a single key due to an issue with the schema or workload pattern, or a bug in client application code. The default is 8 GiB, 16 times the default maximum range size. If you have changed the maximum range size, you may need to adjust this cluster setting or reduce the range size. #129450

  • kvadmission.flow_controller.token_reset_epoch: can be used to refill replication admission control v2 tokens. This setting is marked as reserved, as it is not supported for tuning, by default. Use it only after consultation with your account team. #133294

  • kvadmission.store.snapshot_ingest_bandwidth_control.enabled: enables a new Admission Control integration for pacing snapshot ingest traffic based on disk bandwidth. It requires provisioned bandwidth to be set for the store, or the cluster through the setting kvadmission.store.provisioned_bandwidth, for it to take effect. #131243

  • Settings have been added which control the refresh behavior for the cached data in the Databases page of the DB Console:

    • obs.tablemetadatacache.data_valid_duration: the duration for which the data in system.table_metadata is considered valid before a cache reset will occur. Default: 20 minutes.
    • obs.tablemetadatacache.automatic_updates.enabled: whether to automatically update the cache according the validity interval. Default: false.


  • server.jwt_authentication.client.timeout: the HTTP client timeout for external calls made during JWT authentication. #127145

  • Partial statistics can now be automatically collected at the extremes of indexes when a certain fraction and minimum number of rows are stale (by default 5% and 100%, respectively). These can be configured with new table storage parameters and cluster settings:

    • sql.stats.automatic_partial_collection.enabled (table parameter sql_stats_automatic_partial_collection_enabled) - both default to false.
    • sql.stats.automatic_partial_collection.min_stale_rows (table parameter sql_stats_automatic_partial_collection_min_stale_rows) - both default to 100.
    • sql.stats.automatic_partial_collection.fraction_stale_rows (table parameter sql_stats_automatic_partial_collection_fraction_stale_rows) - both default to 0.05.


  • sql.stats.histogram_buckets.include_most_common_values.enabled: controls whether common values are included in histogram collection for use by the optimizer. When enabled, histogram buckets will represent the most common sampled values as upper bounds. #129378

  • sql.stats.histogram_buckets.max_fraction_most_common_values: controls the fraction of buckets that can be adjusted to include common values. Defaults to 0.1. #129378

  • sql.txn.repeatable_read_isolation.enabled: defaults to false. When set to true, the following statements configure transactions to run under REPEATABLE READ isolation, rather than being automatically interpreted as SERIALIZABLE:

    • SET default_transaction_isolation = 'repeatable read'
Settings with changed defaults
  • The default for sql.defaults.large_full_scan_rows is now 0. If a user is using session var values inherited from these settings, when sql.defaults.disallow_full_table_scans.enabled is set to true: all full table scans are now disallowed by default, even full scans on very small tables, but if sql.defaults.large_full_scan_rows is set to a number greater than 0, full scans are allowed if they are estimated to read fewer than that number of rows.

    • Note: All sql.defaults settings are maintained for backward compatibility. We recommend using ALTER ROLE, instead, to set the corresponding session vars for users (in this case, large_full_scan_rows and disallow_full_table_scans). For more information, see the note on the Cluster Settings table.
  • Increased the per-vCPU concurrency limits for KV operations:

    • The default for kv.dist_sender.concurrency_limit (reserved) has changed from 64 per vCPU to 384 per vCPU. (In v24.3, it is possible to estimate the current concurrency level using the new metric distsender.batches.async.in_progress.)
    • The default for kv.streamer.concurrency_limit (reserved) has changed from 8 per vCPU to 96 per vCPU.
    • These are reserved settings, not intended for tuning by customers.
    • When running SHOW CLUSTER SETTING, the displayed setting values will depend on the node's number of vCPUs.
    • Contact Support if the number of distsender.batches.async.throttled requests is persistently greater than zero.


  • The default for server.oidc_authentication.client.timeout, which sets the client timeout for external calls made during OIDC authentication, has changed from 30s to 15s.

Settings with changed visibility

The following settings are now marked public after previously being reserved. Reserved settings are not documented and their tuning by customers is not supported.

  • Cluster settings for configuring rate limiting for traffic to cloud storage are now public.

    • These settings have the prefix cloudstorage followed by:
      1. a provider or protocol (azure, gs, s3, http, nodelocal, userfile, or nullsink)
      2. read or write
      3. node_burst_limit or node_rate_limit
    • For example, cloudstorage.s3.write.node_burst_limit. #127207
  • JWT authentication have been made public. #128170

    • server.jwt_authentication.audience
    • server.jwt_authentication.claim
    • server.jwt_authentication.enabled
    • server.jwt_authentication.issuers.custom_ca
    • server.jwt_authentication.jwks
    • server.jwt_authentication.jwks_auto_fetch.enabled
  • Settings with the prefix server.ldap_authentication have been made public with the Preview release of LDAP support:

    • server.ldap_authentication.client.tls_certificate
    • server.ldap_authentication.client.tls_key
    • server.ldap_authentication.domain.custom_ca
Additional cluster setting changes
  • The setting server.host_based_authentication.configuration now supports LDAP configuration, and its value is now redacted for non-admin users when the server.redact_sensitive_settings.enabled is set to true. #131150

  • The settings enterprise.license and diagnostics.reporting.enabled now have additional validation. To disable diagnostics reporting, the cluster must also have a license that is not an Enterprise Trial or Enterprise Free license. Additionally, to set one of these licenses, the cluster must already be submitting diagnostics information. #131097 #132257

  • sql.defaults.vectorize now supports the value 1 (in addition to 0 and 2) to indicate on, to address a bug that could cause new connections to fail after an upgrade with a message referencing an invalid value for parameter "vectorize": "unknown(1)". #133371

  • The description of the setting changefeed.sink_io_workers has been updated to reflect all of the sinks that support the setting: the batching versions of webhook, pubsub, and kafka sinks that are enabled by changefeed.new_<sink type>_sink_enabled. #129946


The following deprecations are announced in v24.3. If you plan to upgrade to v24.3 directly from v24.1 and skip v24.2, be sure to also review the v24.2 release notes for deprecations.

Known limitations

For information about new and unresolved limitations in CockroachDB v24.3, with suggested workarounds where applicable, refer to Known Limitations.

Additional resources

Resource Topic Description
Cockroach University Introduction to Distributed SQL and CockroachDB This course introduces the core concepts behind distributed SQL databases and describes how CockroachDB fits into this landscape. You will learn what differentiates CockroachDB from both legacy SQL and NoSQL databases and how CockroachDB ensures consistent transactions without sacrificing scale and resiliency. You'll learn about CockroachDB's seamless horizontal scalability, distributed transactions with strict ACID guarantees, and high availability and resilience.
Cockroach University Practical First Steps with CockroachDB This course will give you the tools you need to get started with CockroachDB. During the course, you will learn how to spin up a cluster, use the Admin UI to monitor cluster activity, and use SQL shell to solve a set of hands-on exercises.
Cockroach University Enterprise Application Development with CockroachDB This course is the first in a series designed to equip you with best practices for mastering application-level (client-side) transaction management in CockroachDB. We'll dive deep on common differences between CockroachDB and legacy SQL databases and help you sidestep challenges you might encounter when migrating to CockroachDB from Oracle, PostgreSQL, and MySQL.
Cockroach University Building a Highly Resilient Multi-region Database using CockroachDB This course is part of a series introducing solutions to running low-latency, highly resilient applications for data-intensive workloads on CockroachDB. In this course we focus on surviving large-scale infrastructure failures like losing an entire cloud region without losing data during recovery. We'll show you how to use CockroachDB survival goals in a multi-region cluster to implement a highly resilient database that survives node or network failures across multiple regions with zero data loss.
Docs Migration Overview This page summarizes the steps of migrating a database to CockroachDB, which include testing and updating your schema to work with CockroachDB, moving your data into CockroachDB, and testing and updating your application.
Docs Architecture Overview This page provides a starting point for understanding the architecture and design choices that enable CockroachDB's scalability and consistency capabilities.
Docs SQL Feature Support The page summarizes the standard SQL features CockroachDB supports as well as common extensions to the standard.
Docs Change Data Capture Overview This page summarizes CockroachDB's data streaming capabilities. Change data capture (CDC) provides efficient, distributed, row-level changefeeds into a configurable sink for downstream processing such as reporting, caching, or full-text indexing.
Docs Backup Architecture This page describes the backup job workflow with a high-level overview, diagrams, and more details on each phase of the job.


Release Date: November 18, 2024



CockroachDB v24.3.0-rc.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.


Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-rc.1.linux-amd64.tgz
ARM cockroach-v24.3.0-rc.1.linux-arm64.tgz
Intel cockroach-v24.3.0-rc.1.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.0-rc.1.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.0-rc.1.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach-unstable:v24.3.0-rc.1

Source tag

To view or download the source code for CockroachDB v24.3.0-rc.1 on Github, visit v24.3.0-rc.1 source tag.


View a detailed changelog on GitHub: v24.3.0-beta.3...v24.3.0-rc.1

Security updates

  • All cluster settings that accept strings are now fully redacted when transmitted as part of CockroachDB's diagnostics telemetry. This payload includes a record of modified cluster settings and their values when they are not strings. Customers who previously applied the mitigations in Technical Advisory 133479 can safely set the value of cluster setting server.redact_sensitive_settings.enabled to false and turn on diagnostic reporting via the diagnostics.reporting.enabled cluster setting without leaking sensitive cluster settings values. #134018

SQL language changes

  • Row-level AFTER triggers can now be executed in response to mutations on a table. Row-level AFTER triggers fire after checks and cascades have completed for the query. #133320
  • Cascades can now execute row-level BEFORE triggers. By default, attempting to modify or eliminate the cascading UPDATE or DELETE operation results in a Triggered Data Change Violation error. To bypass this error, you can set the unsafe_allow_triggers_modifying_cascades query option to true. This could result in constraint violations. #134444
  • String constants can now be compared with collated strings. #134086

Operational changes

  • The kvadmission.low_pri_read_elastic_control.enabled cluster setting has been removed, because all bulk requests are now subject to elastic admission control admission by default. #134486
  • The following metrics have been added for Logic Data Replication (LDR):
    • logical_replication.catchup_ranges: the number of source side ranges conducting catchup scans.
    • logical_replication.scanning_ranges: the number source side ranges conducting initial scans.
    • In the DB Console, these metrics may not be accurate if multiple LDR jobs are running. The metrics are accurate when exported from the Prometheus endpoint. #134674
  • The backup and restore syntax update of cockroach workload which was introduced in #134610 #has been reverted. #134645

DB Console changes

  • After finalizing an upgrade to v24.3, an updated version of the Databases page will be available. #134244
  • Users with the CONNECT privilege can now access the Databases page. #134542

Bug fixes

  • Fixed a bug where an LDAP connection would be closed by the server and would not be retried by CockroachDB. #134277
  • Fixed a bug that prevented LDAP authorization from successfully assigning CockroachDB roles to users when the source group name contained periods or hyphens. #134944
  • Fixed a bug introduced in v22.2 that could cause significantly increased query latency while executing queries with index or lookup joins when the ordering needs to be maintained #134367
  • Fixed a bug where UPSERT statements on regional by row tables under non-serializable isolations would not display show uniqueness constraints in EXPLAIN output. Even when not displayed, the constraints were enforced. #134267
  • Fixed a bug where uniqueness constraints constraints enforced with tombstone writes were not shown in the output of EXPLAIN (OPT). #134482
  • Fixed a bug where DISCARD ALL statements were erroneously counted under the sql.ddl.count metric instead of the sql.misc.count metric. #134510
  • Fixed a bug that could cause a backup or restore operation on AWS to fail with a KMS error due to a missing default shared config. #134536
  • Fixed a bug that could prevent a user from running schema change operations on a restored table that was previously apart of a Logic Data Replication (LDR) stream. #134675

Performance improvements

  • The optimizer now generates more efficient query plans involving inverted indexes for queries with a conjunctive filter on the same JSON or ARRAY column. For example:

    SELECT * FROM t WHERE j->'a' = '10' AND j->'b' = '20'


Build changes


Release Date: November 5, 2024



CockroachDB v24.3.0-beta.3 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.


Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-beta.3.linux-amd64.tgz
ARM cockroach-v24.3.0-beta.3.linux-arm64.tgz
Intel cockroach-v24.3.0-beta.3.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.0-beta.3.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.0-beta.3.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.3

Source tag

To view or download the source code for CockroachDB v24.3.0-beta.3 on Github, visit v24.3.0-beta.3 source tag.


View a detailed changelog on GitHub: v24.3.0-beta.2...v24.3.0-beta.3

Security updates

  • Client authentication errors using LDAP now log more details to help with troubleshooting authentication and authorization issues. #133812

SQL changes

  • Physical Cluster Replication reader catalogs now bypass AOST timestamps using the bypass_pcr_reader_catalog_aost session variable, which can be used to modify cluster settings within the reader. #133876

Operational changes

  • Added a timer for inner changefeed sink client flushes. #133288
  • Rows replicated by Logical Data Replication in immediate mode are now considered in the decision to recompute SQL table statistics. #133591
  • The new cluster setting kvadmission.flow_controller.token_reset_epoch can be used to refill replication admission control v2 tokens. This is an advanced setting. Use it only after consultation with your account team. #133294
  • The new cluster setting goschedstats.always_use_short_sample_period.enabled, when set to true, helps to prevent unnecessary queueing due to CPU [admission control](/docs/v24.3/admission-control.htmls. #133585

DB Console changes

  • In Database pages, the Refresh tooltip now includes details about the progress of cache updates and when the job started. #133351

Bug fixes

  • Fixed a bug where changefeed sink) timers were not correctly registered with the metric system. #133288
  • Fixed a bug that could cause new connections to fail with the following error after upgrading: ERROR: invalid value for parameter "vectorize": "unknown(1)" SQLSTATE: 22023 HINT: Available values: off,on,experimental_always. To encounter this bug, the cluster must have:

    1. Run on version v21.1 at some point in the past
    2. Run SET CLUSTER SETTING sql.defaults.vectorize = 'on'; while running v21.1.
    3. Not set sql.defaults.vectorize after upgrading past v21.1 4.
    4. Subsequently upgraded to v24.2.upgraded all the way to v24.2.

    To detect this bug, run the following query:

    SELECT * FROM system.settings WHERE name = 'sql.defaults.vectorize

    If the command returns 1 instead of on, run the following statement before upgrading.

    RESET CLUSTER SETTING sql.defaults.vectorize;

    1 is now allowed as a value for this setting, and is equivalent to on. #133371

  • Fixed a bug in v22.2.13+, v23.1.9+, and v23.2 that could cause the internal error interface conversion: coldata.Column is in an edge case. #133762

  • Fixed a bug introduced in v20.1.0 that could cause erroneous NOT NULL constraint violation errors to be logged during UPSERT and INSERT statements with the ON CONFLICT ...DO UPDATE clause that update an existing row and a subset of columns that did not include a NOT NULL column of the table. #133820

  • Fixed a that could cache and reuse a non-reusable query plan, such as a plan for a DDL or SHOW statement, when plan_cache_mode was set to auto or force_generic_plan, which are not the default options. #133073

  • Fixed an unhandled error that could occur while running the command REVOKE ... ON SEQUENCE FROM ... {user} on an object that is not a sequence. #133710

  • Fixed a panic that could occur while running a CREATE TABLE AS statement that included a sequence with an invalid function overload. #133870


Release Date: October 28, 2024



CockroachDB v24.3.0-beta.2 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.


Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-beta.2.linux-amd64.tgz
ARM cockroach-v24.3.0-beta.2.linux-arm64.tgz
Intel cockroach-v24.3.0-beta.2.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.0-beta.2.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.0-beta.2.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.2

Source tag

To view or download the source code for CockroachDB v24.3.0-beta.2 on Github, visit v24.3.0-beta.2 source tag.


View a detailed changelog on GitHub: v24.3.0-beta.1...v24.3.0-beta.2

SQL language changes

  • If a table is the destination of a logical data replication stream, then only schema change statements that are deemed safe are allowed on the table. Safe statements are those that do not result in a rebuild of the primary index and do not create an index on a virtual computed column. #133266

Operational changes

  • The two new metrics sql.crud_query.count and sql.crud_query.started.count measure the number of INSERT/UPDATE/DELETE/SELECT queries executed and started respectively. #133198
  • When creating a logical data replication stream, any user-defined types in the source and destination are now checked for equivalency. This allows for creating a stream that handles user-defined types without needing to use the WITH SKIP SCHEMA CHECK option as long as the stream uses mode = immediate. #133274
  • Logical data replication streams that reference tables with user-defined types can now be created with the mode = immediate option. #133295

DB Console changes

  • The SQL Statements graph on the Overview and SQL dashboard pages in DB Console has been renamed SQL Queries Per Second and now shows Total Queries as a general Queries Per Second (QPS) metric. #133198
  • Due to the inaccuracy of the Range Count column on the Databases page and the cost incurred to fetch the correct range count for every database in a cluster, this data will no longer be visible. This data is still available via a SHOW RANGES query. #133267

Bug fixes


Release Date: October 24, 2024



CockroachDB v24.3.0-beta.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.


Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-beta.1.linux-amd64.tgz
ARM cockroach-v24.3.0-beta.1.linux-arm64.tgz
Intel cockroach-v24.3.0-beta.1.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.0-beta.1.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.0-beta.1.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach-unstable:v24.3.0-beta.1

Source tag

To view or download the source code for CockroachDB v24.3.0-beta.1 on Github, visit v24.3.0-beta.1 source tag.


View a detailed changelog on GitHub: v24.3.0-alpha.2...v24.3.0-beta.1

General changes

Enterprise edition changes

  • This change ensures authorization with LDAP only works when the ldapgrouplistfilter option is present in the HBA configuration, otherwise authentication will proceed with the provided LDAP auth method options in the HBA configuration. This change is to ensure external authorization with LDAP is opt-in rather than enabled by default. #132235
  • Added a changefeed sink error metric changefeed.sink_errors, and expanded reporting of the internal retries metric changefeed.internal_retry_message_count to all sinks that perform internal retries. #132092

SQL language changes

  • Implemented DROP TRIGGER statements. The CASCADE option for dropping a trigger is not supported. #128540
  • Added support for CREATE TRIGGER. The OR REPLACE syntax is not supported. Also, triggers cannot be executed, so creation is a no-op. #128540
  • REGIONAL BY ROW and PARTITION ALL BY tables can now be inserted into under non-SERIALIZABLE isolation levels as long as there is no ON CONFLICT clause in the statement. Also, REGIONAL BY ROW and PARTITION ALL BY tables can now be updated under non-SERIALIZABLE isolation levels. #129837
  • Attempting to add foreign keys referencing a table with row-level TTL enabled will generate a notice informing the user about potential impact on the row-level TTL deletion job. Similarly, a notice is generated while attempting to enable row-level TTL on a table that has inbound foreign key references. #127935
  • It is now possible to assign to an element of a composite typed variable in PL/pgSQL. For example, given a variable foo with two integer elements x and y, the following assignment statement is allowed: foo.x := 100;. #132628
  • Backup and restore now work for tables with triggers. When the skip_missing_udfs option is applied, triggers with missing trigger functions are removed from the table. #128555
  • UPSERT and INSERT ... ON CONFLICT statements are now supported on REGIONAL BY ROW tables under READ COMMITTED isolation. #132768
  • Added support for row-level BEFORE triggers. A row-level trigger executes the trigger function for each row that is being mutated. BEFORE triggers fire before the mutation operation. #132511
  • Added support for PL/pgSQL integer FOR loops, which iterate over a range of integer values. #130211

Operational changes

  • Admission Control now has an integration for pacing snapshot ingest traffic based on disk bandwidth. kvadmission.store.snapshot_ingest_bandwidth_control.enabled is used to turn on this integration. It requires provisioned bandwidth to be set for the store (or cluster through the cluster setting) for it to take effect. #131243
  • Added validation to check whether audit logging and buffering configurations are both present in the file log sink. Audit logging and buffering configuration should not both exist in the file log sink. #132742
  • Updated the file log sink validation message. This would give clear indication to the user about the expected valid configuration. #132899

DB Console changes

Bug fixes

  • Addressed a rare bug that could prevent backups taken during a DROP COLUMN operation with a sequence owner from restoring with the error: rewriting descriptor ids: missing rewrite for <id> in SequenceOwner.... #132202
  • Fixed a bug existing since before v23.1 that could lead to incorrect results in rare cases. The bug requires a join between two tables with an equality between columns with equivalent, but not identical types (e.g., OID and REGCLASS). In addition, the join must lookup into an index that includes a computed column that references one of the equivalent columns. #126345
  • Fixed a bug existing since before v23.1 that could lead to incorrect results in rare cases. The bug requires a lookup join into a table with a computed index column, where the computed column expression is composite sensitive. A composite sensitive expression can compare differently if supplied non-identical but equivalent input values (e.g., 2.0::DECIMAL versus 2.00::DECIMAL). #126345
  • Fixed a bug that caused quotes around the name of a routine to be dropped when it was called within another routine. This could prevent the correct routine from being resolved if the nested routine name was case-sensitive. The bug has existed since v24.1 when nested routines were introduced. #131643
  • Fixed a bug where the SQL shell would print out the previous error message when executing the quit command. #130736
  • Fixed a bug where a span statistics request on a mixed-version cluster resulted in a null pointer exception. #132349
  • Fixed an issue where changefeeds would fail to update protected timestamp records in the face of retryable errors. #132712
  • The franz-go library has been updated to fix a potential deadlock on changefeed restarts. #132761
  • Fixed a bug that in rare cases could cause incorrect evaluation of scalar expressions involving NULL values. #132261
  • Fixed a bug in the query optimizer that in rare cases could cause CockroachDB nodes to crash. The bug could occur when a query contains a filter in the form col IN (elem0, elem1, ..., elemN) only when N is very large, (e.g., 1.6+ million), and when col exists in a hash-sharded index, or exists a table with an indexed, computed column dependent on col. #132701
  • The proretset column of the pg_catalog.pg_proc table is now properly set to true for set-returning built-in functions. #132853
  • Fixed an error that could be caused by using an AS OF SYSTEM TIME expression that references a user-defined (or unknown) type name. These kinds of expressions are invalid, but previously the error was not handled properly. Now, a correct error message is returned. #132348

Build changes


Release Date: October 14, 2024



CockroachDB v24.3.0-alpha.2 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.


Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-alpha.2.linux-amd64.tgz
ARM cockroach-v24.3.0-alpha.2.linux-arm64.tgz
Intel cockroach-v24.3.0-alpha.2.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.0-alpha.2.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.0-alpha.2.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach-unstable:v24.3.0-alpha.2

Source tag

To view or download the source code for CockroachDB v24.3.0-alpha.2 on Github, visit v24.3.0-alpha.2 source tag.


View a detailed changelog on GitHub: v24.3.0-alpha.1...v24.3.0-alpha.2

Security updates

  • The parameters for an HBA config entry for LDAP are now validated when the entry is created or amended, in addition to the validation that happens during an authentication attempt. #132086

  • Added automatic cleanup and validation for default privileges that reference dropped roles after a major-version upgrade to v24.3. #131782

General changes

  • Changed the license cockroach is distributed under to the new CockroachDB Software License (CSL). #131799 #131794 #131793

Enterprise edition changes

SQL language changes

  • To view comments on a type, you can use the new SHOW TYPES WITH COMMENT command. Comments can be added using COMMENT ON. #131183
  • You can create or alter a user-defined function (UDF) or stored procedure (SP) with [EXTERNAL] SECURITY DEFINER instead of the default [EXTERNAL] SECURITY INVOKER. With SECURITY DEFINER, the privileges of the owner are checked when the UDF or SP is executed, rather than the privileges of the executor. The EXTERNAL keyword is optional and exists for SQL language conformity. #129720

Operational changes

  • The following new metrics show details about replication flow control send queue when the cluster setting kvadmission.flow_control.enabled is set to true and the cluster setting kvadmission.flow_control.mode is set to apply_to_all.

    • kvflowcontrol.tokens.send.regular.deducted.prevent_send_queue
    • kvflowcontrol.tokens.send.elastic.deducted.prevent_send_queue
    • kvflowcontrol.tokens.send.elastic.deducted.force_flush_send_queue
    • kvflowcontrol.range_controller.count
    • kvflowcontrol.send_queue.bytes
    • kvflowcontrol.send_queue.count
    • kvflowcontrol.send_queue.prevent.count
    • kvflowcontrol.send_queue.scheduled.deducted_bytes
    • kvflowcontrol.send_queue.scheduled.force_flush


  • The following metrics have been renamed:

    Previous name New name-
    kvflowcontrol.tokens.eval.regular.disconnected kvflowcontrol.tokens.eval.regular.returned.disconnect
    kvflowcontrol.tokens.eval.elastic.disconnected kvflowcontrol.tokens.eval.elastic.returned.disconnect
    kvflowcontrol.tokens.send.regular.disconnected kvflowcontrol.tokens.send.regular.returned.disconnect
    kvflowcontrol.tokens.send.elastic.disconnected kvflowcontrol.tokens.send.elastic.returned.disconnect


Cluster virtualization changes

  • The _status/ranges/ endpoint on DB Console Advanced debug pages is now enabled for non-system virtual clusters, where it returns the ranges only for the tenant you are logged into. For the system virtual cluster, the _status/ranges/ endpoint continues to return ranges for the specified node across all virtual clusters. #131100

DB Console changes

  • Improved performance in the Databases, Tables View, and Table Details sections of the Databases page #131769

Bug fixes

  • Fixed a bug where JSON values returned by cockroach commands using the --format=sql flag were not correctly escaped if they contained double quotes within a string. #131881
  • Fixed an error that could happen if an aggregate function was used as the value in a SET command. #131891
  • Fixed a rare bug introduced in v22.2 in which an update of a primary key column could fail to update the primary index if it is also the only column in a separate column family. #131869
  • Fixed a rare bug where dropping a column of FLOAT4, FLOAT8, DECIMAL, JSON, ARRAY, or collate STRING type stored in a single column family could prevent subsequent reading of the table if the column family was not the first column family. #131967
  • Fixed an unimplemented internal error that could occur when ordering by a VECTOR column. #131703

Performance improvements

  • Efficiency has been improved when writing string-like values over the PostgreSQL wire protocol. #131964
  • Error handling during periodic table history polling has been improved when the schema_locked table parameter is not used. #131951


Release Date: October 9, 2024



CockroachDB v24.3.0-alpha.1 is a testing release. Testing releases are intended for testing and experimentation only, and are not qualified for production environments and not eligible for support or uptime SLA commitments.


Experimental downloads are not qualified for production use and not eligible for support or uptime SLA commitments, whether they are for testing releases or production releases.

Operating System Architecture Full executable SQL-only executable
Linux Intel cockroach-v24.3.0-alpha.1.linux-amd64.tgz
ARM cockroach-v24.3.0-alpha.1.linux-arm64.tgz
Intel cockroach-v24.3.0-alpha.1.darwin-10.9-amd64.tgz
ARM cockroach-v24.3.0-alpha.1.darwin-11.0-arm64.tgz
Intel cockroach-v24.3.0-alpha.1.windows-6.2-amd64.zip

Docker image

Multi-platform images include support for both Intel and ARM. Multi-platform images do not take up additional space on your Docker host.

Within the multi-platform image, both Intel and ARM images are generally available for production use.

To download the Docker image:


docker pull cockroachdb/cockroach-unstable:v24.3.0-alpha.1

Source tag

To view or download the source code for CockroachDB v24.3.0-alpha.1 on Github, visit v24.3.0-alpha.1 source tag.

Security updates

  • URLs in the CREATE CHANGEFEED and CREATE SCHEDULE FOR CHANGEFEED SQL statements are now sanitized of any secrets before being written to unredacted logs. #126970
  • The LDAP cluster settings server.ldap_authentication.client.tls_certificate and server.ldap_authentication.client.tls_key did not have callbacks installed to reload the settings value for LDAP authManager. This change fixes this by adding the necessary callbacks. #131151
  • Cluster settings for host-based authentication configuration (server.host_based_authentication.configuration) and identity map configuration (server.identity_map.configuration) need to be redacted as they can be configured to contain LDAP bind usernames, passwords, and mapping of external identities to SQL users that are sensitive. These cluster settings can be configured for redaction via the server.redact_sensitive_settings.enabled cluster setting. #131150
  • Added support for configuring authorization using LDAP. During login, the list of groups that a user belongs to are fetched from the LDAP server. These groups are mapped to SQL roles by extracting the common name (CN) from the group. After authenticating the user, the login flow grants these roles to the user, and revokes any other roles that are not returned by the LDAP server. The groups given by the LDAP server are treated as the sole source of truth for role memberships, so any roles that were manually granted to the user will not remain in place. #131043
  • Previously, the host-based authentication (HBA) configuration cluster setting server.host_based_authentication.configuration was unable to handle double quotes in authentication method option values. For example, for the following entry:

    host all all all ldap ldapserver=ldap.example.com ldapport=636 ldapbasedn="ou=users,dc=example,dc=com" ldapbinddn="cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid ldapsearchfilter="(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)"

    The HBA parser would fail after incorrectly determining ldapbinddn="cn=readonly,dc=example,dc=com" as 2 separate options (ldapbinddn=and cn=readonly,dc=example,dc=com). Now, the 2 tokens are set as key and value respectively for the same HBA configuration option. #131480

General changes

Enterprise edition changes

  • Added a CompressionLevel field to the changefeed kafka_sink_config option. Changefeeds will use this compression level when emitting events to a Kafka sink. The possible values depend on a compression codec. The CompressionLevel field optimizes for faster or stronger level of compression. #125456
  • The updated version of the CockroachDB changefeed Kafka sink implementation now supports specifying compression levels. #127827
  • Introduced the cluster setting server.jwt_authentication.client.timeout to capture the HTTP client timeout for external calls made during JWT authentication. #127145
  • The JWT authentication cluster settings have been made public. #128170
  • Updated certain error messages to refer to the stable docs tree rather than an explicit version. #128842
  • Disambiguated metrics and logs for the two buffers used by the KV feed. The affected metrics now have a suffix indicating which buffer they correspond to: changefeed.buffer_entries.*, changefeed.buffer_entries_mem.*, changefeed.buffer_pushback_nanos.*. The previous versions are still supported for backward compatibility, though using the new format is recommended. #128813
  • Added support for authorization to a CockroachDB cluster via LDAP, retrieving AD groups membership information for LDAP user. The new HBA configuration cluster setting option ldapgrouplistfilter performs filtered search query on LDAP for matching groups. An example HBA configuration entry to support LDAP authZ configuration:

    # TYPE    DATABASE      USER           ADDRESS             METHOD             OPTIONS
    # Allow all users to connect to using LDAP authentication with search and bind    host    all           all            all                 ldap               ldapserver=ldap.example.com ldapport=636 "ldapbasedn=ou=users,dc=example,dc=com" "ldapbinddn=cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid "ldapsearchfilter=(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)" "ldapgrouplistfilter=(objectClass=groupOfNames)"
    # Fallback to password authentication for the root user
    host    all           root           password

    For example, to use for an Azure AD server:

    SET cluster setting server.host_based_authentication.configuration = 'host    all           all            all                 ldap ldapserver=azure.dev ldapport=636 "ldapbasedn=OU=AADDC Users,DC=azure,DC=dev" "ldapbinddn=CN=Some User,OU=AADDC Users,DC=azure,DC=dev" ldapbindpasswd=my_pwd ldapsearchattribute=sAMAccountName "ldapsearchfilter=(memberOf=CN=azure-dev-domain-sync-users,OU=AADDC Users,DC=crlcloud,DC=dev)" "ldapgrouplistfilter=(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=crlcloud,DC=dev)"
    host    all           root           password';

    Post configuration, the CockroachDB cluster should be able to authorize users via LDAP server if:

    1. Users LDAP authentication attempt is successful, and it has the user's DN for the LDAP server.
    2. ldapgrouplistfilter is properly configured, and it successfully syncs groups of the user. #128498
  • Added changefeed support for the mvcc_timestamp option when the changefeed is emitting in avro format. If both options are specified, the Avro schema includes an mvcc_timestamp metadata field and emits the row's MVCC timestamp with the row data. #129840

  • Updated the cluster setting changefeed.sink_io_workers with all the sinks that support the setting. #129946

  • Added a LDAP authentication method to complement password-based login for the DB Console if HBA configuration has an entry for LDAP for the user attempting login, along with other matching criteria (like the requests originating IP address) for authentication to the DB Console. #130418

  • Added timers around key parts of the changefeed pipeline to help debug feeds experiencing issues. The changefeed.stage.<stage>.latency metrics now emit latency histograms for each stage. The metric respects the changefeed scope label for debugging specific feeds. #128794

  • For enterprise changefeeds, events changefeed_failed and create_changefeed now include a JobId field. #131396

  • The new metric seconds_until_license_expiry allows you to monitor the status of a cluster's Enterprise license. #129052.

  • Added the changefeed.total_ranges metric, which monitors the number of ranges that are watched by changefeed aggregators. It shares the same polling interval as changefeed.lagging_ranges, which is controlled by the existing lagging_ranges_polling_interval option. #130897

SQL language changes

  • Added a session setting, optimizer_use_merged_partial_statistics which defaults to false. When set to true, it enables usage of existing partial statistics merged with full statistics when optimizing a query. #126948
  • The enable_create_stats_using_extremes session setting is now true by default. Partial statistics at extremes can be collected using the CREATE STATISTICS <stat_name> ON <column_name> FROM <table_name> USING EXTREMES syntax. #127850
  • Added SHOW SCHEMAS WITH COMMENT and SHOW SCHEMAS FROM database_name WITH COMMENT functionality similar to SHOW TABLES and SHOW DATABASES. #127816
  • The deadlock_timeout session variable is now supported. The configuration can be used to specify the time to wait on a lock before pushing the lock holder for deadlock detection. It can be set at session granularity. #128506
  • Partial statistics at extremes can now be collected on all valid columns of a table using the CREATE STATISTICS <stat_name> FROM <table_name> USING EXTREMES syntax, without an ON <col_name> clause. Valid columns are all single column prefixes of a forward index excluding partial, sharded, and implicitly partitioned indexes. #127836
  • Partial statistics can now be automatically collected at the extremes of indexes when a certain fraction and minimum number of rows are stale (by default 5% and 100 respectively). These can be configured with new table storage parameters and cluster settings, and the feature is disabled by default. The new cluster settings and table parameters are:
    • sql.stats.automatic_partial_collection.enabled/sql_stats_automatic_partial_collection_enabled, defaults to false.
    • sql.stats.automatic_partial_collection.min_stale_rows/sql_stats_automatic_partial_collection_min_stale_rows, defaults to 100.
    • sql.stats.automatic_partial_collection.fraction_stale_rows/sql_stats_automatic_partial_collection_fraction_stale_rows, Defaults to 0.05. #93067
  • The session variable enforce_home_region_follower_reads_enabled is now deprecated, and will be removed in a future release. The related session variable enforce_home_region is not deprecated. #129024
  • Added a new cluster setting to control whether most common values are collected as part of histogram collection for use by the optimizer. The setting is called sql.stats.histogram_buckets.include_most_common_values.enabled. When enabled, the histogram collection logic will ensure that the most common sampled values are represented as histogram bucket upper bounds. Since histograms in CockroachDB track the number of elements equal to the upper bound in addition to the number of elements less, this allows the optimizer to identify the most common values in the histogram and better estimate the rows processed by a query plan. To set the number of most common values to include in a histogram, a second setting sql.stats.histogram_buckets.max_fraction_most_common_values was added. Currently, the default is 0.1, or 10% of the number of buckets. With a 200 bucket histogram, by default, at most 20 buckets may be adjusted to include a most common value as the upper bound. #129378
  • Added a new column to crdb_internal.table_spans to indicate whether a table is dropped. Rows for dropped tables will be removed once they are garbage collected. #128788
  • Added the cluster setting sql.txn.repeatable_read_isolation.enabled, which defaults tofalse. When set to true, the following statements will configure transactions to run under REPEATABLE READ isolation, rather than being automatically interpreted as SERIALIZABLE:

    • SET default_transaction_isolation = 'repeatable read'

    This setting was added since REPEATABLE READ transactions is a preview feature, so usage of it is opt-in for v24.3. In a future CockroachDB major version, this setting will change to default to true. #130089

  • Previously, SHOW CHANGEFEED JOBS showed the changefeed jobs for the last 14 days by default. Now, it uses the same age filter for SHOW JOBS, which shows jobs from the last 12 hours by default. #127584

  • Set the default for session variable large_full_scan_rows to 0. This means that by default, disallow_full_table_scans will disallow all full table scans, even full scans on very small tables. If large_full_scan_rows is set > 0, disallow_full_table_scans will allow full scans estimated to read fewer than large_full_scan_rows. #131040

  • It is now possible to create PL/pgSQL trigger functions, which can be executed by a trigger in response to table mutation events. Note that this patch does not add support for triggers, only trigger functions. #126734

  • Cluster settings enterprise.license and diagnostics.reporting.enabled now have additional validation. #131097

  • The SHOW SESSIONS command was changed to include an authentication_method column in the result. This column will show the method used to authenticate the session, for example, password, cert, LDAP, etc. #131625

Operational changes

  • Events DiskSlownessDetected and DiskSlownessCleared are now logged when disk slowness is detected and cleared on a store. #127025
  • Several cluster settings allow you to configure rate-limiting traffic to cloud storage over various protocols. These settings begin with cloudstorage. #127207
  • The new cluster setting kv.range.range_size_hard_cap allows you to limit how large a range can grow before backpressure is applied. This can help to mitigate against a situation where a range cannot be split, such as when a range is comprised of a single key due to an issue with the schema or workload pattern or a bug in client application code. The default is 8 GiB, which is 16 times the default max range size. If you have changed the max range size, you may need to adjust this cluster setting or reduce the range size. #129450
  • The following kvflowcontrol metrics have been renamed. After a cluster is finalized on v24.3, old and new metrics will be populated. The previous metrics under kvasdmission.flow_controller will be removed.

    Old metric names New metric names
    kvadmission.flow_controller.regular_tokens_available kvflowcontrol.tokens.eval.regular.available
    kvadmission.flow_controller.elastic_tokens_available kvflowcontrol.tokens.eval.elastic.available
    kvadmission.flow_controller.regular_tokens_deducted kvflowcontrol.tokens.eval.regular.deducted
    kvadmission.flow_controller.elastic_tokens_deducted kvflowcontrol.tokens.eval.elastic.deducted
    kvadmission.flow_controller.regular_tokens_returned kvflowcontrol.tokens.eval.regular.returned
    kvadmission.flow_controller.elastic_tokens_returned kvflowcontrol.tokens.eval.elastic.returned
    kvadmission.flow_controller.regular_tokens_unaccounted kvflowcontrol.tokens.eval.regular.unaccounted
    kvadmission.flow_controller.elastic_tokens_unaccounted kvflowcontrol.tokens.eval.elastic.unaccounted
    kvadmission.flow_controller.regular_stream_count kvflowcontrol.streams.eval.regular.total_count
    kvadmission.flow_controller.elastic_stream_count kvflowcontrol.streams.eval.elastic.total_count
    kvadmission.flow_controller.regular_requests_waiting kvflowcontrol.eval_wait.regular.requests.waiting
    kvadmission.flow_controller.elastic_requests_waiting kvflowcontrol.eval_wait.elastic.requests.waiting
    kvadmission.flow_controller.regular_requests_admitted kvflowcontrol.eval_wait.regular.requests.admitted
    kvadmission.flow_controller.elastic_requests_admitted kvflowcontrol.eval_wait.elastic.requests.admitted
    kvadmission.flow_controller.regular_requests_errored kvflowcontrol.eval_wait.regular.requests.errored
    kvadmission.flow_controller.elastic_requests_errored kvflowcontrol.eval_wait.elastic.requests.errored
    kvadmission.flow_controller.regular_requests_bypassed kvflowcontrol.eval_wait.regular.requests.bypassed
    kvadmission.flow_controller.elastic_requests_bypassed kvflowcontrol.eval_wait.elastic.requests.bypassed
    kvadmission.flow_controller.regular_wait_duration kvflowcontrol.eval_wait.regular.duration
    kvadmission.flow_controller.elastic_wait_duration kvflowcontrol.eval_wait.elastic.duration


  • The new ranges.decommissioning metric shows the number of ranges with a replica on a decommissioning node. #130117

  • New cluster settings have been added which control the refresh behavior for the cached data in the Databases page of the DB Console:

    • obs.tablemetadatacache.data_valid_duration: the duration for which the data in system.table_metadata is considered valid before a cache reset will occur. Default: 20 minutes.
    • obs.tablemetadatacache.automatic_updates.enabled: whether to automatically update the cache according the validity interval. Default: false.


  • New gauge metrics security.certificate.expiration.{cert-type} and security.certificate.ttl.{cert-type} show the expiration and TTL for a certificate. #130110

  • To set the logging format for stderr, you can now set the format field to any valid format, rather than only crdb-v2-tty. #131529

  • The following new metrics show connection latency for each SQL authentication method:

    Authentication method Metric
    Certificate auth_cert_conn_latency
    Java Web Token (JWT) auth_jwt_conn_latency
    Kerberos GSS auth_gss_conn_latency
    LDAP auth_ldap_conn_latency
    Password auth_password_conn_latency
    SCRAM SHA-256 auth_scram_conn_latency


  • Verbose logging of slow Pebble reads can no longer be enabled via the shorthand flag --vmodule=pebble_logger_and_tracer=2, where pebble_logger_and_tracer contains the CockroachDB implementation of the logger needed by Pebble. Instead, you must list the Pebble files that contain the log statements. For example --vmodule=reader=2,table=2. #127066

  • The lowest admission control priority for the storage layer has been renamed from ttl-low-pri to bulk-low-pri. #129564

  • New clusters will now have a zone configuration defined for the timeseries range, which specifies gc.ttlseconds and inherits all other attributes from the zone config of the default range. This zone config will also be added to a cluster that is upgraded to v24.3 if it does not already have a zone config defined.#128032

Command-line changes

DB Console changes

  • If a range is larger than twice the max range size, it will now display in the Problem Ranges page in the DB Console. #129001
  • Updated some metric charts on the Overview and Replication dashboards to omit verbose details in the legends for easier browsing. #129149
  • Updated the icon for notification alerts to use the new CockroachDB logo. #130333
  • The txn.restarts.writetoooldmulti metric was rolled into the txn.restarts.writetooold metric in the v24.1.0-alpha.1 release. txn.restarts.writetoooldmulti has now been removed altogether. #131642
  • The grants table in the DB Details page will now show the database level grants. For example, when clicking a database in the databases list. Previously, it showed grants per table in the database. #131250
  • Added new database pages that are available from the side navigation Databases link. #131594
  • The DB Console will reflect any throttling behavior from the cluster due to an expired license or missing telemetry data. Enterprise licenses are not affected. #131326
  • Users can hover over the node/region cell in multi-region deployments to view a list of nodes the database or table is on. #130704
  • The Databases pages in the DB console have been updated to read cached metadata about database and table storage statistics. The cache update time is now displayed in the top right-hand corner of the database and tables list pages. Users may trigger a cache refresh with the refresh icon next to the last updated time. The cache will also update automatically when users visit a Databases page and the cache is older than or equal to 20 minutes. #131463

Bug fixes

  • Fixed a bug where CockroachDB could incorrectly evaluate an IS NOT NULL filter if it was applied to non-NULL tuples that had NULL elements (like (1, NULL) or (NULL, NULL)). The bug was present since v20.2. #126901
  • Fixed a bug related to displaying the names of composite types in the SHOW CREATE TABLES command. The names are now shown as two-part names, which disambiguates the output and makes it more portable to other databases. #127158
  • The CONCAT() built-in function now accepts arguments of any data type. #127098
  • Fixed a bug that prevented merged statistics from being created after injecting statistics or recreating statement bundles. This would occur when the injected statistics or statement bundle contained related full and partial statistics. #127252
  • Fixed a bug where CockroachDB could encounter spurious (error encountered after some results were delivered) ERROR: context canceled errors in rare cases when evaluating some queries. The bug was present since v22.2. The conditions that triggered the bug were queries that:
    • Had to be executed locally.
    • Had a LIMIT.
    • Have at least two UNION clauses.
    • Have some lookup or index joins in the UNION branches. #127076
  • Updated the restore job description from RESTORE ... FROM to RESTORE FROM {backup} IN {collectionURI} to reflect the new RESTORE syntax. #127970
  • Fixed a bug that could cause a CASE statement with multiple subqueries to produces the side effects of one of the subqueries even if that subquery shouldn't have been evaluated. #120327
  • Changed the schema changer’s merge process so that it can detect contention errors and automatically retry with a smaller batch size. This makes the merge process more likely to succeed without needing to manually tune settings. #128201
  • SHOW CREATE ALL TYPES now shows corresponding type comments in its output. #128084
  • Enforce the statement_timeout session setting when waiting for jobs after a schema change in an implicit transaction. #128474
  • Fixed a bug where certain dropdowns in the DB Console appeared to be empty (with no options to select from) for users of the Safari browser. #128996
  • Fixed a bug that would cause the hlc_to_timestamp function to return an incorrect timestamp for some input decimals. #129153
  • Fixed a memory leak where statement insight objects could leak if the session was closed without the transaction finishing. #128400
  • Fixed a bug in the public preview WAL failover feature that could prevent a node from starting if it crashed during a failover. #129331
  • Fixed a bug where 'infinity'::TIMESTAMP returned a different result than PostgreSQL. #127141
  • Fixed a spurious error log from the replication queue involving the text " needs lease, not adding". #129351
  • Using more than one DECLARE statement in the definition of a user-defined function now correctly declares additional variables. #129951
  • Fixed a bug in which some SELECT FOR UPDATE or SELECT FOR SHARE queries using NOWAIT could still block on locked rows when using the optimizer_use_lock_op_for_serializable session setting under serializable isolation. This bug was introduced with optimizer_use_lock_op_for_serializable in v23.2.0. #130103
  • Fixed a bug in the upgrade pre-condition for repairing descriptor corruption that could lead to finalization being stuck. #130064
  • Fixed a bug that caused the optimizer to plan unnecessary post-query uniqueness checks during INSERT, UPSERT, and UPDATE statements on tables with partial, unique, hash-sharded indexes. These unnecessary checks added overhead to execution of these statements, and caused the statements to error when executed under READ COMMITTED isolation. #130366
  • Fixed a bug that caused incorrect evaluation of CASE, COALESCE, and IF expressions with branches producing fixed-width string-like types, such as CHAR. In addition, the BPCHAR type no longer incorrectly imposes a length limit of 1. #129007
  • Fixed a bug where zone configuration changes issued by the declarative schema changer were not blocked if a table had the schema_locked storage parameter set. #130670
  • Fixed a bug that could prevent a CHANGEFEED from being able to resume after being paused for a prolonged period of time. #130622
  • Fixed a bug where if a client connection was attempting a schema change while the same schema objects were being dropped, it was possible for the connection to be incorrectly dropped. #130928
  • Fixed a bug introduced in v23.1 that could cause incorrect results when:
    1. The query contained a correlated subquery.
    2. The correlated subquery had a GROUP BY or DISTINCT operator with an outer-column reference in its input.
    3. The correlated subquery was in the input of a SELECT or JOIN operator.
    4. The SELECT or JOIN had a filter that set the outer-column reference from (2) equal to a non-outer column in the input of the grouping operator.
    5. The grouping column set did not include the replacement column, and functionally determined the replacement column. #130925
  • Fixed a bug which could cause errors with the message "internal error: Non-nullable column ..." when executing statements under READ COMMITTED isolation that involved tables with NOT NULL virtual columns. #130725
  • Fixed a bug that could cause a very rare internal error "lists in SetPrivate are not all the same length" when executing queries. #130981
  • Fixed a bug that could cause incorrect evaluation of scalar expressions involving NULL values in rare cases. #128123
  • SHOW CREATE ALL SCHEMAS now shows corresponding schema comments in its output. #130164
  • Fixed a bug, introduced in v23.2.0, where creating a new incremental schedule (using ALTER BACKUP SCHEDULE) on a full backup schedule created on an older version would fail. #131231
  • Fixed a bug that could cause an internal error if a table with an implicit (rowid) primary key was locked from within a subquery like SELECT * FROM (SELECT * FROM foo WHERE x = 2) FOR UPDATE;. The error could occur either under READ COMMITTED isolation, or with the optimizer_use_lock_op_for_serializable session setting enabled. #129768
  • Fixed a bug where jobs created in a session with non-zero session timezone offsets could hang before starting, or report incorrect creation times when viewed in SHOW JOBS and the DB Console. #123632
  • Fixed a bug which could result in changefeeds using CDC queries failing due to a system table being garbage collected. #131027
  • ALTER COLUMN TYPE now errors out when there is a partial index that is dependent on the column being altered. #131590
  • Fixed a bug that prevented buffered file sinks from being included when iterating over all file sinks. This led to problems such as the debug zip command not being able to fetch logs for a cluster where buffering was enabled. #130158
  • Fixed a bug where backup schedules could advance a protected timestamp too early, which caused incremental backups to fail. #131358

Performance improvements

Build changes

  • Changed the AWS SDK version used for interactions with external storage from v1 to v2. #129938

Yes No
On this page

Yes No