🔔 Project-level Service Accounts & Workload Identities

We introduce project-level Service Accounts and Workload Identities in addition to the existing workspace-level scope. This enables project-scoped machine identities to follow least privilege and reduce automation blast radius, while clearly separating machine identities from users and aligning them with the resource hierarchy.

• UI & scope changes

  • Workspace Members page now has separate tabs for Users&Groups, Service Accounts, and Workload Identities.
  • Service accounts and workload identities can now be created at both workspace and project levels, governed by their respective IAM policies.
  • Project-level identities are scoped to a single project to enable isolated automation.
  • The account selector for role assignment now supports users, groups, service accounts, and workload identities. Service accounts and workload identities require entering the full email address.

• Breaking changes (API / Terraform users)

  • Machine identities are managed via dedicated APIs (ServiceAccountService, WorkloadIdentityService) instead of the User API.
  • IAM member prefixes updated:
    user:{email} → serviceAccount:{email} / workloadIdentity:{email}
  • Workspace-level Service Account and Workload Identity APIs now require explicit parent workspaces/- instead of an empty string.
    Affected APIs: CreateServiceAccount, ListServiceAccounts, CreateWorkloadIdentity, ListWorkloadIdentities.
    Endpoint change:
    /v1/serviceAccounts → /v1/workspaces/-/serviceAccounts
  • Terraform users must update IAM member prefixes and use the new service account/workload identity resources.

🔔 Other Notable Changes

• SQL Editor settings consolidation & policy updates

  • Add a dedicated SQL Editor section under Workspace Settings > General, consolidating data export, data copying, admin data source access, max result size, max result rows, and max query time.
  • Max result rows can also be configured at the project level.
  • DataSourceQueryPolicy is merged into QueryDataPolicy and deprecated (auto-migrated).
  • DDL/DML execution control is now configured at the project role level using bb.sql.ddl and bb.sql.dml permissions. The previous disallow_ddl / disallow_dml environment policy is removed.
  • For Terraform users, the settings update also affect Terraform, need to update bytebase_policy configuration. Latest provider documentation

• Role & permission adjustments

  • Add bb.taskRuns.create permission to the Project Owner role.
  • Remove bb.rollouts.create permission from the Project Developer role (use Project Releaser or Project Owner).
  • Allow managing project IAM policy without the Project Owner role.

• Online migration configuration change

  • Move gh-ost configuration from Plan spec to SQL directive in sheet content (-- gh-ost = { ... }).
  • Remove enable_ghost and ghost_flags from ChangeDatabaseConfig in the Plan API.

• Execution & validation improvements

  • Skip DML dry-run checks when DDL statements are present to reduce false positives. Primarily applied to SQL Review rule Validate the executability of DML statements.

• Cleanup & removals

  • Remove the Archived page (archived projects and instances now appear directly in the dashboard).
  • Remove auto_enable_backup and skip_backup_errors from project settings.
  • Deprecate the legacy issue page and route.

🚀 Features

• MongoDB

  • Use native driver for queries by default, with fallback to mongosh.
  • SQL Editor now supports auto-complete, current statement highlighting, and syntax checking.
  • Support statement-type access control in SQL Editor, allowing administrators to control Read and Write permissions.

• Elasticsearch

  • Support statement-type access control in SQL Editor, allowing administrators to control Read and Write permissions.

🎄 Enhancements

• SQL Editor query results support multi-select via Cmd/Ctrl + Click for rows and columns. Copied data now includes column names.
• Improve the SQL Editor database connection panel layout.
• Normalize Unicode emails to prevent creating accounts with visually identical but technically different addresses.

🐞 Bug Fixes

• Fix access token refresh on SQL Editor LSP websocket reconnection.
• Fix incorrect Learn More link for online migration.
• Google Cloud SQL - Fix IAM authentication while creating instances in Bytebase Cloud.
• PostgreSQL - Support CTE for Backup.

3.14.1...3.15.0

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🎄 Enhancements

• Improve result masking performance for queries spanning multiple databases, and enhance masking coverage.
• Show rollout link whenever plan has a rollout, regardless of issue status.
• Google Cloud SQL — Support IAM authentication for connections.
• Azure SCIM — Enhance SCIM PATCH API and fix SCIM sync issues.

🐞 Bug Fixes

• Fix database group SQL checks bypassed issue.
• Fix export data issues: add task actions (Run/Retry, Skip, Cancel) and fix skip/download functionality.
• Fix page table showing errors from corrupted localStorage page size.
• Fix minor issues for IM integration: direct messaging not working for new installation and settings page not showing configured data.
• Fix missing users and approvers in some webhook notifications.
• Fix nested transaction patterns that could cause deadlocks under high concurrency.

3.14.0...3.14.1

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🔔 Notable Changes

• Redesign the database CI/CD workflow to align with industry practices (GitHub, GitLab) by clearly separating CI (review) and CD (deployment) phases:

  • Issue page now displays plan changes directly - no more context switching between tabs.
  • Rollout is now a standalone deployment page, clearly separating review from execution.
  • Rollout UI now supports release-based tasks — showing per-file execution status, command duration, and release info in task items.
  • Rollout creation: previously rollout is created at the same time when issue is created, but now it's creation is decoupled from issue creation, with 2 creation modes: 1) automatic creation, if issue is approved AND SQL review check pass; 2) user can manually create in other cases (most common case, issue approved BUT review not passed, and there should be an action button).
  • As a result of mode 2, project releaser might need to create rollout manually before executing rollout, so bb.rollouts.create permission is added to project releaser role. All custom roles for rollout initiation are advised to be assigned bb.rollouts.create permission. This permission only controls who can create a rollout; it does not bypass approval requirements or task execution.

• Update Project Webhook events. Please review the documentation for the current list of supported events to ensure your listeners remain compatible.

• Improve permission guards and access control:

  • Stop hiding UI elements when users lack permissions and show a no permission alert instead. Allow users with bb.issues.create permission to request Project roles directly from the UI.
  • Allow Project Owners to disable the self-service role request workflow in Project Settings.
  • Introduce more granular permission management:
    • Add new policy permissions:
      • bb.policies.getMaskingRulePolicy
      • bb.policies.updateMaskingRulePolicy
      • bb.policies.createMaskingRulePolicy
      • bb.policies.deleteMaskingRulePolicy
      • bb.policies.getMaskingExemptionPolicy
      • bb.policies.updateMaskingExemptionPolicy
      • bb.policies.createMaskingExemptionPolicy
      • bb.policies.deleteMaskingExemptionPolicy
    • Add new settings permissions:
      • bb.settings.getEnvironment
      • bb.settings.setEnvironment
      • bb.settings.getWorkspaceProfile
      • bb.settings.setWorkspaceProfile
    • Permission assignments are updated accordingly:
      • The Workspace Admin and DBA receive all these new permissions.
      • The Project Owner receives the new policy permissions.
      • The Workspace Member receives bb.settings.getEnvironment and bb.settings.getWorkspaceProfile.
  • Tighten Workspace Members permissions:
    • Revoke bb.settings.get, bb.settings.list, bb.projects.list.
    • If Workspace Members should not access the user list, create a custom role and revoke bb.users.list and bb.users.get.

• Redesign the Database Changelog and Revision pages.

• Remove Schema Drift Detection feature:

  • Remove drifted field from Database message in v1/database_service.proto.
  • Remove drifted filter option from ListDatabases API (previously supported drifted == true filter).
  • Remove dump_version field from ChangelogPayload in store proto.

• Update core APIs CreateSheet, CreatePlan, CreateRollout, and CreateRelease, please refer to the latest API documentation for updated request/response definitions.

• Remove auto_resolve_issue and allow_modify_statement from Project Settings.

• Remove maximum_connections from Instance Settings and use Parallel tasks per rollout in Project Settings instead.

• Unify TRUNCATE_TABLE and TRUNCATE into a single TRUNCATE statement type for Custom Approval CEL expressions.

• Update Terraform provider:

  • Remove allow_modify_statement and auto_resolve_issue from the project resource.
  • Remove auto_resolve_issue from the workspace_profile setting resource.
  • Remove maximum_connections from the instance resource.
  • The notification_types in the project webhook are changed to ISSUE_CREATED, ISSUE_APPROVAL_REQUESTED, ISSUE_SENT_BACK, PIPELINE_FAILED and PIPELINE_COMPLETED.
  • Support configure allow_request_role, data_classification_config_id, enforce_sql_review, force_issue_labels, issue_labels, labels, require_issue_approval, require_plan_check_no_error for the project resource.

• Releases are now identified by release_id (e.g., my-release-RC00) with automatic train/RC iteration numbering. The title, digest fields are removed from the Release API, and UpdateRelease returns UNIMPLEMENTED. For Terraform, update bytebase_release resource if using title or digest fields.

🚀 Features

• Add refresh token support (previously only access tokens were supported).
• Allow configuring Access token duration and Refresh token duration (previously the sign-in frequency setting).
• Allow setting No approval required in approval rules when configured conditions are met.
• Support Workload Identity with GitLab.

🎄 Enhancements

• Add list sorting for projects, instances, and databases.
• Grant Exemption supports CEL expressions and includes a database selector.
• PostgreSQL - Support ENUM value additions via ALTER TYPE ... ADD VALUE in schema sync.
• MySQL - Prettify generated DDL statements.

🐞 Bug Fixes

• Fix AI setting cache modification issues.
• PostgreSQL – Fix cyclic foreign key dependency handling in schema diff.
• TiDB – Fix DML dry run handling for BATCH syntax.
• PostgreSQL – Fix using identifiers as SELECT target field aliases.
• Oracle – Fix SQL Review incorrectly flagging GRANT / REVOKE as reserved keywords.

3.13.1...3.14.0

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🎄 Enhancements

• Update SQL review template configuration.

🐞 Bug Fixes

• Fix issue label selector missing in new CI/CD layout.
• Fix rollout date filter not working.
• Fix SQL Editor horizontal scroll shortcut.
• Fix SQL review showing incorrect line numbers for multi-statement SQL.

3.13.0...3.13.1

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🔔 Notable Changes

• Consolidate DDL and DML changes so users no longer need to select them explicitly when initiating New Plan or configuring approval flow.
• Simplify approval workflows:
  • Approval flows are defined directly using CEL expressions, without intermediate risk definitions.
  • Risk level is automatically evaluated using a standardized assessment framework.
  • risk.level is an optional CEL factor for CHANGE_DATABASE approval flows.
  • For non-Terraform, existing approval flows are automatically migrated.
  • For Terraform, approval flows are defined via bytebase_setting (settings/WORKSPACE_APPROVAL) using approval_flow.rules.flow, and risk resources are removed.(e.g. approval_flow.tf)
• Update SQL review configuration for Terraform: (e.g. sql_review.tf)
  • SQL review rules use typed payload fields (number_payload, string_payload, string_array_payload, naming_payload, etc.).
  • Generic payload and comment fields are removed.
  • Rule level enums migrate from SQLReviewRuleLevel_WARNING/ERROR to SQLReviewRule_WARNING/ERROR.
• Move rollout policy checkers from environment to project level: Require issue approval and Plan check enforcement. Project settings are checked if any checker is previously used via automatic migration.
• Migrate user identifiers: User references change from users/{id} to users/{email} in APIs and storage. Audit logs store user emails directly.
• Rename Masking Exception to Masking Exemption:
  • APIs rename MaskingException to MaskingExemption.
  • The action field is removed.
  • member is replaced with a members list.
  • For Terraform, masking_exception_policy is renamed to masking_exemption_policy.
• Disallow Copy Policy now applies to Admin and DBA roles (previously exempted).
• Refine database group permissions:
  • Roles with bb.projects.get gain bb.databaseGroups.list/get.
  • Roles with bb.projects.update gain bb.databaseGroups.create/update/delete.
  • For Terraform, please update the permissions of custom roles accordingly.
• Update batch task APIs: The reason field is removed from BatchRunTasks and BatchCancelTaskRuns. reason is supported only for skip operations.
• Remove Schema Template functionality.

🚀 Features

• Support MCP integration.
• Add Workload Identity as a dedicated account type for OIDC-based authentication, with GitHub Actions support.
• Support direct messages for Microsoft Teams.

🎄 Enhancements

• Improve the rollout page with a timeline view, auto-expanded task details, and collapsible task run logs with auto-refresh.
• Allow filtering in SQL Editor results to quickly locate rows.
• Allow selecting a database group to query from in the SQL Editor.
• Snowflake - Support passphrase-protected private keys.
• PostgreSQL - Add event trigger sync and SDL support.
• Trino - Support TLS/SSL.
• Doris - Improve SQL parser compatibility.

3.12.2...3.13.0

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🎄 Enhancements

• Enhance database and query permission checks.
• Improve selector performance with lazy loading for large workspaces.
• SQL Server - Add visualized EXPLAIN support in SQL Editor.
• Doris - Improve syntax compatibility.

🐞 Bug Fixes

• Prevent DML statements from being incorrectly wrapped in CTEs in SQL Editor.
• Fix popup handling for database change statements in SQL Editor.
• Improve and isolate SQL Editor state management across browser tabs.
• Format Cassandra, Spanner, and ClickHouse result data instead of showing raw protobuf.

3.12.1...3.12.2

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🚀 Features

• Add stdout audit logger for integration with log aggregation systems.
• Add folder-based organization to Worksheets, including:
  • Nested folders with drag-and-drop reordering
  • Inline actions (rename, star/unstar, sharing)
  • Filters for worksheet types
• Add project-level data query policies (previously workspace-only).
• Support cross-account AWS IAM Authentication.
• PostgreSQL - Add AI-driven custom SDL review.

🔔 Notable changes

• Add TLS configuration support for Vault connections.

🎄 Enhancements

• Revamp issue search UI.
• Add GitOps Service Agent role for automated CI/CD workflows.
• PostgreSQL - Support SDL for materialized views, enum types, and extensions.
• BigQuery - Add dry-run support in SQL Editor to validate queries before execution.

3.12.0...3.12.1

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🚀 Features

• Add State-based GitOps workflow for PostgreSQL.
• Add support for IdP-initiated SSO flow.

🔔 Notable Changes

• Remove identity provider permissions from the Workspace DBA role.

• Remove support for URL-based secret retrieval via URL template format.

• Deprecate changelist feature.

• Add character length limits to prevent overly long entries and ensure data consistency. Length limits applied:

  • 200 characters: Titles and names (groups, issues, plans, projects, instances, users, etc.)
  • 1,000 characters: Short descriptions (group descriptions, operation reasons for cancel/skip/restart tasks)
  • 10,000 characters: Long descriptions (issue details, plan details)
  • 65,536 characters: Comments and long-form text (issue comments)

• Update APP_IM configuration format in API and UI.

  Before:

  {
  "slack": {
      "enabled": true,
      "token": "xxx"
  },
  "lark": {
      "enabled": true,
      ...
  },
  "feishu": {
      "enabled": true,
      ...
  }
  }

  After:

  {
  "settings": [
      {
      "type": "slack",
      "slack": {
          "token": "xxx"
      }
      },
      {
      "type": "lark",
      "lark": {}
      }
  ]
  }

🎄 Enhancements

• Issue comment editor now supports searching and linking to other issues within the same project.
• Support data export for multi-statement queries in SQL Editor.
• Enhance SSO state management to align with OAuth 2.0 best practices.
• Add 5-minute expiration for MFA temporary tokens.
• Clarify label types with explicit naming: Project Labels, Issue Labels, Database Labels.

🐞 Bug Fixes

• Fix the role selector reverting SQL edits during edit mode when the issue poller runs.
• Fix the false positive Primary Key missing error during SQL Review when adding a PK in a separate statement for PostgreSQL.

3.11.1...3.12.0

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🚀 Features

• Apache Doris - Add support for system views and functions in SQL Editor.
• Add support for configuring inactive session timeout.

🔔 Notable Changes

• Remove Check() RPC and SQL Review functionality in SQL Editor.
• Remove --check-plan option from bytebase-action rollout command.
• Enforce proper create permissions for allow_missing updates.

🎄 Enhancements

• Support editing migration type in draft plans.
• Support exporting results from multiple queries.
• Add banner notifications for approved issues ready to roll out.
• Show full signatures for functions and procedures instead of just names.
• Add HTTP security headers in all responses.

🐞 Bug Fixes

• Elasticsearch - Fix query parameter encoding in URLs.
• SQL Server - Fix IDENTITY column handling during backup/restore.

3.11.0...3.11.1

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.

🔔 Notable Changes

• Environment rollout policy update

  • Issue Creators and Last Issue Approvers can no longer roll out issues. Manual rollouts now require specifying workspace/project roles or users with the bb.taskRuns.create permission.
  • The force rollout mechanism has been replaced by configurable rollout requirements:
    • Require Issue Approval – ensures issues must be approved before rollout can proceed (default: enabled).
    • Plan Check Enforcement – controls rollout behavior based on plan check results (default: block on errors only).

• Deprecate bb.sql.export permission and roles/projectExporter role.

• Deprecate request.row_limit in the project IAM policy. Use maximum_result_rows in QueryDataPolicy instead.

• API

  • Standardize CEL attribute naming with prefixes: resource.*, statement.*, request.* (e.g., environment_id → resource.environment_id)
  • Unify risk levels to single RiskLevel enum; changed from integers (100, 200, 300) to strings (LOW, MODERATE, HIGH); CEL expressions migrate from format level == 300 to level == "HIGH"
  • Simplify approval template to singleton with flat role array; replace approval_finding_done/approval_finding_error with approval_status enum
  • Consolidate task types into DATABASE_MIGRATE (with migrate_type: DDL/DML/GHOST) and DATABASE_SDL. Split changelog Type into Type and MigrationType enums. Merged DatabaseSchemaUpdate and DatabaseDataUpdate into DatabaseUpdate.

• Terraform (provider version: 3.11.1)

  • Use RiskLevel enum instead of numeric values for level in bytebase_risk. Example: risk.tf
  • Remove disable_copy_data_policy; moved into query_data_policy as the disable_copy_data field. Example: environment.tf
  • Update structure of the approval_flow setting. Example: approval_flow.tf
  • Remove row_limit from bytebase_iam_policy setting.

• Remove Format on Save feature from SQL Editor.

🎄 Enhancements

• Support key-value instance labels.
• Optimize Schema Editor performance.
• Add pre-flight validation and circuit breaker to gh-ost workflow.
• AWS Elasticsearch – Add cross-account support.

🐞 Bug Fixes

• Add fallback behavior for PostgreSQL dump topological sorting to prevent blocking dump functionality.

3.10.1...3.11.0

Warning 1): Bytebase does not support in-place downgrade. Make sure to back up your metadata before upgrading. 2) Never run multiple containers on the same data directory. Stop and remove the old one first to avoid corruption.