Release Notes for v26.1-v26.1.0-beta.1

src/current/_data/releases.yml

@@ -10011,3 +10011,31 @@
     docker_arm_limited_access: false
   source: true
   previous_release: v25.4.0
+
+
+- release_name: v26.1.0-beta.1
+  major_version: v26.1
+  release_date: '2025-12-17'
+  release_type: Testing
+  go_version: go1.25.3
+  sha: e15b1ecc444676ba53266770e0b758de9ae72d22
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach-unstable
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v26.1.0-alpha.1

src/current/_data/versions.csv

@@ -20,4 +20,4 @@ v25.1,2025-02-18,2025-08-18,N/A,N/A,N/A,N/A,N/A,N/A,v24.3,release-25.1,2029-02-1
 v25.2,2025-05-09,2026-05-12,2026-11-12,N/A,N/A,N/A,N/A,N/A,v25.1,release-25.2,2029-05-09
 v25.3,2025-08-04,2026-02-04,N/A,N/A,N/A,N/A,N/A,N/A,v25.2,release-25.3,2029-08-04
 v25.4,2025-11-03,2026-11-03,2027-05-03,N/A,N/A,N/A,N/A,N/A,v25.3,release-25.4,2029-11-03
-v26.1,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A,v25.4,release-25.4,N/A
+v26.1,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A,v25.4,release-26.1,N/A

src/current/_includes/releases/v26.1/v26.1.0-beta.1.md

@@ -0,0 +1,261 @@
+## v26.1.0-beta.1
+
+Release Date: December 17, 2025
+
+{% include releases/new-release-downloads-docker-image.md release=include.release %}
+
+<h3 id="v26-1-0-beta-1-security-updates">Security updates</h3>
+
+- A new `debug_user` certificate can now be used
+  for privileged RPC access to collect debug information. The debug_user must be
+  created manually using the `CREATE USER` command and can be audited using the
+  `SHOW USERS` command. This user has privileged access to `serverpb` admin and
+  status endpoints required for debug zip collection. [#155216][#155216]
+- We will be adding a new flag
+  `--disallow-root-login` to the cockroach start command to explicitly allow
+  restricting the root user from logging into the system. This change affects the
+  [unstated, unchangeable root access
+  rule](https://www.cockroachlabs.com/docs/stable/security-reference/authentication#the-unstated-unchangeable-root-access-rule)
+  as part of compliance requirements. This flag is currently experimental and also
+  needs an additional user setup for debug zip collection as disabling the root
+  user affects the debug zip service. We currently do not validate if this user is
+  set up or not.
+
+  Note: Care must be taken to ensure none of the certificates that are in use by
+  the cluster or the SQL/RPC clients have a root in the SAN fields since the flag
+  will block access to that client. [#155216][#155216]
+- We are adding a new flag
+   `--allow-debug-user` to the cockroach start command to explicitly allow
+   enabling the debug_user to log into the system. This flag is currently
+   experimental and is disabled by default. When not set, authentication
+   attempts by `debug_user` will be rejected with an error: `"certificate
+   authentication failed for user "debug_user""` for SQL connections and
+   `"failed to perform RPC, as debug_user login is not allowed"` for RPC
+   connections.
+
+   This flag is intended for debugging and troubleshooting purposes and should
+   only be enabled when necessary for diagnostic operations. The debug_user
+   should be disabled when not actively in use.
+
+   Note: Certificates must include "debug_user" as one of the principals
+   (CommonName or SubjectAlternativeName) for this functionality. The flag
+   controls whether such certificates are accepted for both SQL client
+   connections and RPC connections. [#158963][#158963]
+
+<h3 id="v26-1-0-beta-1-{{-site.data.products.enterprise-}}-edition-changes">{{ site.data.products.enterprise }} edition changes</h3>
+
+- Improved the description of the
+  changefeed.default_range_distribution_strategy cluster setting to better
+  explain the available options and their behavior.
+
+  Epic: None [#158602][#158602]
+
+<h3 id="v26-1-0-beta-1-sql-language-changes">SQL language changes</h3>
+
+- Add new session variable `use_swap_mutations`
+  which controls whether the new update swap and delete swap operators are
+  enabled for use by UPDATE and DELETE statements. [#145019][#145019]
+- Fixed a bug where the results of `ALTER SEQUENCE`'s increment and `SELECT nextval()` operations were not as expected. The value of a sequence after an `ALTER SEQUENCE` statement has executed on it is now consistent with a sequence created with those values. [#154489][#154489]
+- SQL statements executed in stored procedures and user-defined functions now record SQL statistics, including latencies and execution metrics. These statistics appear on the **SQL Activity** and **Insights** pages of the DB Console. Limitation: SQL statements within a stored procedure or user-defined function are not collected for active statement diagnostics requests. Statement diagnostics remain available for top-level statement executions. [#156905][#156905]
+- `crdb_internal.index_usage_stats` and `crdb_internal.datums_to_bytes` are now available in the `information_schema` system catalog as `information_schema.crdb_index_usage_stats` and `information_schema.crdb_datums_to_bytes`, respectively. [#156963][#156963]
+- The `ALTER COLUMN ...` sequence identity
+  commands are run by the declarative schema changer. [#157030][#157030]
+- The `cumulative time spent waiting in admission control` is now displayed in `EXPLAIN ANALYZE` output when it is non-zero. This helps identify delays caused by admission control during query execution. [#158055][#158055]
+- Restarting a sequence with an updated increment has the expected initial value. [#158065][#158065]
+- The `cumulative time spent waiting in admission control` reported in `EXPLAIN ANALYZE` now includes the time spent in quorum replication flow control. This update enhances the precision of wait time analysis, offering a more accurate depiction of query execution time by considering additional wait durations within the quorum replication processes. [#158076][#158076]
+- A new "hint injection" ability has been
+  added, which allows operators to dynamically inject inline hints into
+  statements, without modifying the text of those statements. Hints can be
+  injected using the builtin function `crdb_internal.inject_hint` with the
+  target statement fingerprint to rewrite. For example, to add an index
+  hint to the statement `SELECT * FROM my_table WHERE col = 3`, use:
+
+  ```
+  SELECT crdb_internal.inject_hint(
+    'SELECT * FROM my_table WHERE col = _',
+    'SELECT * FROM my_table@my_table_col_idx WHERE col = _'
+  );
+  ```
+
+  Whenever a statement is executed matching statement fingerprint `SELECT
+  * FROM my_table WHERE col = _`, it will first be rewritten to include
+  the injected index hint. [#158096][#158096]
+- `ALTER TABLE ... SET SCHEMA` is supported by the declarative schema changer. [#158141][#158141]
+- `kv cpu time` is now displayed in `EXPLAIN ANALYZE`, providing insights into the CPU resources used by KV operations during query execution. [#158499][#158499]
+- CockroachDB now negotiates the pgwire protocol version with PostgreSQL 18+ clients that request protocol version 3.2. Previously, connections from these clients would fail with an "unknown protocol version" error. The server now sends a `NegotiateProtocolVersion` message to indicate it supports version 3.0, allowing the connection to proceed normally. [#158636][#158636]
+- Added support for `EXECUTE SCHEDULE {schedule_id}` to allow immediate execution of a scheduled job. This does not apply to `ALTER BACKUP SCHEDULE`; attempting to execute a backup schedule will result in an error. [#158694][#158694]
+- `CREATE TYPE` with composite type syntax now supports array types in field definitions. For example, `CREATE TYPE t AS (a INT[])` and `CREATE TYPE t AS (a INT ARRAY)` now work correctly, matching PostgreSQL behavior. [#158888][#158888]
+- adds STRICT STORAGE LOCALITY option to backup cmd.
+  Subsequent commit hooks it up to backup flow. [#158999][#158999]
+- introduces the new STRICT option for locality aware
+  backups. When this flag is passed, the backup will fail if we attempt to backup
+  data that lives in a kv node with locality tag X into a bucket with a different
+  locality tag. [#158999][#158999]
+- CREATE CHANGEFEED FOR DATABASE statement will
+  return an error stating that the feature is not implemented. [#159000][#159000]
+- The `WITH RESOLVED TIMESTAMP` option can be passed to `SHOW JOBS` or `SHOW JOB` to include the resolved timestamp, if any, for the jobs in the output columns. [#159068][#159068]
+
+<h3 id="v26-1-0-beta-1-operational-changes">Operational changes</h3>
+
+- All queries to system and crdb_internal by
+  default will begin failing, notifying users that they must override the
+  access gate if they wish to use those namespaces.
+
+The `allow_unsafe_internals` setting now defaults to `false`, restricting access to the `system` and `crdb_internal` namespaces. Queries to these namespaces will now fail unless access is manually enabled. Usage is also audited. [#158085][#158085]
+- Jobs that are paused due to a specific reason, including jobs which pause themselves when encountering errors such as running out of disk space, now record that reason in their displayed status field of `SHOW JOBS`. [#158350][#158350]
+- The following metrics will be marked as essential
+  because they are needed for end user troubleshooting:
+  - auth.jwt.conn.latency
+  - auth.cert.conn.latency
+  - auth.password.conn.latency
+  - auth.ldap.conn.latency
+  - auth.gss.conn.latency
+  - auth.scram.conn.latency
+  - auth.ldap.conn.latency.internal [#158424][#158424]
+
+<h3 id="v26-1-0-beta-1-command-line-changes">Command-line changes</h3>
+
+- You can now specify a user-defined database user when generating `debug zip` and `debug tsdump` files. Use the `--user` and `--url` flags to set the username. Previously, these operations required the root user. This change provides backward compatibility by defaulting the username to `root`. This update is part of an ongoing effort to limit root user access. [#158961][#158961]
+
+<h3 id="v26-1-0-beta-1-db-console-changes">DB Console changes</h3>
+
+- The log of messages and events recorded by a job is now shown to non-admin users on the DB Console Jobs page. [#152853][#152853]
+- The DB Console now accurately displays **vCPU** counts on the **Overview** page instead of operating system CPU counts. This update uses cgroups to provide a correct vCPU measurement, reflecting reserved compute resources in Kubernetes and other virtualized environments. [#158219][#158219]
+- Jobs which are paused for a specific reason now show that reason, and are highlighted in the UI. [#158364][#158364]
+- The `kvCPUTimeNanos` is now recorded in `crdb_internal.statement_statistics` and `crdb_internal.transaction_statistics`. In the DB Console, a **KV CPU Time** column is now displayed in the **SQL Activity** > **Statements** and **Transactions** pages, allowing you to monitor and analyze the CPU time consumed by KV operations during query execution. [#158398][#158398]
+- The `admissionWaitTime` is now recorded in `crdb_internal.statement_statistics` and `crdb_internal.transaction_statistics`. In the DB Console, an **Admission Wait Time** column is now displayed in the **SQL Activity** > **Statements** and **Transactions** pages. [#158500][#158500]
+
+<h3 id="v26-1-0-beta-1-bug-fixes">Bug fixes</h3>
+
+- Fixed a bug that could cause an internal error
+  in some cases for PL/pgSQL routines that perform database reads within
+  an exception block. [#156902][#156902]
+- Fixed a bug existing since SQL statements with
+  INTO clause were introduced for PL/pgSQL routines in v23.2. The bug could
+  cause a SQL statement with side effects (e.g. INSERT) to be dropped if
+  none of the target variables from the INTO clause were referenced. [#156966][#156966]
+- Fixed a bug where renaming a column that participated in multiple hash-sharded indexes would fail. [#158045][#158045]
+- Fixed a bug where `ORDER BY` clauses in user-defined set-returning SQL functions with `OUT` parameters were ignored when the function was called directly in a `SELECT` list (e.g., `SELECT f()`). The ordering is now properly preserved and enforced. [#158162][#158162]
+- The pgwire server now exits promptly on context cancellation. [#158269][#158269]
+- CockroachDB could previously hit a bounded
+  memory leak when collecting table statistics on a table that had both
+  very wide (10KiB or more) and relatively small (under 400B) BYTES-like
+  values within the same row as well as virtual computed columns. This
+  has been present since introduction of stats collection on virtual
+  computed columns in 24.1. [#158370][#158370]
+- Temporary schema cleanup no longer retries after poisoned transaction errors, reducing log noise. [#158396][#158396]
+- When changing the time interval on the **Metrics** page, the DB Console previously sent duplicate requests for metrics data. This has been fixed, and the UI now issues a single, efficient request when updating the time interval. [#158595][#158595]
+- Fixed a bug where issuing a noop schedule modification
+  could skip the next incremental backup
+
+  Fixes: #158296 [#158820][#158820]
+- Fixed a bug that caused routines to prevent
+  dropping more columns than necessary, most notably columns referenced
+  by computed column expressions. The fix is gated behind the session
+  setting `use_improved_routine_deps_triggers_and_computed_cols`, which
+  is off by default prior to v26.1. [#158935][#158935]
+- Fixed a bug that allowed a column to be dropped from
+  its table despite being referenced by a routine. The bug could happen when the
+  column was only referenced as a target column in the SET clause of an UPDATE
+  statement within the routine. This fix only applies to newly-created routines.
+  In versions prior to v26.1, the fix must be enabled by setting the session
+  variable `prevent_update_set_column_drop`. [#158935][#158935]
+- A bug has been fixed which could cause incorrect
+  results. The bug has existed since v21.2. From v21.2 up to v25.3, the
+  bug only presented when all of the following were true:
+    - The query was run with an explicit or implicit prepared statement.
+    - The query had an equality filter on a placeholder and a UNIQUE
+      column.
+    - The column contained NULL values.
+    - The placeholder was assigned to NULL during execution.
+  In this case, the query could return rows in which the column's value is
+  NULL, which violates SQL NULL-equality semantics. The correct result set
+  should always be empty.
+  Starting in v25.4, the requirements were loosened slightly. It was no
+  longer necessary for the column to be UNIQUE. The bug could reproduce if
+  the column was included in any index. [#159001][#159001]
+- Fixed a bug where the `schema_locked` table storage parameter could be bypassed by combining `SET (schema_locked=false)` with other schema changes in the same `ALTER TABLE` statement using comma syntax. Schema-locked tables now correctly reject such combined statements. [#159017][#159017]
+
+<h3 id="v26-1-0-beta-1-performance-improvements">Performance improvements</h3>
+
+- Triggers now perform the descriptor lookup for `TG_TABLE_SCHEMA` against a cache. This can significantly reduce trigger planning latency in multi-region databases. [#144217][#144217]
+- Add new `update swap` and
+  `delete swap` operators which allow some UPDATE and DELETE statements to
+  execute in 1 round trip instead of 2 round trips. For now, these
+  operators can be used when:
+
+  - all columns in the primary index are constrained to a single exact value
+    by the WHERE clause;
+  - only a single row is modified;
+  - there are no FK checks or cascades;
+  - there are no uniqueness checks;
+  - there are no check constraints;
+  - there are no vector indexes modified;
+  - there are no passthrough columns to RETURNING;
+  - there are no triggers;
+  - the table only uses a single column family;
+  - there are no mutation columns or mutation indexes (i.e. the table is
+    not undergoing an ALTER);
+  - there are no columns using composite encoding (e.g. DECIMAL, FLOAT,
+    JSON, etc).
+
+  We may lift some of these restrictions in future releases. [#145019][#145019]
+- The optimizer now collapses
+  repeated "%" wildcard characters in LIKE patterns. This may improve
+  performance of queries with theses types of LIKE patterns.
+
+  Co-authored-by: Daniel Hix <danieljacobhix@gmail.com>
+  Co-authored-by: Sriram <sriraam2000na@gmail.com>
+  Co-authored-by: Marcus Gartner <magartner@gmail.com>
+  Co-authored-by: dils2k <dils.matchanov@gmail.com> [#158025][#158025]
+- More of the CPU usage of LDR jobs is subject to background job admission control limits. [#158361][#158361]
+- After triggers now perform the
+  descriptor lookup for `TG_TABLE_SCHEMA` against a cache. This can
+  significantly reduce trigger planning latency. [#158708][#158708]
+
+
+[#158963]: https://github.com/cockroachdb/cockroach/pull/158963
+[#157030]: https://github.com/cockroachdb/cockroach/pull/157030
+[#158499]: https://github.com/cockroachdb/cockroach/pull/158499
+[#159000]: https://github.com/cockroachdb/cockroach/pull/159000
+[#159068]: https://github.com/cockroachdb/cockroach/pull/159068
+[#158085]: https://github.com/cockroachdb/cockroach/pull/158085
+[#158424]: https://github.com/cockroachdb/cockroach/pull/158424
+[#158269]: https://github.com/cockroachdb/cockroach/pull/158269
+[#158935]: https://github.com/cockroachdb/cockroach/pull/158935
+[#159017]: https://github.com/cockroachdb/cockroach/pull/159017
+[#156905]: https://github.com/cockroachdb/cockroach/pull/156905
+[#158364]: https://github.com/cockroachdb/cockroach/pull/158364
+[#158370]: https://github.com/cockroachdb/cockroach/pull/158370
+[#158708]: https://github.com/cockroachdb/cockroach/pull/158708
+[#158055]: https://github.com/cockroachdb/cockroach/pull/158055
+[#158065]: https://github.com/cockroachdb/cockroach/pull/158065
+[#158096]: https://github.com/cockroachdb/cockroach/pull/158096
+[#158694]: https://github.com/cockroachdb/cockroach/pull/158694
+[#156902]: https://github.com/cockroachdb/cockroach/pull/156902
+[#156966]: https://github.com/cockroachdb/cockroach/pull/156966
+[#158820]: https://github.com/cockroachdb/cockroach/pull/158820
+[#145019]: https://github.com/cockroachdb/cockroach/pull/145019
+[#158636]: https://github.com/cockroachdb/cockroach/pull/158636
+[#158888]: https://github.com/cockroachdb/cockroach/pull/158888
+[#158961]: https://github.com/cockroachdb/cockroach/pull/158961
+[#158045]: https://github.com/cockroachdb/cockroach/pull/158045
+[#158396]: https://github.com/cockroachdb/cockroach/pull/158396
+[#159001]: https://github.com/cockroachdb/cockroach/pull/159001
+[#144217]: https://github.com/cockroachdb/cockroach/pull/144217
+[#155216]: https://github.com/cockroachdb/cockroach/pull/155216
+[#158602]: https://github.com/cockroachdb/cockroach/pull/158602
+[#158141]: https://github.com/cockroachdb/cockroach/pull/158141
+[#158350]: https://github.com/cockroachdb/cockroach/pull/158350
+[#152853]: https://github.com/cockroachdb/cockroach/pull/152853
+[#158219]: https://github.com/cockroachdb/cockroach/pull/158219
+[#158595]: https://github.com/cockroachdb/cockroach/pull/158595
+[#158025]: https://github.com/cockroachdb/cockroach/pull/158025
+[#158361]: https://github.com/cockroachdb/cockroach/pull/158361
+[#154489]: https://github.com/cockroachdb/cockroach/pull/154489
+[#156963]: https://github.com/cockroachdb/cockroach/pull/156963
+[#158076]: https://github.com/cockroachdb/cockroach/pull/158076
+[#158999]: https://github.com/cockroachdb/cockroach/pull/158999
+[#158398]: https://github.com/cockroachdb/cockroach/pull/158398
+[#158500]: https://github.com/cockroachdb/cockroach/pull/158500
+[#158162]: https://github.com/cockroachdb/cockroach/pull/158162