Merge branch 'main' into sql-feature-support

src/current/_data/cloud_releases.csv

@@ -84,3 +84,4 @@ date,sha
 2024-04-09,null
 2024-04-17,null
 2024-04-18,null
+2024-05-12,null

src/current/_data/releases.yml

@@ -5965,13 +5965,6 @@
   major_version: v23.2
   release_date: '2024-05-07'
   release_type: Production
-  cloud_only: True
-  cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters'
-  cloud_only_message: >
-    This version is currently available only for select
-    CockroachDB Cloud clusters. To request to upgrade
-    a CockroachDB self-hosted cluster to this version,
-    [contact support](https://support.cockroachlabs.com/hc/en-us/requests/new).
   go_version: go1.22.0
   sha: 57ab10786d6ed277959c8990e2823772893ac873
   has_sql_only: true
@@ -5994,3 +5987,57 @@
     docker_arm_limited_access: false
   source: true
   previous_release: v23.2.4
+
+- release_name: v23.1.21
+  major_version: v23.1
+  release_date: '2024-05-07'
+  release_type: Production
+  go_version: go1.22.0
+  sha: fceb4cf5c378bfb53b3cf12c672716168192f1fe
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v23.1.20
+
+- release_name: v24.1.0-rc.1
+  major_version: v24.1
+  release_date: '2024-05-08'
+  release_type: Testing
+  go_version: go1.22.0
+  sha: 6205244e922606f85761dad2137b842f43a53716
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: true
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach-unstable
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v24.1.0-beta.3

src/current/_includes/cockroachcloud/first-org-user-roles.md

@@ -1,3 +1,10 @@
 {{site.data.alerts.callout_info}}
-The user who creates a new organization is assigned a combination of Org Administrator, Billing Coordinator, and Cluster Admin at the organization scope. Any of these roles may subsequently be removed, although another user must have the Org Administrator role and the Cluster Admin role at the organization scope, before either of those can be removed. This is to ensure that at least one user has each of these roles.
+The user who creates a new organization is assigned the following [roles]({% link cockroachcloud/authorization.md %}#organization-user-roles) at the organization scope:
+
+- [Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator)
+- [Billing Coordinator]({% link cockroachcloud/authorization.md %}#billing-coordinator)
+- [Cluster Administrator]({% link cockroachcloud/authorization.md %}#cluster-administrator)
+- [Folder Administrator]({% link cockroachcloud/authorization.md %}#folder-admin)
+
+Any of these roles may subsequently be removed by a user with both the Org Administrator role and the Cluster Admin role at the organization scope. This is to ensure that at least one user has both of these roles.
 {{site.data.alerts.end}}

src/current/_includes/cockroachcloud/limitations/limitation-ccloud-folders.md

@@ -0,0 +1 @@
+- It is not possible to use the `ccloud` command to view the {% if page.name == 'ccloud-get-started.md' %} [folder]({% link cockroachcloud/folders.md %}){% else %}folder{% endif %} structure, move a cluster or folder into or out of a folder, or assign the `FOLDER_ADMIN` or `FOLDER_MOVER` roles.

src/current/_includes/cockroachcloud/org-roles/folder-admin.md

@@ -0,0 +1,5 @@
+    A {% if page.name == 'authorization.md' %}**Folder Admin**{% else %}[**Folder Admin**]({% link cockroachcloud/authorization.md %}#folder-admin){% endif %} can create, rename, and move, or delete folders where they are granted the role, and they can also manage access to these folders. This role can be granted at the level of the organization or on a specific folder. If granted at the level of the organization, the role grants the ability to view all users and service accounts in the organization. If granted on a specific folder, the role is inherited by descendant folders.
+
+    A user with the {% if page.name == 'authorization.md' %}[Org Administrator](#org-administrator){% else %}[Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator){% endif %} role can grant themselves, another user, or a service account the Folder Admin role.
+
+    To create or manage clusters in a folder, a Folder Admin also needs the {% if page.name == 'authorization.md' %}[Cluster Administrator](#cluster-administrator) or [Cluster Creator](#cluster-creator){% else %}[Cluster Administrator]({% link cockroachcloud/authorization.md %}#cluster-administrator) or [Cluster Creator]({% link cockroachcloud/authorization.md %}#cluster-creator){% endif %} role on that folder directly or by inheritance. To delete a cluster, the Cluster Administrator role is required on the cluster directly or by inheritance.

src/current/_includes/cockroachcloud/org-roles/folder-mover.md

@@ -0,0 +1,7 @@
+    A {% if page.name == 'authorization.md' %}**Folder Mover**{% else %}[**Folder Mover**]({% link cockroachcloud/authorization.md %}#folder-mover){% endif %} can rename or move descendant folders, and can move clusters within the folder hierarchy where they have the role. However, a Folder Mover cannot create or delete folders or clusters, and cannot assign roles. A Folder Mover can move clusters within the folder hierarchy even if they do not have a role that allows them to connect to the cluster, such as {% if page.name == 'authorization.md' %}[Cluster Creator](#cluster-creator) or [Cluster Operator](#cluster-operator){% else %}[Cluster Administrator]({% link cockroachcloud/authorization.md %}#cluster-administrator) or [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator{% endif %}).
+
+    {{site.data.alerts.callout_info}}
+    A cluster cannot be renamed.
+    {{site.data.alerts.end}}
+
+    A user with the {% if page.name == 'authorization.md' %}[Org Administrator](#org-administrator) or [Folder Admin](#folder-admin){% else %}[Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator) or [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin){% endif %} role can grant another user or a service account the Folder Mover role. Because the Folder Admin role is a superset of Folder Mover, there is no need for a Folder Admin to grant themselves the Folder Mover role.

src/current/_includes/releases/cloud/2021-12-06.md

@@ -5,7 +5,6 @@
 - New CockroachDB {{ site.data.products.dedicated }} clusters will now run [v21.2.1]({% link releases/v21.2.md %}#v21-2-1).
 - CockroachDB {{ site.data.products.serverless }} clusters will now run CockroachDB [v21.2.0-beta.4]({% link releases/v21.2.md %}#v21-2-0-beta-4).
 - New CockroachDB {{ site.data.products.cloud }} clusters will now have [Admission Control](https://www.cockroachlabs.com/docs/v21.2/architecture/admission-control) enabled by default.
-- CockroachDB {{ site.data.products.dedicated }} clusters will now run on new [machine types and disks](https://www.cockroachlabs.com/docs/cockroachcloud/create-your-cluster#step-2-select-the-cloud-provider). Clusters created before December 1, 2021 will be transitioned to the new hardware configurations by the end of the month, and pricing may change slightly.
 
 <h3>Console changes</h3>
 

src/current/_includes/releases/cloud/2022-11-07.md

@@ -14,7 +14,6 @@
 
 - Added an icon next to a cluster's name on the [**Billing overview**](https://www.cockroachlabs.com/docs/cockroachcloud/billing-management) page to indicate when a cluster has been deleted.
 - The [**Database page**](https://www.cockroachlabs.com/docs/cockroachcloud/databases-page) in the CockroachDB {{ site.data.products.cloud }} Console now shows the last time table statistics were updated.
-- All new AWS clusters now use [`gp3` volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/general-purpose.html). Previously created AWS clusters still use `io1` volumes. AWS `gp3` volumes expose three parameters: storage amount, IOPS, and throughput.
 
 <h3> Cloud API changes </h3>
 

src/current/_includes/releases/cloud/2023-09-08.md

@@ -4,8 +4,6 @@
 
 - [Managed-service backups](https://www.cockroachlabs.com/docs/cockroachcloud/use-managed-service-backups?filters=dedicated) are now available for [CockroachDB {{ site.data.products.dedicated }} clusters on Azure (Limited Access)]({% link cockroachcloud/cockroachdb-dedicated-on-azure.md %}).
 
-- New CockroachDB {{ site.data.products.dedicated }} clusters on Azure now use [Dsv4-series VMs](https://learn.microsoft.com/azure/virtual-machines/dv4-dsv4-series).
-
 - You can now create new [multi-region](https://www.cockroachlabs.com/docs/stable/multiregion-overview) CockroachDB {{ site.data.products.dedicated }} clusters on Azure.
 
 {% capture regions_list %}

src/current/_includes/releases/cloud/2024-05-12.md

@@ -0,0 +1,7 @@
+## May 12, 2024
+
+<h3 id="2024-05-12-security-updates"> Security updates </h3>
+
+- [Folders]({% link cockroachcloud/folders.md %}) are now available in [preview](https://www.cockroachlabs.com/docs/stable/cockroachdb-feature-availability).
+- The initial [Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator) is now automatically assigned the [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin) role.
+- A [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin) can now view all users and service accounts.

src/current/_includes/releases/v23.1/v23.1.21.md

@@ -0,0 +1,58 @@
+## v23.1.21
+
+Release Date: May 7, 2024
+
+{% include releases/new-release-downloads-docker-image.md release=include.release %}
+
+<h3 id="v23-1-21-sql-language-changes">SQL language changes</h3>
+
+- The `FORCE_INVERTED_INDEX` hint causes the [optimizer]({% link v23.1/cost-based-optimizer.md %}) to prefer a query plan scan over any [inverted index]({% link v23.1/inverted-indexes.md %}) of the hinted table. An error is emitted if no such query plan can be generated. [#122301][#122301]
+- Introduced three new [cluster settings]({% link v23.1/cluster-settings.md %}) for controlling [table statistics]({% link v23.1/cost-based-optimizer.md %}#table-statistics) forecasting:
+    - [`sql.stats.forecasts.min_observations`]({% link v23.1/cluster-settings.md %}#setting-sql-stats-forecasts-min-observations) is the minimum number of observed statistics required to produce a forecast.
+    - [`sql.stats.forecasts.min_goodness_of_fit`]({% link v23.1/cluster-settings.md %}#setting-sql-stats-forecasts-min-goodness-of-fit) is the minimum R² (goodness of fit) measurement required from all predictive models to use a forecast.
+    - [`sql.stats.forecasts.max_decrease`]({% link v23.1/cluster-settings.md %}#setting-sql-stats-forecasts-max-decrease) is the most a prediction can decrease, expressed as the minimum ratio of the prediction to the lowest prior observation. [#122990][#122990]
+- Added a [session variable]({% link v23.1/set-vars.md %}) `optimizer_use_improved_multi_column_selectivity_estimate`, which if enabled, causes the [optimizer]({% link v23.1/cost-based-optimizer.md %}) to use an improved selectivity estimate for multi-column predicates. This setting will default to `true` on v24.2 and later, and `false` on prior versions. [#123068][#123068]
+
+<h3 id="v23-1-21-operational-changes">Operational changes</h3>
+
+- A minimum [Raft scheduler]({% link v23.1/architecture/replication-layer.md %}#raft) concurrency is now enforced per [store]({% link v23.1/architecture/storage-layer.md %}#overview) so that nodes with many stores do not spread workers too thinly. This helps to avoid high scheduler latency across replicas on a store when load is imbalanced. [#120797][#120797]
+
+<h3 id="v23-1-21-bug-fixes">Bug fixes</h3>
+
+- Fixed a bug introduced in v22.2.9 that could cause a slow memory leak that can accumulate when opening many new connections. [#121056][#121056]
+- [Sequence]({% link v23.1/create-sequence.md %}) options for `NO MINVALUE` and `NO MAXVALUE` now match [PostgreSQL behavior](https://www.postgresql.org/docs/current/sql-createsequence.html). Sequence `MINVALUE` and `MAXVALUE` now automatically adjust to the bounds of a new integer type in [`ALTER SEQUENCE ... AS`]({% link v23.1/alter-sequence.md %}), matching PostgreSQL behavior. [#121307][#121307]
+- Fixed a bug where the [timeseries graphs shown on the **SQL Activity Statement Fingerprint** page]({% link v23.1/ui-statements-page.md %}#charts) in the [DB Console]({% link v23.1/ui-overview.md %}) were not rendering properly. This involved fixing a bug related to setting the time range of the charts. [#121382][#121382] [#122235][#122235]
+- Fixed a bug where CockroachDB could incorrectly evaluate `IN` expressions that had `INT2` or `INT4` type on the left side, and values on the right side that were outside the range of the left side. The bug had been present since at least v21.1. [#121955][#121955]
+- Previously, on long-running [sessions]({% link v23.1/show-sessions.md %}) that issue many (hundreds of thousands or more) [transactions]({% link v23.1/transactions.md %}), CockroachDB's internal memory accounting system, the limit for which is configured via the [`--max-sql-memory` flag]({% link v23.1/cockroach-start.md %}#general) could leak. This bug, in turn, could result in the error message `"root: memory budget exceeded"` for other queries. The bug was present in v23.1.17 and is now fixed. [#121949][#121949] [#122235][#122235]
+- Reintroduced [cluster setting]({% link v23.1/cluster-settings.md %}) `sql.auth.modify_cluster_setting_applies_to_all.enabled` so that mixed-version clusters can migrate off of this setting, which is deprecated in favor of the privilege [`MODIFYSQLCLUSTERSETTING`]({% link v23.1/set-cluster-setting.md %}#required-privileges). [#122055][#122055] [#122635][#122635]
+- Fixed a bug where a [`GRANT ... ON ALL TABLES`]({% link v23.1/grant.md %}) statement could fail if sequences existed and they did not support a privilege (e.g., `BACKUP`). [#122057][#122057]
+- Fixed a bug where [client certificate authentication]({% link v23.1/authentication.md %}#client-authentication) combined with [identity maps]({% link v23.1/sso-sql.md %}#identity-map-configuration) (`server.identity_map.configuration`) did not work. For the feature to work correctly, the client must specify a valid database user in the [connection string]({% link v23.1/connection-parameters.md %}). This bug had been present since v23.1. [#122746][#122746]
+- Statistics forecasts of zero rows can cause suboptimal [query plans]({% link v23.1/cost-based-optimizer.md %}). Forecasting will now avoid predicting zero rows for most downward-trending statistics. [#122990][#122990]
+
+<h3 id="v23-1-21-performance-improvements">Performance improvements</h3>
+
+- More efficient [query plans]({% link v23.1/cost-based-optimizer.md %}) are now generated for queries with text similarity filters, for example, `text_col % 'foobar'`. These plans are generated if the `optimizer_use_trigram_similarity_optimization` [session setting]({% link v23.1/set-vars.md %}) is enabled. It is disabled by default. [#122683][#122683]
+- Added a new [session variable]({% link v23.1/set-vars.md %}) `optimizer_use_improved_zigzag_join_costing`. When enabled, the cost of [zigzag joins]({% link v23.1/cost-based-optimizer.md %}#zigzag-joins) is updated so zigzag joins will only be chosen over scans if the zigzag joins produce fewer rows. This change only applies if the session variable `enable_zigzag_join` is also `on`. [#123068][#123068]
+- Improved the selectivity estimation of multi-column filters by the [optimizer]({% link v23.1/cost-based-optimizer.md %}) when the multi-column distinct count is high. This avoids cases where CockroachDB significantly over-estimates the selectivity of a multi-column predicate and as a result can prevent the optimizer from choosing a bad query plan. [#123068][#123068]
+
+<h3 id="v23-1-21-contributors">Contributors</h3>
+
+This release includes 59 merged PRs by 26 authors.
+
+</div>
+
+[#120797]: https://github.com/cockroachdb/cockroach/pull/120797
+[#121056]: https://github.com/cockroachdb/cockroach/pull/121056
+[#121307]: https://github.com/cockroachdb/cockroach/pull/121307
+[#121382]: https://github.com/cockroachdb/cockroach/pull/121382
+[#121949]: https://github.com/cockroachdb/cockroach/pull/121949
+[#121955]: https://github.com/cockroachdb/cockroach/pull/121955
+[#122055]: https://github.com/cockroachdb/cockroach/pull/122055
+[#122057]: https://github.com/cockroachdb/cockroach/pull/122057
+[#122235]: https://github.com/cockroachdb/cockroach/pull/122235
+[#122301]: https://github.com/cockroachdb/cockroach/pull/122301
+[#122635]: https://github.com/cockroachdb/cockroach/pull/122635
+[#122683]: https://github.com/cockroachdb/cockroach/pull/122683
+[#122746]: https://github.com/cockroachdb/cockroach/pull/122746
+[#122990]: https://github.com/cockroachdb/cockroach/pull/122990
+[#123068]: https://github.com/cockroachdb/cockroach/pull/123068

src/current/_includes/releases/v24.1/v24.1.0-alpha.2.md

@@ -15,7 +15,7 @@ Release Date: March 11, 2024
 
 <h3 id="v24-1-0-alpha-2-{{-site.data.products.enterprise-}}-edition-changes">{{ site.data.products.enterprise }} edition changes</h3>
 
-- Added a new `SUBJECT` [role](https://www.cockroachlabs.com/docs/v23.2/security-reference/authorization#roles) option. This role option can be set to a subject distinguished name in [RFC 2253](https://www.ietf.org/rfc/rfc2253.html) or [RFC 4514](https://www.rfc-editor.org/rfc/rfc4514.html) format. If set, then during client certificate authentication, certs that do not match the configured distinguished name will be rejected. [#119135][#119135]
+- Added a new [`ALTER ROLE ... SUBJECT` option]({% link v24.1/alter-role.md %}#set-the-subject-role-option-for-certificate-based-authentication). This role option can be set to a subject distinguished name in [RFC 2253](https://www.ietf.org/rfc/rfc2253.html) or [RFC 4514](https://www.rfc-editor.org/rfc/rfc4514.html) format. If set, then during client certificate authentication, certs that do not match the configured distinguished name will be rejected. [#119135][#119135]
 - [Changefeeds](https://www.cockroachlabs.com/docs/v23.2/create-changefeed) support a new scheme `azure-event-hub://` for Kafka data streaming to Azure event hubs. The `sinkURL` must include mandatory parameters `shared_access_key_name` and `shared_access_key`. By default and as required, the options `tls_enabled=true`, `sasl_handshake=true`, `sasl_enabled=true`, and `sasl_mechanism=PLAIN` are applied, as they are the only supported options. Other parameters such as `topic_name` and `topic_prefix` are also supported. An example URI is: `azure-event-hub://myeventhubs.servicebus.windows.net:9093?shared_access_key_name=abc&shared_access_key=123`. [#115806][#115806]
 
 <h3 id="v24-1-0-alpha-2-sql-language-changes">SQL language changes</h3>