From 683ec3854e80a736d886d656c2a939dd6dd17c7f Mon Sep 17 00:00:00 2001
From: Automated Release Bot <releasebot@cockroachlabs.com>
Date: Thu, 11 Dec 2025 20:24:51 +0000
Subject: [PATCH 1/6] Update release notes for v26.1-v26.1.0-beta.1

---
 src/current/_data/versions.csv | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_data/versions.csv b/src/current/_data/versions.csv
index ae340872cdd..37300512475 100644
--- a/src/current/_data/versions.csv
+++ b/src/current/_data/versions.csv
@@ -20,4 +20,4 @@ v25.1,2025-02-18,2025-08-18,N/A,N/A,N/A,N/A,N/A,N/A,v24.3,release-25.1,2029-02-1
 v25.2,2025-05-09,2026-05-12,2026-11-12,N/A,N/A,N/A,N/A,N/A,v25.1,release-25.2,2029-05-09
 v25.3,2025-08-04,2026-02-04,N/A,N/A,N/A,N/A,N/A,N/A,v25.2,release-25.3,2029-08-04
 v25.4,2025-11-03,2026-11-03,2027-05-03,N/A,N/A,N/A,N/A,N/A,v25.3,release-25.4,2029-11-03
-v26.1,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A,v25.4,release-25.4,N/A
+v26.1,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A,v25.4,release-26.1,N/A

From 9246356458b32d7e620194193b7c7feb884c9674 Mon Sep 17 00:00:00 2001
From: Automated Release Bot <releasebot@cockroachlabs.com>
Date: Thu, 11 Dec 2025 20:24:52 +0000
Subject: [PATCH 2/6] Update release notes for v26.1-v26.1.0-beta.1

---
 src/current/_data/releases.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml
index c48aad5a241..c3490796d3d 100644
--- a/src/current/_data/releases.yml
+++ b/src/current/_data/releases.yml
@@ -10011,3 +10011,31 @@
     docker_arm_limited_access: false
   source: true
   previous_release: v25.4.0
+
+
+- release_name: v26.1.0-beta.1
+  major_version: v26.1
+  release_date: '2025-12-17'
+  release_type: Testing
+  go_version: go1.25.3
+  sha: e15b1ecc444676ba53266770e0b758de9ae72d22
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach-unstable
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v26.1.0-alpha.1

From ed19546692e6a8edaceebe73ca365818db6d2ebe Mon Sep 17 00:00:00 2001
From: Automated Release Bot <releasebot@cockroachlabs.com>
Date: Thu, 11 Dec 2025 20:24:52 +0000
Subject: [PATCH 3/6] Update release notes for v26.1-v26.1.0-beta.1

---
 .../releases/v26.1/v26.1.0-beta.1.md          | 261 ++++++++++++++++++
 1 file changed, 261 insertions(+)
 create mode 100644 src/current/_includes/releases/v26.1/v26.1.0-beta.1.md

diff --git a/src/current/_includes/releases/v26.1/v26.1.0-beta.1.md b/src/current/_includes/releases/v26.1/v26.1.0-beta.1.md
new file mode 100644
index 00000000000..c0dd4b466dc
--- /dev/null
+++ b/src/current/_includes/releases/v26.1/v26.1.0-beta.1.md
@@ -0,0 +1,261 @@
+## v26.1.0-beta.1
+
+Release Date: December 17, 2025
+
+{% include releases/new-release-downloads-docker-image.md release=include.release %}
+
+<h3 id="v26-1-0-beta-1-security-updates">Security updates</h3>
+
+- A new `debug_user` certificate can now be used
+  for privileged RPC access to collect debug information. The debug_user must be
+  created manually using the `CREATE USER` command and can be audited using the
+  `SHOW USERS` command. This user has privileged access to `serverpb` admin and
+  status endpoints required for debug zip collection. [#155216][#155216]
+- We will be adding a new flag
+  `--disallow-root-login` to the cockroach start command to explicitly allow
+  restricting the root user from logging into the system. This change affects the
+  [unstated, unchangeable root access
+  rule](https://www.cockroachlabs.com/docs/stable/security-reference/authentication#the-unstated-unchangeable-root-access-rule)
+  as part of compliance requirements. This flag is currently experimental and also
+  needs an additional user setup for debug zip collection as disabling the root
+  user affects the debug zip service. We currently do not validate if this user is
+  set up or not.
+  
+  Note: Care must be taken to ensure none of the certificates that are in use by
+  the cluster or the SQL/RPC clients have a root in the SAN fields since the flag
+  will block access to that client. [#155216][#155216]
+- We are adding a new flag
+   `--allow-debug-user` to the cockroach start command to explicitly allow
+   enabling the debug_user to log into the system. This flag is currently
+   experimental and is disabled by default. When not set, authentication
+   attempts by `debug_user` will be rejected with an error: `"certificate
+   authentication failed for user "debug_user""` for SQL connections and
+   `"failed to perform RPC, as debug_user login is not allowed"` for RPC
+   connections.
+  
+   This flag is intended for debugging and troubleshooting purposes and should
+   only be enabled when necessary for diagnostic operations. The debug_user
+   should be disabled when not actively in use.
+  
+   Note: Certificates must include "debug_user" as one of the principals
+   (CommonName or SubjectAlternativeName) for this functionality. The flag
+   controls whether such certificates are accepted for both SQL client
+   connections and RPC connections. [#158963][#158963]
+
+<h3 id="v26-1-0-beta-1-{{-site.data.products.enterprise-}}-edition-changes">{{ site.data.products.enterprise }} edition changes</h3>
+
+- Improved the description of the
+  changefeed.default_range_distribution_strategy cluster setting to better
+  explain the available options and their behavior.
+  
+  Epic: None [#158602][#158602]
+
+<h3 id="v26-1-0-beta-1-sql-language-changes">SQL language changes</h3>
+
+- Add new session variable `use_swap_mutations`
+  which controls whether the new update swap and delete swap operators are
+  enabled for use by UPDATE and DELETE statements. [#145019][#145019]
+- Fixed a bug where the results of `ALTER SEQUENCE`'s increment and `SELECT nextval()` operations were not as expected. The value of a sequence after an `ALTER SEQUENCE` statement has executed on it is now consistent with a sequence created with those values. [#154489][#154489]
+- SQL statements executed in stored procedures and user-defined functions now record SQL statistics, including latencies and execution metrics. These statistics appear on the **SQL Activity** and **Insights** pages of the DB Console. Limitation: SQL statements within a stored procedure or user-defined function are not collected for active statement diagnostics requests. Statement diagnostics remain available for top-level statement executions. [#156905][#156905]
+- `crdb_internal.index_usage_stats` and `crdb_internal.datums_to_bytes` are now available in the `information_schema` system catalog as `information_schema.crdb_index_usage_stats` and `information_schema.crdb_datums_to_bytes`, respectively. [#156963][#156963]
+- The `ALTER COLUMN ...` sequence identity
+  commands are run by the declarative schema changer. [#157030][#157030]
+- The `cumulative time spent waiting in admission control` is now displayed in `EXPLAIN ANALYZE` output when it is non-zero. This helps identify delays caused by admission control during query execution. [#158055][#158055]
+- Restarting a sequence with an updated increment has the expected initial value. [#158065][#158065]
+- The `cumulative time spent waiting in admission control` reported in `EXPLAIN ANALYZE` now includes the time spent in quorum replication flow control. This update enhances the precision of wait time analysis, offering a more accurate depiction of query execution time by considering additional wait durations within the quorum replication processes. [#158076][#158076]
+- A new "hint injection" ability has been
+  added, which allows operators to dynamically inject inline hints into
+  statements, without modifying the text of those statements. Hints can be
+  injected using the builtin function `crdb_internal.inject_hint` with the
+  target statement fingerprint to rewrite. For example, to add an index
+  hint to the statement `SELECT * FROM my_table WHERE col = 3`, use:
+  
+  ```
+  SELECT crdb_internal.inject_hint(
+    'SELECT * FROM my_table WHERE col = _',
+    'SELECT * FROM my_table@my_table_col_idx WHERE col = _'
+  );
+  ```
+  
+  Whenever a statement is executed matching statement fingerprint `SELECT
+  * FROM my_table WHERE col = _`, it will first be rewritten to include
+  the injected index hint. [#158096][#158096]
+- `ALTER TABLE ... SET SCHEMA` is supported by the declarative schema changer. [#158141][#158141]
+- `kv cpu time` is now displayed in `EXPLAIN ANALYZE`, providing insights into the CPU resources used by KV operations during query execution. [#158499][#158499]
+- CockroachDB now negotiates the pgwire protocol version with PostgreSQL 18+ clients that request protocol version 3.2. Previously, connections from these clients would fail with an "unknown protocol version" error. The server now sends a `NegotiateProtocolVersion` message to indicate it supports version 3.0, allowing the connection to proceed normally. [#158636][#158636]
+- Added support for `EXECUTE SCHEDULE {schedule_id}` to allow immediate execution of a scheduled job. This does not apply to `ALTER BACKUP SCHEDULE`; attempting to execute a backup schedule will result in an error. [#158694][#158694]
+- `CREATE TYPE` with composite type syntax now supports array types in field definitions. For example, `CREATE TYPE t AS (a INT[])` and `CREATE TYPE t AS (a INT ARRAY)` now work correctly, matching PostgreSQL behavior. [#158888][#158888]
+- adds STRICT STORAGE LOCALITY option to backup cmd.
+  Subsequent commit hooks it up to backup flow. [#158999][#158999]
+- introduces the new STRICT option for locality aware
+  backups. When this flag is passed, the backup will fail if we attempt to backup
+  data that lives in a kv node with locality tag X into a bucket with a different
+  locality tag. [#158999][#158999]
+- CREATE CHANGEFEED FOR DATABASE statement will
+  return an error stating that the feature is not implemented. [#159000][#159000]
+- The `WITH RESOLVED TIMESTAMP` option can be passed to `SHOW JOBS` or `SHOW JOB` to include the resolved timestamp, if any, for the jobs in the output columns. [#159068][#159068]
+
+<h3 id="v26-1-0-beta-1-operational-changes">Operational changes</h3>
+
+- All queries to system and crdb_internal by
+  default will begin failing, notifying users that they must override the
+  access gate if they wish to use those namespaces.
+  
+The `allow_unsafe_internals` setting now defaults to `false`, restricting access to the `system` and `crdb_internal` namespaces. Queries to these namespaces will now fail unless access is manually enabled. Usage is also audited. [#158085][#158085]
+- Jobs that are paused due to a specific reason, including jobs which pause themselves when encountering errors such as running out of disk space, now record that reason in their displayed status field of `SHOW JOBS`. [#158350][#158350]
+- The following metrics will be marked as essential
+  because they are needed for end user troubleshooting:
+  - auth.jwt.conn.latency
+  - auth.cert.conn.latency
+  - auth.password.conn.latency
+  - auth.ldap.conn.latency
+  - auth.gss.conn.latency
+  - auth.scram.conn.latency
+  - auth.ldap.conn.latency.internal [#158424][#158424]
+
+<h3 id="v26-1-0-beta-1-command-line-changes">Command-line changes</h3>
+
+- You can now specify a user-defined database user when generating `debug zip` and `debug tsdump` files. Use the `--user` and `--url` flags to set the username. Previously, these operations required the root user. This change provides backward compatibility by defaulting the username to `root`. This update is part of an ongoing effort to limit root user access. [#158961][#158961]
+
+<h3 id="v26-1-0-beta-1-db-console-changes">DB Console changes</h3>
+
+- The log of messages and events recorded by a job is now shown to non-admin users on the DB Console Jobs page. [#152853][#152853]
+- The DB Console now accurately displays **vCPU** counts on the **Overview** page instead of operating system CPU counts. This update uses cgroups to provide a correct vCPU measurement, reflecting reserved compute resources in Kubernetes and other virtualized environments. [#158219][#158219]
+- Jobs which are paused for a specific reason now show that reason, and are highlighted in the UI. [#158364][#158364]
+- The `kvCPUTimeNanos` is now recorded in `crdb_internal.statement_statistics` and `crdb_internal.transaction_statistics`. In the DB Console, a **KV CPU Time** column is now displayed in the **SQL Activity** > **Statements** and **Transactions** pages, allowing you to monitor and analyze the CPU time consumed by KV operations during query execution. [#158398][#158398]
+- The `admissionWaitTime` is now recorded in `crdb_internal.statement_statistics` and `crdb_internal.transaction_statistics`. In the DB Console, an **Admission Wait Time** column is now displayed in the **SQL Activity** > **Statements** and **Transactions** pages. [#158500][#158500]
+
+<h3 id="v26-1-0-beta-1-bug-fixes">Bug fixes</h3>
+
+- Fixed a bug that could cause an internal error
+  in some cases for PL/pgSQL routines that perform database reads within
+  an exception block. [#156902][#156902]
+- Fixed a bug existing since SQL statements with
+  INTO clause were introduced for PL/pgSQL routines in v23.2. The bug could
+  cause a SQL statement with side effects (e.g. INSERT) to be dropped if
+  none of the target variables from the INTO clause were referenced. [#156966][#156966]
+- Fixed a bug where renaming a column that participated in multiple hash-sharded indexes would fail. [#158045][#158045]
+- Fixed a bug where `ORDER BY` clauses in user-defined set-returning SQL functions with `OUT` parameters were ignored when the function was called directly in a `SELECT` list (e.g., `SELECT f()`). The ordering is now properly preserved and enforced. [#158162][#158162]
+- The pgwire server now exits promptly on context cancellation. [#158269][#158269]
+- CockroachDB could previously hit a bounded
+  memory leak when collecting table statistics on a table that had both
+  very wide (10KiB or more) and relatively small (under 400B) BYTES-like
+  values within the same row as well as virtual computed columns. This
+  has been present since introduction of stats collection on virtual
+  computed columns in 24.1. [#158370][#158370]
+- Temporary schema cleanup no longer retries after poisoned transaction errors, reducing log noise. [#158396][#158396]
+- When changing the time interval on the **Metrics** page, the DB Console previously sent duplicate requests for metrics data. This has been fixed, and the UI now issues a single, efficient request when updating the time interval. [#158595][#158595]
+- Fixed a bug where issuing a noop schedule modification
+  could skip the next incremental backup
+  
+  Fixes: #158296 [#158820][#158820]
+- Fixed a bug that caused routines to prevent
+  dropping more columns than necessary, most notably columns referenced
+  by computed column expressions. The fix is gated behind the session
+  setting `use_improved_routine_deps_triggers_and_computed_cols`, which
+  is off by default prior to v26.1. [#158935][#158935]
+- Fixed a bug that allowed a column to be dropped from
+  its table despite being referenced by a routine. The bug could happen when the
+  column was only referenced as a target column in the SET clause of an UPDATE
+  statement within the routine. This fix only applies to newly-created routines.
+  In versions prior to v26.1, the fix must be enabled by setting the session
+  variable `prevent_update_set_column_drop`. [#158935][#158935]
+- A bug has been fixed which could cause incorrect
+  results. The bug has existed since v21.2. From v21.2 up to v25.3, the
+  bug only presented when all of the following were true:
+    - The query was run with an explicit or implicit prepared statement.
+    - The query had an equality filter on a placeholder and a UNIQUE
+      column.
+    - The column contained NULL values.
+    - The placeholder was assigned to NULL during execution.
+  In this case, the query could return rows in which the column's value is
+  NULL, which violates SQL NULL-equality semantics. The correct result set
+  should always be empty.
+  Starting in v25.4, the requirements were loosened slightly. It was no
+  longer necessary for the column to be UNIQUE. The bug could reproduce if
+  the column was included in any index. [#159001][#159001]
+- Fixed a bug where the `schema_locked` table storage parameter could be bypassed by combining `SET (schema_locked=false)` with other schema changes in the same `ALTER TABLE` statement using comma syntax. Schema-locked tables now correctly reject such combined statements. [#159017][#159017]
+
+<h3 id="v26-1-0-beta-1-performance-improvements">Performance improvements</h3>
+
+- Triggers now perform the descriptor lookup for `TG_TABLE_SCHEMA` against a cache. This can significantly reduce trigger planning latency in multi-region databases. [#144217][#144217]
+- Add new `update swap` and
+  `delete swap` operators which allow some UPDATE and DELETE statements to
+  execute in 1 round trip instead of 2 round trips. For now, these
+  operators can be used when:
+  
+  - all columns in the primary index are constrained to a single exact value
+    by the WHERE clause;
+  - only a single row is modified;
+  - there are no FK checks or cascades;
+  - there are no uniqueness checks;
+  - there are no check constraints;
+  - there are no vector indexes modified;
+  - there are no passthrough columns to RETURNING;
+  - there are no triggers;
+  - the table only uses a single column family;
+  - there are no mutation columns or mutation indexes (i.e. the table is
+    not undergoing an ALTER);
+  - there are no columns using composite encoding (e.g. DECIMAL, FLOAT,
+    JSON, etc).
+  
+  We may lift some of these restrictions in future releases. [#145019][#145019]
+- The optimizer now collapses
+  repeated "%" wildcard characters in LIKE patterns. This may improve
+  performance of queries with theses types of LIKE patterns.
+  
+  Co-authored-by: Daniel Hix <danieljacobhix@gmail.com>
+  Co-authored-by: Sriram <sriraam2000na@gmail.com>
+  Co-authored-by: Marcus Gartner <magartner@gmail.com>
+  Co-authored-by: dils2k <dils.matchanov@gmail.com> [#158025][#158025]
+- More of the CPU usage of LDR jobs is subject to background job admission control limits. [#158361][#158361]
+- After triggers now perform the
+  descriptor lookup for `TG_TABLE_SCHEMA` against a cache. This can
+  significantly reduce trigger planning latency. [#158708][#158708]
+
+
+[#158963]: https://github.com/cockroachdb/cockroach/pull/158963
+[#157030]: https://github.com/cockroachdb/cockroach/pull/157030
+[#158499]: https://github.com/cockroachdb/cockroach/pull/158499
+[#159000]: https://github.com/cockroachdb/cockroach/pull/159000
+[#159068]: https://github.com/cockroachdb/cockroach/pull/159068
+[#158085]: https://github.com/cockroachdb/cockroach/pull/158085
+[#158424]: https://github.com/cockroachdb/cockroach/pull/158424
+[#158269]: https://github.com/cockroachdb/cockroach/pull/158269
+[#158935]: https://github.com/cockroachdb/cockroach/pull/158935
+[#159017]: https://github.com/cockroachdb/cockroach/pull/159017
+[#156905]: https://github.com/cockroachdb/cockroach/pull/156905
+[#158364]: https://github.com/cockroachdb/cockroach/pull/158364
+[#158370]: https://github.com/cockroachdb/cockroach/pull/158370
+[#158708]: https://github.com/cockroachdb/cockroach/pull/158708
+[#158055]: https://github.com/cockroachdb/cockroach/pull/158055
+[#158065]: https://github.com/cockroachdb/cockroach/pull/158065
+[#158096]: https://github.com/cockroachdb/cockroach/pull/158096
+[#158694]: https://github.com/cockroachdb/cockroach/pull/158694
+[#156902]: https://github.com/cockroachdb/cockroach/pull/156902
+[#156966]: https://github.com/cockroachdb/cockroach/pull/156966
+[#158820]: https://github.com/cockroachdb/cockroach/pull/158820
+[#145019]: https://github.com/cockroachdb/cockroach/pull/145019
+[#158636]: https://github.com/cockroachdb/cockroach/pull/158636
+[#158888]: https://github.com/cockroachdb/cockroach/pull/158888
+[#158961]: https://github.com/cockroachdb/cockroach/pull/158961
+[#158045]: https://github.com/cockroachdb/cockroach/pull/158045
+[#158396]: https://github.com/cockroachdb/cockroach/pull/158396
+[#159001]: https://github.com/cockroachdb/cockroach/pull/159001
+[#144217]: https://github.com/cockroachdb/cockroach/pull/144217
+[#155216]: https://github.com/cockroachdb/cockroach/pull/155216
+[#158602]: https://github.com/cockroachdb/cockroach/pull/158602
+[#158141]: https://github.com/cockroachdb/cockroach/pull/158141
+[#158350]: https://github.com/cockroachdb/cockroach/pull/158350
+[#152853]: https://github.com/cockroachdb/cockroach/pull/152853
+[#158219]: https://github.com/cockroachdb/cockroach/pull/158219
+[#158595]: https://github.com/cockroachdb/cockroach/pull/158595
+[#158025]: https://github.com/cockroachdb/cockroach/pull/158025
+[#158361]: https://github.com/cockroachdb/cockroach/pull/158361
+[#154489]: https://github.com/cockroachdb/cockroach/pull/154489
+[#156963]: https://github.com/cockroachdb/cockroach/pull/156963
+[#158076]: https://github.com/cockroachdb/cockroach/pull/158076
+[#158999]: https://github.com/cockroachdb/cockroach/pull/158999
+[#158398]: https://github.com/cockroachdb/cockroach/pull/158398
+[#158500]: https://github.com/cockroachdb/cockroach/pull/158500
+[#158162]: https://github.com/cockroachdb/cockroach/pull/158162

From ed8229408fe6607d7f454189064d0c88f5872f62 Mon Sep 17 00:00:00 2001
From: Automated Release Bot <releasebot@cockroachlabs.com>
Date: Tue, 16 Dec 2025 15:40:44 +0000
Subject: [PATCH 4/6] Update release notes for v26.1-v26.1.0-beta.1


From b3f06d040a7aee93a9cc52462379b21707206ab9 Mon Sep 17 00:00:00 2001
From: Automated Release Bot <releasebot@cockroachlabs.com>
Date: Tue, 16 Dec 2025 15:40:45 +0000
Subject: [PATCH 5/6] Update release notes for v26.1-v26.1.0-beta.1

---
 src/current/_data/releases.yml | 170 ++++++++++++++++++++++++++++++++-
 1 file changed, 169 insertions(+), 1 deletion(-)

diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml
index c3490796d3d..66d7afb92cd 100644
--- a/src/current/_data/releases.yml
+++ b/src/current/_data/releases.yml
@@ -10013,6 +10013,174 @@
   previous_release: v25.4.0
 
 
+- release_name: v26.1.0-alpha.2
+  major_version: v26.1
+  release_date: '2025-12-11'
+  release_type: Testing
+  go_version: go1.25.3
+  sha: 7991c17b6f2957e381666bf13d6405c8037f46c1
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach-unstable
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v26.1.0-alpha.1
+
+
+- release_name: v25.4.2
+  major_version: v25.4
+  release_date: '2025-12-12'
+  release_type: Production
+  go_version: go1.25.3
+  sha: fed2b8351ac420fec6a1eecce0c78e3848d11896
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v25.4.1
+  cloud_only: true
+  cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters'
+  cloud_only_message: >
+      This version is currently available only for select
+      CockroachDB Cloud clusters. To request to upgrade
+      a CockroachDB self-hosted cluster to this version,
+      [contact support](https://support.cockroachlabs.com/hc/requests/new).
+
+
+- release_name: v25.3.6
+  major_version: v25.3
+  release_date: '2025-12-12'
+  release_type: Production
+  go_version: go1.25.3
+  sha: 86392cec66fd0b9851358fa76a6f0aac1d691a84
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v25.3.5
+  cloud_only: true
+  cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters'
+  cloud_only_message: >
+      This version is currently available only for select
+      CockroachDB Cloud clusters. To request to upgrade
+      a CockroachDB self-hosted cluster to this version,
+      [contact support](https://support.cockroachlabs.com/hc/requests/new).
+
+
+- release_name: v25.2.10
+  major_version: v25.2
+  release_date: '2025-12-12'
+  release_type: Production
+  go_version: go1.25.3
+  sha: a2cf0e12d277179df853e7e494c0155a6839edf3
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v25.2.9
+  cloud_only: true
+  cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters'
+  cloud_only_message: >
+      This version is currently available only for select
+      CockroachDB Cloud clusters. To request to upgrade
+      a CockroachDB self-hosted cluster to this version,
+      [contact support](https://support.cockroachlabs.com/hc/requests/new).
+
+
+- release_name: v24.3.24
+  major_version: v24.3
+  release_date: '2025-12-12'
+  release_type: Production
+  go_version: go1.25.3
+  sha: dab6bfcdbefef7b4ecc62cb75198e475cbf6778d
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v24.3.23
+  cloud_only: true
+  cloud_only_message_short: 'Available only for select CockroachDB Cloud clusters'
+  cloud_only_message: >
+      This version is currently available only for select
+      CockroachDB Cloud clusters. To request to upgrade
+      a CockroachDB self-hosted cluster to this version,
+      [contact support](https://support.cockroachlabs.com/hc/requests/new).
+
+
 - release_name: v26.1.0-beta.1
   major_version: v26.1
   release_date: '2025-12-17'
@@ -10038,4 +10206,4 @@
     docker_arm_experimental: false
     docker_arm_limited_access: false
   source: true
-  previous_release: v26.1.0-alpha.1
+  previous_release: v26.1.0-alpha.2

From 1831d113878e178a16fdfc100bfe876f94fec6f3 Mon Sep 17 00:00:00 2001
From: Automated Release Bot <releasebot@cockroachlabs.com>
Date: Tue, 16 Dec 2025 15:40:46 +0000
Subject: [PATCH 6/6] Update release notes for v26.1-v26.1.0-beta.1

---
 .../releases/v26.1/v26.1.0-beta.1.md          | 183 ++----------------
 1 file changed, 17 insertions(+), 166 deletions(-)

diff --git a/src/current/_includes/releases/v26.1/v26.1.0-beta.1.md b/src/current/_includes/releases/v26.1/v26.1.0-beta.1.md
index c0dd4b466dc..9cef892e65c 100644
--- a/src/current/_includes/releases/v26.1/v26.1.0-beta.1.md
+++ b/src/current/_includes/releases/v26.1/v26.1.0-beta.1.md
@@ -6,24 +6,6 @@ Release Date: December 17, 2025
 
 <h3 id="v26-1-0-beta-1-security-updates">Security updates</h3>
 
-- A new `debug_user` certificate can now be used
-  for privileged RPC access to collect debug information. The debug_user must be
-  created manually using the `CREATE USER` command and can be audited using the
-  `SHOW USERS` command. This user has privileged access to `serverpb` admin and
-  status endpoints required for debug zip collection. [#155216][#155216]
-- We will be adding a new flag
-  `--disallow-root-login` to the cockroach start command to explicitly allow
-  restricting the root user from logging into the system. This change affects the
-  [unstated, unchangeable root access
-  rule](https://www.cockroachlabs.com/docs/stable/security-reference/authentication#the-unstated-unchangeable-root-access-rule)
-  as part of compliance requirements. This flag is currently experimental and also
-  needs an additional user setup for debug zip collection as disabling the root
-  user affects the debug zip service. We currently do not validate if this user is
-  set up or not.
-  
-  Note: Care must be taken to ensure none of the certificates that are in use by
-  the cluster or the SQL/RPC clients have a root in the SAN fields since the flag
-  will block access to that client. [#155216][#155216]
 - We are adding a new flag
    `--allow-debug-user` to the cockroach start command to explicitly allow
    enabling the debug_user to log into the system. This flag is currently
@@ -52,114 +34,42 @@ Release Date: December 17, 2025
 
 <h3 id="v26-1-0-beta-1-sql-language-changes">SQL language changes</h3>
 
-- Add new session variable `use_swap_mutations`
-  which controls whether the new update swap and delete swap operators are
-  enabled for use by UPDATE and DELETE statements. [#145019][#145019]
-- Fixed a bug where the results of `ALTER SEQUENCE`'s increment and `SELECT nextval()` operations were not as expected. The value of a sequence after an `ALTER SEQUENCE` statement has executed on it is now consistent with a sequence created with those values. [#154489][#154489]
-- SQL statements executed in stored procedures and user-defined functions now record SQL statistics, including latencies and execution metrics. These statistics appear on the **SQL Activity** and **Insights** pages of the DB Console. Limitation: SQL statements within a stored procedure or user-defined function are not collected for active statement diagnostics requests. Statement diagnostics remain available for top-level statement executions. [#156905][#156905]
 - `crdb_internal.index_usage_stats` and `crdb_internal.datums_to_bytes` are now available in the `information_schema` system catalog as `information_schema.crdb_index_usage_stats` and `information_schema.crdb_datums_to_bytes`, respectively. [#156963][#156963]
 - The `ALTER COLUMN ...` sequence identity
   commands are run by the declarative schema changer. [#157030][#157030]
-- The `cumulative time spent waiting in admission control` is now displayed in `EXPLAIN ANALYZE` output when it is non-zero. This helps identify delays caused by admission control during query execution. [#158055][#158055]
-- Restarting a sequence with an updated increment has the expected initial value. [#158065][#158065]
-- The `cumulative time spent waiting in admission control` reported in `EXPLAIN ANALYZE` now includes the time spent in quorum replication flow control. This update enhances the precision of wait time analysis, offering a more accurate depiction of query execution time by considering additional wait durations within the quorum replication processes. [#158076][#158076]
-- A new "hint injection" ability has been
-  added, which allows operators to dynamically inject inline hints into
-  statements, without modifying the text of those statements. Hints can be
-  injected using the builtin function `crdb_internal.inject_hint` with the
-  target statement fingerprint to rewrite. For example, to add an index
-  hint to the statement `SELECT * FROM my_table WHERE col = 3`, use:
-  
-  ```
-  SELECT crdb_internal.inject_hint(
-    'SELECT * FROM my_table WHERE col = _',
-    'SELECT * FROM my_table@my_table_col_idx WHERE col = _'
-  );
-  ```
-  
-  Whenever a statement is executed matching statement fingerprint `SELECT
-  * FROM my_table WHERE col = _`, it will first be rewritten to include
-  the injected index hint. [#158096][#158096]
-- `ALTER TABLE ... SET SCHEMA` is supported by the declarative schema changer. [#158141][#158141]
-- `kv cpu time` is now displayed in `EXPLAIN ANALYZE`, providing insights into the CPU resources used by KV operations during query execution. [#158499][#158499]
-- CockroachDB now negotiates the pgwire protocol version with PostgreSQL 18+ clients that request protocol version 3.2. Previously, connections from these clients would fail with an "unknown protocol version" error. The server now sends a `NegotiateProtocolVersion` message to indicate it supports version 3.0, allowing the connection to proceed normally. [#158636][#158636]
 - Added support for `EXECUTE SCHEDULE {schedule_id}` to allow immediate execution of a scheduled job. This does not apply to `ALTER BACKUP SCHEDULE`; attempting to execute a backup schedule will result in an error. [#158694][#158694]
 - `CREATE TYPE` with composite type syntax now supports array types in field definitions. For example, `CREATE TYPE t AS (a INT[])` and `CREATE TYPE t AS (a INT ARRAY)` now work correctly, matching PostgreSQL behavior. [#158888][#158888]
-- adds STRICT STORAGE LOCALITY option to backup cmd.
-  Subsequent commit hooks it up to backup flow. [#158999][#158999]
 - introduces the new STRICT option for locality aware
   backups. When this flag is passed, the backup will fail if we attempt to backup
   data that lives in a kv node with locality tag X into a bucket with a different
   locality tag. [#158999][#158999]
+- adds STRICT STORAGE LOCALITY option to backup cmd.
+  Subsequent commit hooks it up to backup flow. [#158999][#158999]
 - CREATE CHANGEFEED FOR DATABASE statement will
   return an error stating that the feature is not implemented. [#159000][#159000]
 - The `WITH RESOLVED TIMESTAMP` option can be passed to `SHOW JOBS` or `SHOW JOB` to include the resolved timestamp, if any, for the jobs in the output columns. [#159068][#159068]
 
-<h3 id="v26-1-0-beta-1-operational-changes">Operational changes</h3>
-
-- All queries to system and crdb_internal by
-  default will begin failing, notifying users that they must override the
-  access gate if they wish to use those namespaces.
-  
-The `allow_unsafe_internals` setting now defaults to `false`, restricting access to the `system` and `crdb_internal` namespaces. Queries to these namespaces will now fail unless access is manually enabled. Usage is also audited. [#158085][#158085]
-- Jobs that are paused due to a specific reason, including jobs which pause themselves when encountering errors such as running out of disk space, now record that reason in their displayed status field of `SHOW JOBS`. [#158350][#158350]
-- The following metrics will be marked as essential
-  because they are needed for end user troubleshooting:
-  - auth.jwt.conn.latency
-  - auth.cert.conn.latency
-  - auth.password.conn.latency
-  - auth.ldap.conn.latency
-  - auth.gss.conn.latency
-  - auth.scram.conn.latency
-  - auth.ldap.conn.latency.internal [#158424][#158424]
-
 <h3 id="v26-1-0-beta-1-command-line-changes">Command-line changes</h3>
 
 - You can now specify a user-defined database user when generating `debug zip` and `debug tsdump` files. Use the `--user` and `--url` flags to set the username. Previously, these operations required the root user. This change provides backward compatibility by defaulting the username to `root`. This update is part of an ongoing effort to limit root user access. [#158961][#158961]
 
-<h3 id="v26-1-0-beta-1-db-console-changes">DB Console changes</h3>
-
-- The log of messages and events recorded by a job is now shown to non-admin users on the DB Console Jobs page. [#152853][#152853]
-- The DB Console now accurately displays **vCPU** counts on the **Overview** page instead of operating system CPU counts. This update uses cgroups to provide a correct vCPU measurement, reflecting reserved compute resources in Kubernetes and other virtualized environments. [#158219][#158219]
-- Jobs which are paused for a specific reason now show that reason, and are highlighted in the UI. [#158364][#158364]
-- The `kvCPUTimeNanos` is now recorded in `crdb_internal.statement_statistics` and `crdb_internal.transaction_statistics`. In the DB Console, a **KV CPU Time** column is now displayed in the **SQL Activity** > **Statements** and **Transactions** pages, allowing you to monitor and analyze the CPU time consumed by KV operations during query execution. [#158398][#158398]
-- The `admissionWaitTime` is now recorded in `crdb_internal.statement_statistics` and `crdb_internal.transaction_statistics`. In the DB Console, an **Admission Wait Time** column is now displayed in the **SQL Activity** > **Statements** and **Transactions** pages. [#158500][#158500]
-
 <h3 id="v26-1-0-beta-1-bug-fixes">Bug fixes</h3>
 
-- Fixed a bug that could cause an internal error
-  in some cases for PL/pgSQL routines that perform database reads within
-  an exception block. [#156902][#156902]
-- Fixed a bug existing since SQL statements with
-  INTO clause were introduced for PL/pgSQL routines in v23.2. The bug could
-  cause a SQL statement with side effects (e.g. INSERT) to be dropped if
-  none of the target variables from the INTO clause were referenced. [#156966][#156966]
-- Fixed a bug where renaming a column that participated in multiple hash-sharded indexes would fail. [#158045][#158045]
-- Fixed a bug where `ORDER BY` clauses in user-defined set-returning SQL functions with `OUT` parameters were ignored when the function was called directly in a `SELECT` list (e.g., `SELECT f()`). The ordering is now properly preserved and enforced. [#158162][#158162]
-- The pgwire server now exits promptly on context cancellation. [#158269][#158269]
-- CockroachDB could previously hit a bounded
-  memory leak when collecting table statistics on a table that had both
-  very wide (10KiB or more) and relatively small (under 400B) BYTES-like
-  values within the same row as well as virtual computed columns. This
-  has been present since introduction of stats collection on virtual
-  computed columns in 24.1. [#158370][#158370]
-- Temporary schema cleanup no longer retries after poisoned transaction errors, reducing log noise. [#158396][#158396]
-- When changing the time interval on the **Metrics** page, the DB Console previously sent duplicate requests for metrics data. This has been fixed, and the UI now issues a single, efficient request when updating the time interval. [#158595][#158595]
 - Fixed a bug where issuing a noop schedule modification
   could skip the next incremental backup
   
   Fixes: #158296 [#158820][#158820]
-- Fixed a bug that caused routines to prevent
-  dropping more columns than necessary, most notably columns referenced
-  by computed column expressions. The fix is gated behind the session
-  setting `use_improved_routine_deps_triggers_and_computed_cols`, which
-  is off by default prior to v26.1. [#158935][#158935]
 - Fixed a bug that allowed a column to be dropped from
   its table despite being referenced by a routine. The bug could happen when the
   column was only referenced as a target column in the SET clause of an UPDATE
   statement within the routine. This fix only applies to newly-created routines.
   In versions prior to v26.1, the fix must be enabled by setting the session
   variable `prevent_update_set_column_drop`. [#158935][#158935]
+- Fixed a bug that caused routines to prevent
+  dropping more columns than necessary, most notably columns referenced
+  by computed column expressions. The fix is gated behind the session
+  setting `use_improved_routine_deps_triggers_and_computed_cols`, which
+  is off by default prior to v26.1. [#158935][#158935]
 - A bug has been fixed which could cause incorrect
   results. The bug has existed since v21.2. From v21.2 up to v25.3, the
   bug only presented when all of the following were true:
@@ -179,83 +89,24 @@ The `allow_unsafe_internals` setting now defaults to `false`, restricting access
 <h3 id="v26-1-0-beta-1-performance-improvements">Performance improvements</h3>
 
 - Triggers now perform the descriptor lookup for `TG_TABLE_SCHEMA` against a cache. This can significantly reduce trigger planning latency in multi-region databases. [#144217][#144217]
-- Add new `update swap` and
-  `delete swap` operators which allow some UPDATE and DELETE statements to
-  execute in 1 round trip instead of 2 round trips. For now, these
-  operators can be used when:
-  
-  - all columns in the primary index are constrained to a single exact value
-    by the WHERE clause;
-  - only a single row is modified;
-  - there are no FK checks or cascades;
-  - there are no uniqueness checks;
-  - there are no check constraints;
-  - there are no vector indexes modified;
-  - there are no passthrough columns to RETURNING;
-  - there are no triggers;
-  - the table only uses a single column family;
-  - there are no mutation columns or mutation indexes (i.e. the table is
-    not undergoing an ALTER);
-  - there are no columns using composite encoding (e.g. DECIMAL, FLOAT,
-    JSON, etc).
-  
-  We may lift some of these restrictions in future releases. [#145019][#145019]
-- The optimizer now collapses
-  repeated "%" wildcard characters in LIKE patterns. This may improve
-  performance of queries with theses types of LIKE patterns.
-  
-  Co-authored-by: Daniel Hix <danieljacobhix@gmail.com>
-  Co-authored-by: Sriram <sriraam2000na@gmail.com>
-  Co-authored-by: Marcus Gartner <magartner@gmail.com>
-  Co-authored-by: dils2k <dils.matchanov@gmail.com> [#158025][#158025]
-- More of the CPU usage of LDR jobs is subject to background job admission control limits. [#158361][#158361]
 - After triggers now perform the
   descriptor lookup for `TG_TABLE_SCHEMA` against a cache. This can
   significantly reduce trigger planning latency. [#158708][#158708]
 
 
-[#158963]: https://github.com/cockroachdb/cockroach/pull/158963
-[#157030]: https://github.com/cockroachdb/cockroach/pull/157030
-[#158499]: https://github.com/cockroachdb/cockroach/pull/158499
-[#159000]: https://github.com/cockroachdb/cockroach/pull/159000
+[#158999]: https://github.com/cockroachdb/cockroach/pull/158999
 [#159068]: https://github.com/cockroachdb/cockroach/pull/159068
-[#158085]: https://github.com/cockroachdb/cockroach/pull/158085
-[#158424]: https://github.com/cockroachdb/cockroach/pull/158424
-[#158269]: https://github.com/cockroachdb/cockroach/pull/158269
+[#158820]: https://github.com/cockroachdb/cockroach/pull/158820
 [#158935]: https://github.com/cockroachdb/cockroach/pull/158935
-[#159017]: https://github.com/cockroachdb/cockroach/pull/159017
-[#156905]: https://github.com/cockroachdb/cockroach/pull/156905
-[#158364]: https://github.com/cockroachdb/cockroach/pull/158364
-[#158370]: https://github.com/cockroachdb/cockroach/pull/158370
+[#159001]: https://github.com/cockroachdb/cockroach/pull/159001
 [#158708]: https://github.com/cockroachdb/cockroach/pull/158708
-[#158055]: https://github.com/cockroachdb/cockroach/pull/158055
-[#158065]: https://github.com/cockroachdb/cockroach/pull/158065
-[#158096]: https://github.com/cockroachdb/cockroach/pull/158096
-[#158694]: https://github.com/cockroachdb/cockroach/pull/158694
-[#156902]: https://github.com/cockroachdb/cockroach/pull/156902
-[#156966]: https://github.com/cockroachdb/cockroach/pull/156966
-[#158820]: https://github.com/cockroachdb/cockroach/pull/158820
-[#145019]: https://github.com/cockroachdb/cockroach/pull/145019
-[#158636]: https://github.com/cockroachdb/cockroach/pull/158636
 [#158888]: https://github.com/cockroachdb/cockroach/pull/158888
-[#158961]: https://github.com/cockroachdb/cockroach/pull/158961
-[#158045]: https://github.com/cockroachdb/cockroach/pull/158045
-[#158396]: https://github.com/cockroachdb/cockroach/pull/158396
-[#159001]: https://github.com/cockroachdb/cockroach/pull/159001
+[#158694]: https://github.com/cockroachdb/cockroach/pull/158694
 [#144217]: https://github.com/cockroachdb/cockroach/pull/144217
-[#155216]: https://github.com/cockroachdb/cockroach/pull/155216
-[#158602]: https://github.com/cockroachdb/cockroach/pull/158602
-[#158141]: https://github.com/cockroachdb/cockroach/pull/158141
-[#158350]: https://github.com/cockroachdb/cockroach/pull/158350
-[#152853]: https://github.com/cockroachdb/cockroach/pull/152853
-[#158219]: https://github.com/cockroachdb/cockroach/pull/158219
-[#158595]: https://github.com/cockroachdb/cockroach/pull/158595
-[#158025]: https://github.com/cockroachdb/cockroach/pull/158025
-[#158361]: https://github.com/cockroachdb/cockroach/pull/158361
-[#154489]: https://github.com/cockroachdb/cockroach/pull/154489
 [#156963]: https://github.com/cockroachdb/cockroach/pull/156963
-[#158076]: https://github.com/cockroachdb/cockroach/pull/158076
-[#158999]: https://github.com/cockroachdb/cockroach/pull/158999
-[#158398]: https://github.com/cockroachdb/cockroach/pull/158398
-[#158500]: https://github.com/cockroachdb/cockroach/pull/158500
-[#158162]: https://github.com/cockroachdb/cockroach/pull/158162
+[#158602]: https://github.com/cockroachdb/cockroach/pull/158602
+[#157030]: https://github.com/cockroachdb/cockroach/pull/157030
+[#159000]: https://github.com/cockroachdb/cockroach/pull/159000
+[#158961]: https://github.com/cockroachdb/cockroach/pull/158961
+[#159017]: https://github.com/cockroachdb/cockroach/pull/159017
+[#158963]: https://github.com/cockroachdb/cockroach/pull/158963