From f2114f664d6013485f847d40c089b2bdae670bac Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Thu, 10 Oct 2024 10:16:39 -0700
Subject: [PATCH 01/12] [REL-1518] Release notes for v24.3.0-alpha.2

---
 src/current/_data/releases.yml | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml
index f28730ac778..40baa374383 100644
--- a/src/current/_data/releases.yml
+++ b/src/current/_data/releases.yml
@@ -6894,4 +6894,31 @@
     This version is currently available only for select
     CockroachDB Cloud clusters. To request to upgrade
     a CockroachDB self-hosted cluster to this version,
-    [contact support](https://support.cockroachlabs.com/hc/requests/new).
\ No newline at end of file
+    [contact support](https://support.cockroachlabs.com/hc/requests/new).
+
+- release_name: v24.3.0-alpha.2
+  major_version: v24.3
+  release_date: '2024-10-14'
+  release_type: Testing
+  go_version: go1.22.5
+  sha: 58c475d67e32b75284b4fe293bff82807c3d129d
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach-unstable
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v24.3.0-alpha.1

From 54fe8cbba10df55a0ddaa03bb93cdeb6aeff7d36 Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Thu, 10 Oct 2024 10:17:01 -0700
Subject: [PATCH 02/12] Unedited notes

---
 .../releases/v24.3/v24.3.0-alpha.2.md         | 86 +++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md

diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
new file mode 100644
index 00000000000..d739b088d6d
--- /dev/null
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -0,0 +1,86 @@
+## v24.3.0-alpha.2
+
+Release Date: October 14, 2024
+
+{% include releases/new-release-downloads-docker-image.md release=include.release %}
+<h3 id="v24-3-0-alpha-2-security-updates">Security updates</h3>
+
+- HBA config entry for LDAP will be evaluated with validations for proper ldap config parameter values and any invalid/incomplete options list will be disallowed to amend the HBA setting. We will validate all fields provided as ldap auth method options in HBA entry. [#132086][#132086]
+
+<h3 id="v24-3-0-alpha-2-general-changes">General changes</h3>
+
+- Change the license cockroach is distributed under to the new CockroachDB Software License (CSL). [#131799][#131799]
+- Change the license cockroach is distributed under to the new CockroachDB Software License (CSL). [#131794][#131794]
+- Change the license cockroach is distributed under to the new CockroachDB Software License (CSL). [#131793][#131793]
+
+<h3 id="v24-3-0-alpha-2-{{-site.data.products.enterprise-}}-edition-changes">{{ site.data.products.enterprise }} edition changes</h3>
+
+- Allowed access to DB console APIs via JWT, which can be supplied as a Bearer token in Authorization header. [#130779][#130779]
+
+<h3 id="v24-3-0-alpha-2-sql-language-changes">SQL language changes</h3>
+
+- Added SHOW TYPES WITH COMMENT functionality similar to show schemas, show databases and show tables;  Fixes: https://github.com/cockroachdb/cockroach/issues/126009 [#131183][#131183]
+- Added support for `SECURITY DEFINER` in user defined functions (UDFs) and stored procedures (SPs). When a UDF/SP (routine) is created with `SECURITY DEFINER`, at execution, the privileges of the owner will be checked.  Routines can now specify `[EXTERNAL] SECURITY INVOKER` (this is the default -- privileges of the invoker are checked at execution) or `[EXTERNAL] SECURITY DEFINER`. Note that the `EXTERNAL` keyword is optional and solely exists for sql conformity.  In addition, altering a UDF's security "mode" is accomplished by: `ALTER FUNCTION ... [EXTERNAL] SECURITY {INVOKER/DEFINER}`. [#129720][#129720]
+
+<h3 id="v24-3-0-alpha-2-operational-changes">Operational changes</h3>
+
+- Metrics representing the state of the replication flow control send queue's are added, which when the following settings are set to:  ``` kvadmission.flow_control.mode = "apply_to_all" kvadmission.flow_control.enabled = true ```  Will be populated using the corresponding replication admission control send queue state. Also note, the disconnected metric name is renamed, see the commit message and the metric name diff below for further information.  ```diff diff --git a/pkg/kv/kvserver/kvflowcontrol/rac2/testdata/simulation/metric_names b/pkg/kv/kvserver/kvflowcontrol/rac2/testdata/simulation/metric_names index c0b4755f1eb..96b237bb57f 100644 --- a/pkg/kv/kvserver/kvflowcontrol/rac2/testdata/simulation/metric_names +++ b/pkg/kv/kvserver/kvflowcontrol/rac2/testdata/simulation/metric_names @@ -20,6 +20,12 @@ kvflowcontrol.eval_wait.regular.requests.admitted  kvflowcontrol.eval_wait.regular.requests.bypassed  kvflowcontrol.eval_wait.regular.requests.errored  kvflowcontrol.eval_wait.regular.requests.waiting +kvflowcontrol.range_controller.count +kvflowcontrol.send_queue.bytes +kvflowcontrol.send_queue.count +kvflowcontrol.send_queue.prevent.count +kvflowcontrol.send_queue.scheduled.deducted_bytes +kvflowcontrol.send_queue.scheduled.force_flush  kvflowcontrol.streams.eval.elastic.blocked_count  kvflowcontrol.streams.eval.elastic.total_count  kvflowcontrol.streams.eval.regular.blocked_count @@ -30,21 +36,24 @@ kvflowcontrol.streams.send.regular.blocked_count  kvflowcontrol.streams.send.regular.total_count  kvflowcontrol.tokens.eval.elastic.available  kvflowcontrol.tokens.eval.elastic.deducted -kvflowcontrol.tokens.eval.elastic.disconnected  kvflowcontrol.tokens.eval.elastic.returned +kvflowcontrol.tokens.eval.elastic.returned.disconnect  kvflowcontrol.tokens.eval.elastic.unaccounted  kvflowcontrol.tokens.eval.regular.available  kvflowcontrol.tokens.eval.regular.deducted -kvflowcontrol.tokens.eval.regular.disconnected  kvflowcontrol.tokens.eval.regular.returned +kvflowcontrol.tokens.eval.regular.returned.disconnect  kvflowcontrol.tokens.eval.regular.unaccounted  kvflowcontrol.tokens.send.elastic.available  kvflowcontrol.tokens.send.elastic.deducted -kvflowcontrol.tokens.send.elastic.disconnected +kvflowcontrol.tokens.send.elastic.deducted.force_flush_send_queue +kvflowcontrol.tokens.send.elastic.deducted.prevent_send_queue  kvflowcontrol.tokens.send.elastic.returned +kvflowcontrol.tokens.send.elastic.returned.disconnect  kvflowcontrol.tokens.send.elastic.unaccounted  kvflowcontrol.tokens.send.regular.available  kvflowcontrol.tokens.send.regular.deducted -kvflowcontrol.tokens.send.regular.disconnected +kvflowcontrol.tokens.send.regular.deducted.prevent_send_queue  kvflowcontrol.tokens.send.regular.returned +kvflowcontrol.tokens.send.regular.returned.disconnect  kvflowcontrol.tokens.send.regular.unaccounted ``` [#131857][#131857]
+
+<h3 id="v24-3-0-alpha-2-db-console-changes">DB Console changes</h3>
+
+- The table details page has been updated to show cached data in the overview page, which is the same data source as what is shown in the databases and databases > tables list overview pages. [#131769][#131769]
+
+<h3 id="v24-3-0-alpha-2-bug-fixes">Bug fixes</h3>
+
+- Fixed a bug where the CLI would not correctly escape JSON values that had double-quotes inside of a string when using the --format=sql flag. [#131881][#131881]
+- Fixed an error that could happen if an aggregate function was used as the value in a SET command. [#131891][#131891]
+- Fix a rare bug in which an update of a primary key column which is also the only column in a separate column family can sometimes fail to update the primary index. This bug has existed since v22.2. [#131869][#131869]
+- Ordering by `VECTOR` columns now results in an "unimplemented" error. Previously it would result in internal errors in some cases. See #92165. [#131703][#131703]
+- Add automated clean-up/validation for dropped roles inside of default privileges. [#131782][#131782]
+- Addressed a rare bug where dropping a column of FLOAT4/8, DECIMAL, JSON, collated string type, or array types that were stored in a single column family could make a table unreadable (if the column family is not the first one). [#131967][#131967]
+
+<h3 id="v24-3-0-alpha-2-performance-improvements">Performance improvements</h3>
+
+- The system now more efficiently writes string-like values in the pgwire protocol. [#131964][#131964]
+- Enhanced performance when schema_locked is not in use by improving error handling during periodic table history polling.  ``` ❯ benchstat before.txt after.txt goos: darwin goarch: arm64                                         │  before.txt  │              after.txt               │                                         │    sec/op    │    sec/op     vs base                │ PauseOrResumePolling/non-terminal_error    5.533µ ± 5%   3.849µ ± 29%  -30.44% (p=0.000 n=10) PauseOrResumePolling/not_schema_locked    7069.5n ± 4%   176.4n ±  9%  -97.50% (p=0.000 n=10) PauseOrResumePolling/schema_locked         136.2n ± 4%   131.8n ±  7%        ~ (p=0.306 n=10) geomean                                    1.747µ        447.2n        -74.39% ``` [#131951][#131951]
+
+<h3 id="v24-3-0-alpha-2-miscellaneous">Miscellaneous</h3>
+
+<h4 id="v24-3-0-alpha-2-changes-without-release-note-annotation">Changes without release note annotation</h4>
+
+- [#132100][#132100] [2d4df70a8][2d4df70a8] drtprod: put roachtest binary and operation script in workload-scale
+- [#131827][#131827] [5e44c3e68][5e44c3e68] roachprod, azure: combine location and zone flags
+- [#131805][#131805] [86cd9acda][86cd9acda] cli: {2} is reserved tenant ID, use {3} as tenant ID for demoapp
+- [#131714][#131714] [e6440862e][e6440862e] span: fix corruption bug in btree span frontier
+
+<h3 id="v24-3-0-alpha-2-doc-updates">Doc updates</h3>
+
+{% comment %}Docs team: Please add these manually.{% endcomment %}
+
+
+
+[#129720]: https://github.com/cockroachdb/cockroach/pull/129720
+[#130779]: https://github.com/cockroachdb/cockroach/pull/130779
+[#131183]: https://github.com/cockroachdb/cockroach/pull/131183
+[#131703]: https://github.com/cockroachdb/cockroach/pull/131703
+[#131714]: https://github.com/cockroachdb/cockroach/pull/131714
+[#131769]: https://github.com/cockroachdb/cockroach/pull/131769
+[#131782]: https://github.com/cockroachdb/cockroach/pull/131782
+[#131793]: https://github.com/cockroachdb/cockroach/pull/131793
+[#131794]: https://github.com/cockroachdb/cockroach/pull/131794
+[#131799]: https://github.com/cockroachdb/cockroach/pull/131799
+[#131805]: https://github.com/cockroachdb/cockroach/pull/131805
+[#131827]: https://github.com/cockroachdb/cockroach/pull/131827
+[#131857]: https://github.com/cockroachdb/cockroach/pull/131857
+[#131869]: https://github.com/cockroachdb/cockroach/pull/131869
+[#131881]: https://github.com/cockroachdb/cockroach/pull/131881
+[#131891]: https://github.com/cockroachdb/cockroach/pull/131891
+[#131951]: https://github.com/cockroachdb/cockroach/pull/131951
+[#131964]: https://github.com/cockroachdb/cockroach/pull/131964
+[#131967]: https://github.com/cockroachdb/cockroach/pull/131967
+[#132086]: https://github.com/cockroachdb/cockroach/pull/132086
+[#132100]: https://github.com/cockroachdb/cockroach/pull/132100
+[2d4df70a8]: https://github.com/cockroachdb/cockroach/commit/2d4df70a8
+[5e44c3e68]: https://github.com/cockroachdb/cockroach/commit/5e44c3e68
+[86cd9acda]: https://github.com/cockroachdb/cockroach/commit/86cd9acda
+[e6440862e]: https://github.com/cockroachdb/cockroach/commit/e6440862e

From bcc0406a0e6d7cb744430fc863424dee84eb55a1 Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Thu, 10 Oct 2024 10:46:53 -0700
Subject: [PATCH 03/12] Fix duplicate note in alpha.1 release notes

---
 .../_includes/releases/v24.3/v24.3.0-alpha.1.md   | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.1.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.1.md
index ddf7e7e4e0b..547e49fa121 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.1.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.1.md
@@ -22,9 +22,8 @@ Release Date: October 9, 2024
 
 - CockroachDB will now avoid [logging]({% link v24.3/logging.md %}) unnecessary stack traces while executing [scheduled jobs]({% link v24.3/show-jobs.md %}). [#129846][#129846]
 - Upgrading to 24.3 is blocked if no [license]({% link v24.3/licensing-faqs.md %}) is installed, or if a trial/free license is installed with telemetry disabled. [#130576][#130576]
-- Changed the license `cockroach` is distributed under to the new CockroachDB Software License. [#131661][#131661]
 - Attempting to install a second Enterprise trial license on the same cluster will now fail. [#131422][#131422]
-- Changed the license `cockroach` is distributed under to the new CockroachDB Software License (CSL). [#131690][#131690] [#131686][#131686] [#131688][#131688] [#131687][#131687] [#131717][#131717] [#131689][#131689] [#131693][#131693] [#131691][#131691] [#131777][#131777] [#131778][#131778]
+- Changed the license `cockroach` is distributed under to the new CockroachDB Software License (CSL). [#131690][#131690] [#131686][#131686] [#131688][#131688] [#131687][#131687] [#131717][#131717] [#131689][#131689] [#131693][#131693] [#131691][#131691] [#131777][#131777] [#131778][#131778] [#131661][#131661]
 
 <h3 id="v24-3-0-alpha-1-{{-site.data.products.enterprise-}}-edition-changes">{{ site.data.products.enterprise }} edition changes</h3>
 
@@ -38,9 +37,9 @@ Release Date: October 9, 2024
 
     {% include_cached copy-clipboard.html %}
     ~~~ sql
-    # TYPE    DATABASE      USER           ADDRESS             METHOD             OPTIONS  
-    # Allow all users to connect to using LDAP authentication with search and bind    host    all           all            all                 ldap               ldapserver=ldap.example.com ldapport=636 "ldapbasedn=ou=users,dc=example,dc=com" "ldapbinddn=cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid "ldapsearchfilter=(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)" "ldapgrouplistfilter=(objectClass=groupOfNames)"  
-    # Fallback to password authentication for the root user    
+    # TYPE    DATABASE      USER           ADDRESS             METHOD             OPTIONS
+    # Allow all users to connect to using LDAP authentication with search and bind    host    all           all            all                 ldap               ldapserver=ldap.example.com ldapport=636 "ldapbasedn=ou=users,dc=example,dc=com" "ldapbinddn=cn=readonly,dc=example,dc=com" ldapbindpasswd=readonly_password ldapsearchattribute=uid "ldapsearchfilter=(memberof=cn=cockroachdb_users,ou=groups,dc=example,dc=com)" "ldapgrouplistfilter=(objectClass=groupOfNames)"
+    # Fallback to password authentication for the root user
     host    all           root           0.0.0.0/0          password
     ~~~
 
@@ -48,7 +47,7 @@ Release Date: October 9, 2024
 
     {% include_cached copy-clipboard.html %}
     ~~~ sql
-    SET cluster setting server.host_based_authentication.configuration = 'host    all           all            all                 ldap ldapserver=azure.dev ldapport=636 "ldapbasedn=OU=AADDC Users,DC=azure,DC=dev" "ldapbinddn=CN=Some User,OU=AADDC Users,DC=azure,DC=dev" ldapbindpasswd=my_pwd ldapsearchattribute=sAMAccountName "ldapsearchfilter=(memberOf=CN=azure-dev-domain-sync-users,OU=AADDC Users,DC=crlcloud,DC=dev)" "ldapgrouplistfilter=(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=crlcloud,DC=dev)" 
+    SET cluster setting server.host_based_authentication.configuration = 'host    all           all            all                 ldap ldapserver=azure.dev ldapport=636 "ldapbasedn=OU=AADDC Users,DC=azure,DC=dev" "ldapbinddn=CN=Some User,OU=AADDC Users,DC=azure,DC=dev" ldapbindpasswd=my_pwd ldapsearchattribute=sAMAccountName "ldapsearchfilter=(memberOf=CN=azure-dev-domain-sync-users,OU=AADDC Users,DC=crlcloud,DC=dev)" "ldapgrouplistfilter=(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=crlcloud,DC=dev)"
     host    all           root           0.0.0.0/0          password';
     ~~~
 
@@ -116,7 +115,7 @@ Release Date: October 9, 2024
         `kvadmission.flow_controller.regular_requests_errored`               | `kvflowcontrol.eval_wait.regular.requests.errored`
         `kvadmission.flow_controller.elastic_requests_errored`               | `kvflowcontrol.eval_wait.elastic.requests.errored`
         `kvadmission.flow_controller.regular_requests_bypassed`              | `kvflowcontrol.eval_wait.regular.requests.bypassed`
-        `kvadmission.flow_controller.elastic_requests_bypassed`              | `kvflowcontrol.eval_wait.elastic.requests.bypassed` 
+        `kvadmission.flow_controller.elastic_requests_bypassed`              | `kvflowcontrol.eval_wait.elastic.requests.bypassed`
         `kvadmission.flow_controller.regular_wait_duration`                  | `kvflowcontrol.eval_wait.regular.duration`
         `kvadmission.flow_controller.elastic_wait_duration`                  | `kvflowcontrol.eval_wait.elastic.duration`
 
@@ -343,4 +342,4 @@ Release Date: October 9, 2024
 [#131717]: https://github.com/cockroachdb/cockroach/pull/131717
 [#131777]: https://github.com/cockroachdb/cockroach/pull/131777
 [#131778]: https://github.com/cockroachdb/cockroach/pull/131778
-[#93067]: https://github.com/cockroachdb/cockroach/pull/93067
\ No newline at end of file
+[#93067]: https://github.com/cockroachdb/cockroach/pull/93067

From abecbc3db88f3021a757976285a91d61f4868798 Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Thu, 10 Oct 2024 15:07:41 -0700
Subject: [PATCH 04/12] Copyedits

---
 .../releases/v24.3/v24.3.0-alpha.2.md         | 74 ++++++++++---------
 1 file changed, 38 insertions(+), 36 deletions(-)

diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
index d739b088d6d..32cc14ea384 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -3,61 +3,67 @@
 Release Date: October 14, 2024
 
 {% include releases/new-release-downloads-docker-image.md release=include.release %}
+
 <h3 id="v24-3-0-alpha-2-security-updates">Security updates</h3>
 
-- HBA config entry for LDAP will be evaluated with validations for proper ldap config parameter values and any invalid/incomplete options list will be disallowed to amend the HBA setting. We will validate all fields provided as ldap auth method options in HBA entry. [#132086][#132086]
+- The parameters for an [HBA config entry]({% link v24.3/security-reference/authentication.md %}#hba-configuration-syntax) for LDAP are now validated when the entry is created or amended, in addition to the validation that happens during an authentication attempt. [#132086][#132086]
+
+- Added automatic cleanup and validation for dropped roles when [altering default privileges]({% link v24.3/alter-default-privileges.md %}). [#131782][#131782]
 
 <h3 id="v24-3-0-alpha-2-general-changes">General changes</h3>
 
-- Change the license cockroach is distributed under to the new CockroachDB Software License (CSL). [#131799][#131799]
-- Change the license cockroach is distributed under to the new CockroachDB Software License (CSL). [#131794][#131794]
-- Change the license cockroach is distributed under to the new CockroachDB Software License (CSL). [#131793][#131793]
+- Changed the license `cockroach` is distributed under to the new CockroachDB Software License (CSL). [#131799][#131799] [#131794][#131794] [#131793][#131793]
 
 <h3 id="v24-3-0-alpha-2-{{-site.data.products.enterprise-}}-edition-changes">{{ site.data.products.enterprise }} edition changes</h3>
 
-- Allowed access to DB console APIs via JWT, which can be supplied as a Bearer token in Authorization header. [#130779][#130779]
+- You can now [authenticate to the DB console API]({% link v24.3/ui-overview.md %}#authentication) by supplying a Java Web Token (JWT) as a Bearer token in the Authorization header. [#130779][#130779]
 
 <h3 id="v24-3-0-alpha-2-sql-language-changes">SQL language changes</h3>
 
-- Added SHOW TYPES WITH COMMENT functionality similar to show schemas, show databases and show tables;  Fixes: https://github.com/cockroachdb/cockroach/issues/126009 [#131183][#131183]
-- Added support for `SECURITY DEFINER` in user defined functions (UDFs) and stored procedures (SPs). When a UDF/SP (routine) is created with `SECURITY DEFINER`, at execution, the privileges of the owner will be checked.  Routines can now specify `[EXTERNAL] SECURITY INVOKER` (this is the default -- privileges of the invoker are checked at execution) or `[EXTERNAL] SECURITY DEFINER`. Note that the `EXTERNAL` keyword is optional and solely exists for sql conformity.  In addition, altering a UDF's security "mode" is accomplished by: `ALTER FUNCTION ... [EXTERNAL] SECURITY {INVOKER/DEFINER}`. [#129720][#129720]
+- To view comments on a type, you can use the new [`SHOW TYPES WITH COMMENT`]({% link v24.3/show-types.md %}#) command. Comments can be added using [`COMMENT ON`]({% link v24.3/comment-on.md %}). [#131183][#131183]
+- You can create or alter a [user-defined function (UDF)]({% link v24.3/user-defined-functions.md %}) or [stored procedure (SP)]({% link v24.3/stored-procedures.md %}) with `[EXTERNAL] SECURITY DEFINER` instead of the default `[EXTERNAL] SECURITY INVOKER`. With `SECURITY DEFINER`, the privileges of the owner are checked when the UDF or SP is executed, rather than the privileges of the executor. The `EXTERNAL` keyword is optional and exists for SQL language conformity. [#129720][#129720]
 
 <h3 id="v24-3-0-alpha-2-operational-changes">Operational changes</h3>
 
-- Metrics representing the state of the replication flow control send queue's are added, which when the following settings are set to:  ``` kvadmission.flow_control.mode = "apply_to_all" kvadmission.flow_control.enabled = true ```  Will be populated using the corresponding replication admission control send queue state. Also note, the disconnected metric name is renamed, see the commit message and the metric name diff below for further information.  ```diff diff --git a/pkg/kv/kvserver/kvflowcontrol/rac2/testdata/simulation/metric_names b/pkg/kv/kvserver/kvflowcontrol/rac2/testdata/simulation/metric_names index c0b4755f1eb..96b237bb57f 100644 --- a/pkg/kv/kvserver/kvflowcontrol/rac2/testdata/simulation/metric_names +++ b/pkg/kv/kvserver/kvflowcontrol/rac2/testdata/simulation/metric_names @@ -20,6 +20,12 @@ kvflowcontrol.eval_wait.regular.requests.admitted  kvflowcontrol.eval_wait.regular.requests.bypassed  kvflowcontrol.eval_wait.regular.requests.errored  kvflowcontrol.eval_wait.regular.requests.waiting +kvflowcontrol.range_controller.count +kvflowcontrol.send_queue.bytes +kvflowcontrol.send_queue.count +kvflowcontrol.send_queue.prevent.count +kvflowcontrol.send_queue.scheduled.deducted_bytes +kvflowcontrol.send_queue.scheduled.force_flush  kvflowcontrol.streams.eval.elastic.blocked_count  kvflowcontrol.streams.eval.elastic.total_count  kvflowcontrol.streams.eval.regular.blocked_count @@ -30,21 +36,24 @@ kvflowcontrol.streams.send.regular.blocked_count  kvflowcontrol.streams.send.regular.total_count  kvflowcontrol.tokens.eval.elastic.available  kvflowcontrol.tokens.eval.elastic.deducted -kvflowcontrol.tokens.eval.elastic.disconnected  kvflowcontrol.tokens.eval.elastic.returned +kvflowcontrol.tokens.eval.elastic.returned.disconnect  kvflowcontrol.tokens.eval.elastic.unaccounted  kvflowcontrol.tokens.eval.regular.available  kvflowcontrol.tokens.eval.regular.deducted -kvflowcontrol.tokens.eval.regular.disconnected  kvflowcontrol.tokens.eval.regular.returned +kvflowcontrol.tokens.eval.regular.returned.disconnect  kvflowcontrol.tokens.eval.regular.unaccounted  kvflowcontrol.tokens.send.elastic.available  kvflowcontrol.tokens.send.elastic.deducted -kvflowcontrol.tokens.send.elastic.disconnected +kvflowcontrol.tokens.send.elastic.deducted.force_flush_send_queue +kvflowcontrol.tokens.send.elastic.deducted.prevent_send_queue  kvflowcontrol.tokens.send.elastic.returned +kvflowcontrol.tokens.send.elastic.returned.disconnect  kvflowcontrol.tokens.send.elastic.unaccounted  kvflowcontrol.tokens.send.regular.available  kvflowcontrol.tokens.send.regular.deducted -kvflowcontrol.tokens.send.regular.disconnected +kvflowcontrol.tokens.send.regular.deducted.prevent_send_queue  kvflowcontrol.tokens.send.regular.returned +kvflowcontrol.tokens.send.regular.returned.disconnect  kvflowcontrol.tokens.send.regular.unaccounted ``` [#131857][#131857]
+- The following new [metrics]({% link v24.3/metrics.md %}) show details about [replication]({% link v24.2/architecture/replication-layer.md %}) flow control send queue when the [cluster setting]({% link v24.3/cluster-settings.md %}) `kvadmission.flow_control.enabled` is set to `true` and the cluster setting `kvadmission.flow_control.mode` is set to `apply_to_all`.
+    - `kvflowcontrol.tokens.send.regular.deducted.prevent_send_queue`
+    - `kvflowcontrol.tokens.send.elastic.deducted.prevent_send_queue`
+    - `kvflowcontrol.tokens.send.elastic.deducted.force_flush_send_queue`
+    - `kvflowcontrol.range_controller.count`
+    - `kvflowcontrol.send_queue.bytes`
+    - `kvflowcontrol.send_queue.count`
+    - `kvflowcontrol.send_queue.prevent.count`
+    - `kvflowcontrol.send_queue.scheduled.deducted_bytes`
+    - `kvflowcontrol.send_queue.scheduled.force_flush`
+
+    [#131857][#131857]
+
+- The following ({% link v24.3/metrics.md %}) have been renamed:
+      Previous name                                    | New name-
+      -------------------------------------------------|-----------
+      `kvflowcontrol.tokens.eval.regular.disconnected` | `kvflowcontrol.tokens.eval.regular.returned.disconnect`
+      `kvflowcontrol.tokens.eval.elastic.disconnected` | `kvflowcontrol.tokens.eval.elastic.returned.disconnect`
+      `kvflowcontrol.tokens.send.regular.disconnected` | `kvflowcontrol.tokens.send.regular.returned.disconnect`
+      `kvflowcontrol.tokens.send.elastic.disconnected` | `kvflowcontrol.tokens.send.elastic.returned.disconnect`
+
+      [#131857][#131857]
 
 <h3 id="v24-3-0-alpha-2-db-console-changes">DB Console changes</h3>
 
-- The table details page has been updated to show cached data in the overview page, which is the same data source as what is shown in the databases and databases > tables list overview pages. [#131769][#131769]
+- The **Table Details** and **Tables** list in the [**Databases page**]({% link v24.3/ui-databases-page.md %}) and the table lists in **Databases** pages now use cache to reuse common data for increased efficiency [#131769][#131769]
 
 <h3 id="v24-3-0-alpha-2-bug-fixes">Bug fixes</h3>
 
-- Fixed a bug where the CLI would not correctly escape JSON values that had double-quotes inside of a string when using the --format=sql flag. [#131881][#131881]
-- Fixed an error that could happen if an aggregate function was used as the value in a SET command. [#131891][#131891]
-- Fix a rare bug in which an update of a primary key column which is also the only column in a separate column family can sometimes fail to update the primary index. This bug has existed since v22.2. [#131869][#131869]
-- Ordering by `VECTOR` columns now results in an "unimplemented" error. Previously it would result in internal errors in some cases. See #92165. [#131703][#131703]
-- Add automated clean-up/validation for dropped roles inside of default privileges. [#131782][#131782]
-- Addressed a rare bug where dropping a column of FLOAT4/8, DECIMAL, JSON, collated string type, or array types that were stored in a single column family could make a table unreadable (if the column family is not the first one). [#131967][#131967]
+- Fixed a bug where JSON values returned by `cockroach` commands using the `--format=sql` flag were not correctly escaped if they contained double quotes within a string. [#131881][#131881]
+- Fixed an error that could happen if an [aggregate function]({% link v24.3/functions-and-operators.md %}#aggregate-functions) was used as the value in a [`SET` command]({% link v24.3/set.md %}). [#131891][#131891]
+- Fixed a rare bug introduced in v22.2 in which an update of a [primary key]({% link v24.3/primary-key.md %}) column could fail to update the primary index if it is also the only column in a separate column family. [#131869][#131869]
+- Fixed a rare bug where dropping a column of `FLOAT4`, `FLOAT8`, `DECIMAL`, `JSON`, `ARRAY`, or collate `STRING` type stored in a single column family could could prevent subsequent reading of the table if the column family was not the first column family. [#131967][#131967]
+- Fixed an `unimplemented` internal error that could occur when ordering by a [`VECTOR`]({% link v24.3/vector.md %}) column. [#131703][#131703]
 
 <h3 id="v24-3-0-alpha-2-performance-improvements">Performance improvements</h3>
 
-- The system now more efficiently writes string-like values in the pgwire protocol. [#131964][#131964]
-- Enhanced performance when schema_locked is not in use by improving error handling during periodic table history polling.  ``` ❯ benchstat before.txt after.txt goos: darwin goarch: arm64                                         │  before.txt  │              after.txt               │                                         │    sec/op    │    sec/op     vs base                │ PauseOrResumePolling/non-terminal_error    5.533µ ± 5%   3.849µ ± 29%  -30.44% (p=0.000 n=10) PauseOrResumePolling/not_schema_locked    7069.5n ± 4%   176.4n ±  9%  -97.50% (p=0.000 n=10) PauseOrResumePolling/schema_locked         136.2n ± 4%   131.8n ±  7%        ~ (p=0.306 n=10) geomean                                    1.747µ        447.2n        -74.39% ``` [#131951][#131951]
-
-<h3 id="v24-3-0-alpha-2-miscellaneous">Miscellaneous</h3>
-
-<h4 id="v24-3-0-alpha-2-changes-without-release-note-annotation">Changes without release note annotation</h4>
-
-- [#132100][#132100] [2d4df70a8][2d4df70a8] drtprod: put roachtest binary and operation script in workload-scale
-- [#131827][#131827] [5e44c3e68][5e44c3e68] roachprod, azure: combine location and zone flags
-- [#131805][#131805] [86cd9acda][86cd9acda] cli: {2} is reserved tenant ID, use {3} as tenant ID for demoapp
-- [#131714][#131714] [e6440862e][e6440862e] span: fix corruption bug in btree span frontier
-
-<h3 id="v24-3-0-alpha-2-doc-updates">Doc updates</h3>
-
-{% comment %}Docs team: Please add these manually.{% endcomment %}
-
-
+- Efficiency has been improved when writing string-like values over the PostgreSQL wire protocol. [#131964][#131964]
+- Error handling during periodic table history polling has been improved when the `schema_locked` [table parameter]({% link v24.3/with-storage-parameter.md %}#table-parameters) is not used. [#131951][#131951]
 
 [#129720]: https://github.com/cockroachdb/cockroach/pull/129720
 [#130779]: https://github.com/cockroachdb/cockroach/pull/130779
@@ -80,7 +86,3 @@ Release Date: October 14, 2024
 [#131967]: https://github.com/cockroachdb/cockroach/pull/131967
 [#132086]: https://github.com/cockroachdb/cockroach/pull/132086
 [#132100]: https://github.com/cockroachdb/cockroach/pull/132100
-[2d4df70a8]: https://github.com/cockroachdb/cockroach/commit/2d4df70a8
-[5e44c3e68]: https://github.com/cockroachdb/cockroach/commit/5e44c3e68
-[86cd9acda]: https://github.com/cockroachdb/cockroach/commit/86cd9acda
-[e6440862e]: https://github.com/cockroachdb/cockroach/commit/e6440862e

From 993daeab6f84c1b17c5f6ab94a4e9efb5cb32129 Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Fri, 11 Oct 2024 10:47:32 -0700
Subject: [PATCH 05/12] Correct Enterprise-only details in Cluster SSO pages

---
 src/current/v23.1/sso-sql.md | 6 ++++--
 src/current/v23.2/sso-sql.md | 6 ++++--
 src/current/v24.1/sso-sql.md | 6 ++++--
 src/current/v24.2/sso-sql.md | 6 ++++--
 src/current/v24.3/sso-sql.md | 6 ++++--
 5 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/current/v23.1/sso-sql.md b/src/current/v23.1/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v23.1/sso-sql.md
+++ b/src/current/v23.1/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
 docs_area: manage
 ---
 
+{% include_cached enterprise-feature.md %}
+
 CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
 
 Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
 
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
 
 {{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
 {{site.data.alerts.end}}
 
 The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:
diff --git a/src/current/v23.2/sso-sql.md b/src/current/v23.2/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v23.2/sso-sql.md
+++ b/src/current/v23.2/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
 docs_area: manage
 ---
 
+{% include_cached enterprise-feature.md %}
+
 CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
 
 Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
 
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
 
 {{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
 {{site.data.alerts.end}}
 
 The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:
diff --git a/src/current/v24.1/sso-sql.md b/src/current/v24.1/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v24.1/sso-sql.md
+++ b/src/current/v24.1/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
 docs_area: manage
 ---
 
+{% include_cached enterprise-feature.md %}
+
 CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
 
 Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
 
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
 
 {{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
 {{site.data.alerts.end}}
 
 The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:
diff --git a/src/current/v24.2/sso-sql.md b/src/current/v24.2/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v24.2/sso-sql.md
+++ b/src/current/v24.2/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
 docs_area: manage
 ---
 
+{% include_cached enterprise-feature.md %}
+
 CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
 
 Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
 
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
 
 {{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
 {{site.data.alerts.end}}
 
 The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:
diff --git a/src/current/v24.3/sso-sql.md b/src/current/v24.3/sso-sql.md
index edd69a707dd..d9f133e3171 100644
--- a/src/current/v24.3/sso-sql.md
+++ b/src/current/v24.3/sso-sql.md
@@ -5,14 +5,16 @@ toc: true
 docs_area: manage
 ---
 
+{% include_cached enterprise-feature.md %}
+
 CockroachDB clusters allow users to authenticate with Single Sign-on (SSO), both to the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), and for SQL client access.
 
 Cluster single sign-on (SSO) enables users to access the SQL interface of a CockroachDB cluster (whether provisioned on CockroachDB {{ site.data.products.cloud }} or {{ site.data.products.core }}) with the full security of single sign-on (SSO), and the choice of a variety of cloud-based or customer-managed identity providers (IdPs).
 
-{{ site.data.products.advanced }} clusters can provision their users with JWTs via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
+{{ site.data.products.advanced }} clusters can provision their users with Java Web Tokens (JWTs) via the DB Console. This allows users to authenticate to a cluster by signing in to their IdP (for example, Okta or Google) with a link embedded in the DB Console. This flow provisions a JWT that a user can copy out of the DB Console UI and use in a SQL connection string to authenticate to the cluster.
 
 {{site.data.alerts.callout_info}}
-Cluster single sign-on for the DB Console is supported on {{ site.data.products.core }}, {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) using `ccloud` and the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
+Cluster single sign-on for the DB Console is supported on {{ site.data.products.enterprise }} and {{ site.data.products.advanced }} clusters. {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters do not support cluster single sign-on and do not have access to the DB Console. However, both CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.basic }} clusters can use [Cluster Single Sign-on (SSO) to authenticate to the `ccloud` command-line interface and to the CockroachDB Cloud Console]({% link cockroachcloud/cloud-sso-sql.md %}).
 {{site.data.alerts.end}}
 
 The page describes how to configure a cluster for cluster single sign-on using JWTs and then how users can authenticate using the JWTs. If you're a user ready to sign in to the DB Console with JWTs, you can skip the configuration section:

From 601720014e37d50d2fb84529b190e7670b3f62d3 Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Fri, 11 Oct 2024 10:59:08 -0700
Subject: [PATCH 06/12] Fix link

---
 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
index 32cc14ea384..cdd2ef40c29 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -55,7 +55,7 @@ Release Date: October 14, 2024
 <h3 id="v24-3-0-alpha-2-bug-fixes">Bug fixes</h3>
 
 - Fixed a bug where JSON values returned by `cockroach` commands using the `--format=sql` flag were not correctly escaped if they contained double quotes within a string. [#131881][#131881]
-- Fixed an error that could happen if an [aggregate function]({% link v24.3/functions-and-operators.md %}#aggregate-functions) was used as the value in a [`SET` command]({% link v24.3/set.md %}). [#131891][#131891]
+- Fixed an error that could happen if an [aggregate function]({% link v24.3/functions-and-operators.md %}#aggregate-functions) was used as the value in a `SET` command. [#131891][#131891]
 - Fixed a rare bug introduced in v22.2 in which an update of a [primary key]({% link v24.3/primary-key.md %}) column could fail to update the primary index if it is also the only column in a separate column family. [#131869][#131869]
 - Fixed a rare bug where dropping a column of `FLOAT4`, `FLOAT8`, `DECIMAL`, `JSON`, `ARRAY`, or collate `STRING` type stored in a single column family could could prevent subsequent reading of the table if the column family was not the first column family. [#131967][#131967]
 - Fixed an `unimplemented` internal error that could occur when ordering by a [`VECTOR`]({% link v24.3/vector.md %}) column. [#131703][#131703]

From 53e9b0367c5738639cc8e060da28de563a6c6b78 Mon Sep 17 00:00:00 2001
From: "Matt Linville (he/him)" <linville@cockroachlabs.com>
Date: Fri, 11 Oct 2024 11:01:32 -0700
Subject: [PATCH 07/12] Update
 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md

---
 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
index cdd2ef40c29..5505ee0dc41 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -57,7 +57,7 @@ Release Date: October 14, 2024
 - Fixed a bug where JSON values returned by `cockroach` commands using the `--format=sql` flag were not correctly escaped if they contained double quotes within a string. [#131881][#131881]
 - Fixed an error that could happen if an [aggregate function]({% link v24.3/functions-and-operators.md %}#aggregate-functions) was used as the value in a `SET` command. [#131891][#131891]
 - Fixed a rare bug introduced in v22.2 in which an update of a [primary key]({% link v24.3/primary-key.md %}) column could fail to update the primary index if it is also the only column in a separate column family. [#131869][#131869]
-- Fixed a rare bug where dropping a column of `FLOAT4`, `FLOAT8`, `DECIMAL`, `JSON`, `ARRAY`, or collate `STRING` type stored in a single column family could could prevent subsequent reading of the table if the column family was not the first column family. [#131967][#131967]
+- Fixed a rare bug where dropping a column of `FLOAT4`, `FLOAT8`, `DECIMAL`, `JSON`, `ARRAY`, or collated `STRING` type stored in a single column family could could prevent subsequent reading of the table if the column family was not the first column family. [#131967][#131967]
 - Fixed an `unimplemented` internal error that could occur when ordering by a [`VECTOR`]({% link v24.3/vector.md %}) column. [#131703][#131703]
 
 <h3 id="v24-3-0-alpha-2-performance-improvements">Performance improvements</h3>

From 9f464de9954098f318f7150282f933e443ef7030 Mon Sep 17 00:00:00 2001
From: "Matt Linville (he/him)" <linville@cockroachlabs.com>
Date: Fri, 11 Oct 2024 11:23:42 -0700
Subject: [PATCH 08/12] Update
 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md

Co-authored-by: annie pompa <57268831+annrpom@users.noreply.github.com>
---
 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
index 5505ee0dc41..34d16f0e535 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -8,7 +8,7 @@ Release Date: October 14, 2024
 
 - The parameters for an [HBA config entry]({% link v24.3/security-reference/authentication.md %}#hba-configuration-syntax) for LDAP are now validated when the entry is created or amended, in addition to the validation that happens during an authentication attempt. [#132086][#132086]
 
-- Added automatic cleanup and validation for dropped roles when [altering default privileges]({% link v24.3/alter-default-privileges.md %}). [#131782][#131782]
+- Added automatic cleanup and validation for [default privileges]({% link v24.3/security-reference/authorization.md%}#default-privileges) that reference dropped roles after a major-version upgrade to v24.3. [#131782][#131782]
 
 <h3 id="v24-3-0-alpha-2-general-changes">General changes</h3>
 

From 2fa2c4cb9031e9e441fe393bf1b086589adb5bd8 Mon Sep 17 00:00:00 2001
From: "Matt Linville (he/him)" <linville@cockroachlabs.com>
Date: Mon, 14 Oct 2024 08:37:21 -0700
Subject: [PATCH 09/12] Update
 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md

Co-authored-by: Kyle Wong <37189875+kyle-a-wong@users.noreply.github.com>
---
 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
index 34d16f0e535..ad5ccf20c92 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -50,7 +50,7 @@ Release Date: October 14, 2024
 
 <h3 id="v24-3-0-alpha-2-db-console-changes">DB Console changes</h3>
 
-- The **Table Details** and **Tables** list in the [**Databases page**]({% link v24.3/ui-databases-page.md %}) and the table lists in **Databases** pages now use cache to reuse common data for increased efficiency [#131769][#131769]
+- Improved performance in the **Databases**, **Tables View**, and **Table Details** sections of the [**Databases page**]({% link v24.3/ui-databases-page.md %})  [#131769][#131769]
 
 <h3 id="v24-3-0-alpha-2-bug-fixes">Bug fixes</h3>
 

From 2068f37e7aab37916d096d4a4d0993d00a234266 Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Mon, 14 Oct 2024 09:32:52 -0700
Subject: [PATCH 10/12] Kathryn's feedback

---
 src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
index cdd2ef40c29..7121c6430c9 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -39,6 +39,7 @@ Release Date: October 14, 2024
     [#131857][#131857]
 
 - The following ({% link v24.3/metrics.md %}) have been renamed:
+
       Previous name                                    | New name-
       -------------------------------------------------|-----------
       `kvflowcontrol.tokens.eval.regular.disconnected` | `kvflowcontrol.tokens.eval.regular.returned.disconnect`
@@ -57,7 +58,7 @@ Release Date: October 14, 2024
 - Fixed a bug where JSON values returned by `cockroach` commands using the `--format=sql` flag were not correctly escaped if they contained double quotes within a string. [#131881][#131881]
 - Fixed an error that could happen if an [aggregate function]({% link v24.3/functions-and-operators.md %}#aggregate-functions) was used as the value in a `SET` command. [#131891][#131891]
 - Fixed a rare bug introduced in v22.2 in which an update of a [primary key]({% link v24.3/primary-key.md %}) column could fail to update the primary index if it is also the only column in a separate column family. [#131869][#131869]
-- Fixed a rare bug where dropping a column of `FLOAT4`, `FLOAT8`, `DECIMAL`, `JSON`, `ARRAY`, or collate `STRING` type stored in a single column family could could prevent subsequent reading of the table if the column family was not the first column family. [#131967][#131967]
+- Fixed a rare bug where dropping a column of `FLOAT4`, `FLOAT8`, `DECIMAL`, `JSON`, `ARRAY`, or collate `STRING` type stored in a single [column family]({% link v24.3/column-families.md %}) could prevent subsequent reading of the table if the column family was not the first column family. [#131967][#131967]
 - Fixed an `unimplemented` internal error that could occur when ordering by a [`VECTOR`]({% link v24.3/vector.md %}) column. [#131703][#131703]
 
 <h3 id="v24-3-0-alpha-2-performance-improvements">Performance improvements</h3>

From 2627c8be63c2783bc07c01874f1bf3c2bb0e6a92 Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Mon, 14 Oct 2024 11:17:46 -0700
Subject: [PATCH 11/12] Add Cluster SSO with LDAP to Limited Access features

---
 src/current/v24.2/cockroachdb-feature-availability.md | 4 ++++
 src/current/v24.3/cockroachdb-feature-availability.md | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/current/v24.2/cockroachdb-feature-availability.md b/src/current/v24.2/cockroachdb-feature-availability.md
index 95de09e571d..4a601e3912c 100644
--- a/src/current/v24.2/cockroachdb-feature-availability.md
+++ b/src/current/v24.2/cockroachdb-feature-availability.md
@@ -37,6 +37,10 @@ Any feature made available in a phase prior to GA is provided without any warran
 ### Export metrics to Azure Monitor
 [Exporting Metrics to Azure Monitor]({% link cockroachcloud/export-metrics-advanced.md %}?filters=azure-monitor-metrics-export) from a CockroachDB {{ site.data.products.advanced }} cluster hosted on Azure is in limited access. Once the export is configured, metrics will flow from all nodes in all regions of your CockroachDB {{ site.data.products.advanced }} cluster to your chosen cloud metrics sink. To express interest and try it out, contact [Support](https://support.cockroachlabs.com/hc).
 
+### Cluster SSO backed by LDAP
+
+[Cluster SSO]({% link {{ page.version.version }}/sso-sql.md %}) using an identity stored in LDAP is in Limited Access. The [cluster setting]({% link {{ page.version.version }}/cluster-settings.md %}) `server.auth_log.sql_sessions.enabled`, which logs more details about cluster authentication failures, is also in Limited Access.
+
 ## Features in preview
 
 {{site.data.alerts.callout_info}}
diff --git a/src/current/v24.3/cockroachdb-feature-availability.md b/src/current/v24.3/cockroachdb-feature-availability.md
index 95de09e571d..4a601e3912c 100644
--- a/src/current/v24.3/cockroachdb-feature-availability.md
+++ b/src/current/v24.3/cockroachdb-feature-availability.md
@@ -37,6 +37,10 @@ Any feature made available in a phase prior to GA is provided without any warran
 ### Export metrics to Azure Monitor
 [Exporting Metrics to Azure Monitor]({% link cockroachcloud/export-metrics-advanced.md %}?filters=azure-monitor-metrics-export) from a CockroachDB {{ site.data.products.advanced }} cluster hosted on Azure is in limited access. Once the export is configured, metrics will flow from all nodes in all regions of your CockroachDB {{ site.data.products.advanced }} cluster to your chosen cloud metrics sink. To express interest and try it out, contact [Support](https://support.cockroachlabs.com/hc).
 
+### Cluster SSO backed by LDAP
+
+[Cluster SSO]({% link {{ page.version.version }}/sso-sql.md %}) using an identity stored in LDAP is in Limited Access. The [cluster setting]({% link {{ page.version.version }}/cluster-settings.md %}) `server.auth_log.sql_sessions.enabled`, which logs more details about cluster authentication failures, is also in Limited Access.
+
 ## Features in preview
 
 {{site.data.alerts.callout_info}}

From c7e9990f6df46e2e94cbbf1bf46585d3befe432d Mon Sep 17 00:00:00 2001
From: Matt Linville <linville@cockroachlabs.com>
Date: Mon, 14 Oct 2024 14:04:43 -0700
Subject: [PATCH 12/12] Update SHA

---
 src/current/_data/releases.yml                | 28 +++++++++++++++++++
 .../releases/v24.3/v24.3.0-alpha.2.md         |  5 ++++
 2 files changed, 33 insertions(+)

diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml
index 40baa374383..acf975f7bf8 100644
--- a/src/current/_data/releases.yml
+++ b/src/current/_data/releases.yml
@@ -6922,3 +6922,31 @@
     docker_arm_limited_access: false
   source: true
   previous_release: v24.3.0-alpha.1
+
+
+- release_name: v24.3.0-alpha.2
+  major_version: v24.3
+  release_date: '2024-10-14'
+  release_type: Testing
+  go_version: go1.23.2
+  sha: 45b47f90445fdb0e0c8e07df863c3bbe17daa491
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach-unstable
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v24.3.0-alpha.1-218-g58c475d67e3
diff --git a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
index a1f35b67fd2..fa00bc61c4e 100644
--- a/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
+++ b/src/current/_includes/releases/v24.3/v24.3.0-alpha.2.md
@@ -49,6 +49,10 @@ Release Date: October 14, 2024
 
       [#131857][#131857]
 
+<h3 id="v24-3-0-alpha-2-multi-tenancy">Cluster virtualization changes</h3>
+
+- The `_status/ranges/` endpoint on DB Console [Advanced debug pages]({% link v24.3/ui-debug-pages.md %}) is now enabled for non-system virtual clusters, where it returns the ranges only for the tenant you are logged into. For the system virtual cluster, the `_status/ranges/` endpoint continues to return ranges for the specified node across all virtual clusters. [#131100][#131100]
+
 <h3 id="v24-3-0-alpha-2-db-console-changes">DB Console changes</h3>
 
 - Improved performance in the **Databases**, **Tables View**, and **Table Details** sections of the [**Databases page**]({% link v24.3/ui-databases-page.md %})  [#131769][#131769]
@@ -87,3 +91,4 @@ Release Date: October 14, 2024
 [#131967]: https://github.com/cockroachdb/cockroach/pull/131967
 [#132086]: https://github.com/cockroachdb/cockroach/pull/132086
 [#132100]: https://github.com/cockroachdb/cockroach/pull/132100
+[#131100]: https://github.com/cockroachdb/cockroach/pull/131100