From 6cacd8b11a71c48d8cd3b8ed561c391060a11cc2 Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Thu, 30 Oct 2025 09:59:09 -0400
Subject: [PATCH 01/22] Initial v25.4.0 feature highlights

---
 .../_includes/releases/v25.4/v25.4.0.md       | 220 ++++++++++++++++++
 1 file changed, 220 insertions(+)
 create mode 100644 src/current/_includes/releases/v25.4/v25.4.0.md

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
new file mode 100644
index 00000000000..6630d3087e8
--- /dev/null
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -0,0 +1,220 @@
+## v25.4.0
+
+Release Date: November 3, 2025
+
+With the release of CockroachDB v25.4, we've added new capabilities to help you migrate, build, and operate more efficiently.
+
+For a summary of the most significant changes, refer to [Feature Highlights](#v25-4-0-feature-highlights), which contains the following categories:
+
+  - [SQL](#v25-4-0-sql)
+  - [Security](#v25-4-0-security)
+  - [CockroachDB Cloud](#v25-4-0-cloud)
+
+Before [upgrading to CockroachDB v25.4]({% link v25.4/upgrade-cockroach-version.md %}), be sure to also review the following [Upgrade Details](#v25-4-0-upgrade-details):
+
+  - [Backward-incompatible changes](#v25-4-0-backward-incompatible-changes)
+  - [Features that require upgrade finalization](#v25-4-0-features-that-require-upgrade-finalization)
+  - [Key cluster setting changes](#v25-4-0-key-cluster-setting-changes)
+  - [Deprecations] (#v25-4-0-deprecations)
+  - [Known limitations](#v25-4-0-known-limitations)
+
+{% include releases/new-release-downloads-docker-image.md release=include.release %}
+
+<h3 id="v25-4-0-feature-highlights">Feature Highlights</h3>
+
+This section summarizes the most significant user-facing changes in v25.4.0 and other features recently made available to CockroachDB users across versions. For a complete list of features and changes in v25.4, including bug fixes and performance improvements, refer to the [release notes]({% link releases/index.md %}#testing-releases) for v25.4 testing releases. You can also search the docs for sections labeled [New in v25.4](https://www.cockroachlabs.com/docs/search?query=New+in+v25.4).
+
+<div id="feature-highlights">
+
+<h4 id="v25-4-0-sql">SQL</h4>
+
+<table markdown="1">
+ <thead>
+  <tr>
+   <th class="center-align" colspan="1" rowspan="2">Feature</th>
+   <th class="center-align" colspan="5" rowspan="1">Availability</th>
+  </tr>
+  <tr>
+    <th colspan="1" rowspan="1">Ver.</th>
+    <th colspan="1" rowspan="1" style="white-space: nowrap;">Self-hosted</th>
+    <th colspan="1" rowspan="1">Advanced</th>
+    <th colspan="1" rowspan="1">Standard</th>
+    <th colspan="1" rowspan="1">Basic</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>
+    <p class="feature-summary">Vector Indexing Improvements</p>
+    <p class="feature-description" markdown="1">
+      [Needs writer review] Vector indexes in CockroachDB now support table backfills, making it easy to add vector indexes to existing tables without requiring manual data rewrites or service interruption. This update enhances the usability of vector search features by allowing seamless indexing of pre-existing data. Additionally, support for both cosine distance and inner product has been added, giving users more flexibility in selecting similarity metrics that best suit their machine learning or AI workloads. Together, these improvements make it easier to build and scale intelligent applications directly on CockroachDB.
+    </p>
+   </td>
+   <td>25.4</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+  </tr>
+ </tbody>
+</table>
+
+<h4 id="v25-4-0-security">Security</h4>
+
+<table>
+ <thead>
+  <tr>
+   <th class="center-align" colspan="1" rowspan="2">Feature</th>
+   <th class="center-align" colspan="5" rowspan="1">Availability</th>
+  </tr>
+  <tr>
+    <th colspan="1" rowspan="1">Ver.</th>
+    <th colspan="1" rowspan="1" style="white-space: nowrap;">Self-hosted</th>
+    <th colspan="1" rowspan="1">Advanced</th>
+    <th colspan="1" rowspan="1">Standard</th>
+    <th colspan="1" rowspan="1">Basic</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>
+    <p class="feature-summary">JWT/OIDC Authorization Support</p>
+    <p class="feature-description">
+      [Placeholder. Need PM draft.] This release adds support for authorization with JWT/OIDC authentication, similar to existing LDAP authorization capabilities.
+    </p>
+   </td>
+   <td>25.4</td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+  </tr>
+ </tbody>
+</table>
+
+<h4 id="v25-4-0-cloud">CockroachDB Cloud</h4>
+
+<h5 id="v25-4-0-cloud-security">Security</h5>
+
+<table>
+ <thead>
+  <tr>
+   <th class="center-align" colspan="1" rowspan="2">Feature</th>
+   <th class="center-align" colspan="5" rowspan="1">Availability</th>
+  </tr>
+  <tr>
+    <th colspan="1" rowspan="1">Ver.</th>
+    <th colspan="1" rowspan="1" style="white-space: nowrap;">Self-hosted</th>
+    <th colspan="1" rowspan="1">Advanced</th>
+    <th colspan="1" rowspan="1">Standard</th>
+    <th colspan="1" rowspan="1">Basic</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>
+    <p class="feature-summary">Customer-Managed Encryption Keys (CMEK) Improvements</p>
+    <p class="feature-description">
+      [Placeholder. Need PM draft.] This release includes general improvements and enhancements to CMEK functionality across AWS, GCP, and Azure.
+    </p>
+   </td>
+   <td>All<sup>*</sup></td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+  </tr>
+  <tr>
+   <td>
+    <p class="feature-summary">CMEK Configuration UI in Cloud Console</p>
+    <p class="feature-description">
+      [Placeholder. Need PM draft.] CMEK configuration is now available through the CockroachDB Cloud Console UI, providing feature parity with the API and making it easier for all customers to configure customer-managed encryption keys.
+    </p>
+   </td>
+   <td>All<sup>*</sup></td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+   <td class="icon-center">?</td>
+  </tr>
+ </tbody>
+</table>
+
+<h5 id="v25-4-0-cloud-administration">Administration</h5>
+
+<table>
+ <thead>
+  <tr>
+   <th class="center-align" colspan="1" rowspan="2">Feature</th>
+   <th class="center-align" colspan="5" rowspan="1">Availability</th>
+  </tr>
+  <tr>
+    <th colspan="1" rowspan="1">Ver.</th>
+    <th colspan="1" rowspan="1" style="white-space: nowrap;">Self-hosted</th>
+    <th colspan="1" rowspan="1">Advanced</th>
+    <th colspan="1" rowspan="1">Standard</th>
+    <th colspan="1" rowspan="1">Basic</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>
+    <p class="feature-summary">Metrics Viewer Role for CockroachDB Cloud</p>
+    <p class="feature-description">
+      [Needs writer review] This release introduces the Metrics Viewer role on CockroachDB Cloud, providing dedicated permissions for metrics collection and insights. This role is designed to enhance overall security by enabling granular access control to cluster performance data.
+
+      The Metrics Viewer role grants read-only access to cluster metrics and related insights, without conferring any administrative or data manipulation privileges.
+
+      Key benefits:
+
+      * Improved Security: Enables the principle of least privilege by allowing users or services to monitor cluster performance without broader access to sensitive data or configuration.
+      * Targeted Access: Provides focused access to operational metrics, empowering teams to monitor health and performance efficiently.
+      * Enhanced Collaboration: Facilitates secure collaboration by allowing different teams (e.g., SREs, developers) to access relevant metrics without over-provisioned permissions.
+
+      When combined with the existing Cluster Developer role, a user can effectively gain "Power Developer" like functionalities, enabling them to develop applications and monitor their performance comprehensively while maintaining a clear separation of privileges for security.
+    </p>
+   </td>
+   <td>All<sup>*</sup></td>
+   <td class="icon-center">{% include icon-no.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+  </tr>
+ </tbody>
+</table>
+
+{% include releases/v25.4/feature-detail-key.html %}
+
+</div>
+
+<h3 id="v25-4-0-upgrade-details">Upgrade Details</h3>
+
+Before you upgrade, review these changes and other information about the new major version.
+
+<a name="v25-4-0-backward-incompatible-changes"></a>
+
+<h4 id="v25-4-0-backward-incompatible-changes">Backward-incompatible changes</h4>
+
+{% include releases/v25.4/backward-incompatible.md %}
+
+<a name="v25-4-0-features-that-require-upgrade-finalization"></a>
+
+<h4 id="v25-4-0-features-that-require-upgrade-finalization">Features that require upgrade finalization</h4>
+
+{% include releases/v25.4/upgrade-finalization.md %}
+
+<a name="v25-4-0-cluster-settings"></a>
+
+<h4 id="v25-4-0-key-cluster-setting-changes">Key cluster setting changes</h4>
+
+{% include releases/v25.4/cluster-setting-changes.md %}
+
+<a name="v25-4-0-deprecations"></a>
+
+<h4 id="v25-4-0-deprecations">Deprecations</h4>
+
+{% include releases/v25.4/deprecations.md %}
+
+<h4 id="v25-4-0-known-limitations">Known limitations</h4>
+
+For information about new and unresolved limitations in CockroachDB v25.4, with suggested workarounds where applicable, refer to [Known Limitations]({% link v25.4/known-limitations.md %}).

From b61ba964fc349e0c7b4445d3581ebc3c090b2a52 Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Fri, 31 Oct 2025 00:18:56 -0400
Subject: [PATCH 02/22] Data file updates

---
 src/current/_config_cockroachdb.yml |  4 ++--
 src/current/_data/releases.yml      | 32 +++++++++++++++++++++++++++++
 src/current/_data/versions.csv      |  2 +-
 3 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/src/current/_config_cockroachdb.yml b/src/current/_config_cockroachdb.yml
index 84896dd48b1..3e787fcec8b 100644
--- a/src/current/_config_cockroachdb.yml
+++ b/src/current/_config_cockroachdb.yml
@@ -1,7 +1,7 @@
 baseurl: /docs
-current_cloud_version: v25.3
+current_cloud_version: v25.4
 destination: _site/docs
 homepage_title: CockroachDB Docs
 versions:
-  stable: v25.3
+  stable: v25.4
   dev: v25.4
diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml
index 10fd34568c9..7099482086d 100644
--- a/src/current/_data/releases.yml
+++ b/src/current/_data/releases.yml
@@ -9848,3 +9848,35 @@
     docker_arm_limited_access: false
   source: true
   previous_release: v25.3.3
+
+- release_name: v25.4.0
+  major_version: v25.4
+  release_date: '2025-11-03'
+  release_type: Production
+  go_version: go1.23.12
+  sha: 4f4179243a351bc48c00dd9243dc56b8af98e210
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: false
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v25.4.0-rc.1
+  cloud_only: true
+  cloud_only_message_short: 'Currently available for CockroachDB Advanced only'
+  cloud_only_message: >
+      This version is currently available only for
+      CockroachDB Cloud clusters on the Advanced plan.
diff --git a/src/current/_data/versions.csv b/src/current/_data/versions.csv
index a65a1cb01c0..37853d2c9c0 100644
--- a/src/current/_data/versions.csv
+++ b/src/current/_data/versions.csv
@@ -19,4 +19,4 @@ v24.3,2024-11-18,2025-11-18,2026-05-18,24.3.11,24.3.12,2025-05-05,2026-05-05,202
 v25.1,2025-02-18,2025-08-18,N/A,N/A,N/A,N/A,N/A,N/A,v24.3,release-25.1,2029-02-18
 v25.2,2025-05-09,2026-05-12,2026-11-12,N/A,N/A,N/A,N/A,N/A,v25.1,release-25.2,2029-05-09
 v25.3,2025-08-04,2026-02-04,N/A,N/A,N/A,N/A,N/A,N/A,v25.2,release-25.3,2029-08-04
-v25.4,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A,v25.3,release-25.4,N/A
+v25.4,2025-11-03,2026-11-03,2027-05-03,N/A,N/A,N/A,N/A,N/A,v25.3,release-25.4,2029-11-03

From b52d9535546d3c1e3d515928e77d4263aa9b89ce Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Fri, 31 Oct 2025 00:30:08 -0400
Subject: [PATCH 03/22] Remove blank line in versions.csv

---
 src/current/_data/versions.csv | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_data/versions.csv b/src/current/_data/versions.csv
index 37853d2c9c0..2f0975cc76b 100644
--- a/src/current/_data/versions.csv
+++ b/src/current/_data/versions.csv
@@ -19,4 +19,4 @@ v24.3,2024-11-18,2025-11-18,2026-05-18,24.3.11,24.3.12,2025-05-05,2026-05-05,202
 v25.1,2025-02-18,2025-08-18,N/A,N/A,N/A,N/A,N/A,N/A,v24.3,release-25.1,2029-02-18
 v25.2,2025-05-09,2026-05-12,2026-11-12,N/A,N/A,N/A,N/A,N/A,v25.1,release-25.2,2029-05-09
 v25.3,2025-08-04,2026-02-04,N/A,N/A,N/A,N/A,N/A,N/A,v25.2,release-25.3,2029-08-04
-v25.4,2025-11-03,2026-11-03,2027-05-03,N/A,N/A,N/A,N/A,N/A,v25.3,release-25.4,2029-11-03
+v25.4,2025-11-03,2026-11-03,2027-05-03,N/A,N/A,N/A,N/A,N/A,v25.3,release-25.4,2029-11-03
\ No newline at end of file

From cf7afb56d81c38d70d5d5ddc61f84b1a22c7e6ea Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Fri, 31 Oct 2025 13:29:36 -0400
Subject: [PATCH 04/22] Update cluster setting changes

---
 .../releases/v25.4/cluster-setting-changes.md | 50 ++++++++++++++-----
 1 file changed, 37 insertions(+), 13 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/cluster-setting-changes.md b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
index caf1d447497..6dbe3db1746 100644
--- a/src/current/_includes/releases/v25.4/cluster-setting-changes.md
+++ b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
@@ -1,18 +1,42 @@
-Changes to [cluster settings]({% link v25.3/cluster-settings.md %}) should be reviewed prior to upgrading. New default cluster setting values will be used unless you have manually set a value for a setting. This can be confirmed by running the SQL statement `SELECT * FROM system.settings` to view the non-default settings.
+Changes to [cluster settings]({% link v25.4/cluster-settings.md %}) should be reviewed prior to upgrading. New default cluster setting values will be used unless you have manually set a value for a setting. This can be confirmed by running the SQL statement `SELECT * FROM system.settings` to view the non-default settings.
 
-<h5 id="v25-3-0-settings-added">New settings</h5>
+<h5 id="v25-4-0-settings-added">New settings</h5>
 
-- Bullet
-- Bullet
-- Bullet
-- Bullet
+- `changefeed.progress.frontier_persistence.interval` - Changefeeds will now periodically persist their entire span frontiers so that fewer duplicates will need to be emitted during restarts. The default persistence interval is 30s, but this can be configured with the `changefeed.progress.frontier_persistence.interval` cluster setting. [#153491][#153491]
+- `log.channel_compatibility_mode.enabled` - In v26.1, changefeed events will be logged to the `CHANGEFEED` logging channel instead of `TELEMETRY`. To test the impact of this change before upgrading, set the cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects changefeed logs to the `CHANGEFEED` channel and should be tested only in non-production environments. [#151807][#151807] In v26.1, SQL performance events will be logged to the `SQL_EXEC` channel instead of the `SQL_PERF` and `SQL_INTERNAL_PERF` channels. To test the impact of this change, you can set the new cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects SQL performance logs to the `SQL_EXEC` channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. [#151827][#151827]
+- `sql.catalog.allow_leased_descriptors.enabled` - Added the `sql.catalog.allow_leased_descriptors.enabled` cluster setting, which is false by default. When set to true, queries that access the `pg_catalog` or `information_schema` can use cached leased descriptors to populate the data in those tables, with the tradeoff that some of the data could be stale. [#154491][#154491]
+- `sql.log.scan_row_count_misestimate.enabled` - Added a cluster setting (`sql.log.scan_row_count_misestimate.enabled`) that enables logging a warning on the gateway node when optimizer estimates for scans are inaccurate. The log message includes the table and index being scanned, the estimated and actual row counts, the time since the last table stats collection, and the table's estimated staleness. [#155123][#155123]
+- `sql.schema.approx_max_object_count` - Added cluster setting `sql.schema.approx_max_object_count` (default: 20,000) to prevent creation of new schema objects when the limit is exceeded. The check uses cached table statistics for performance and is approximate - it may not be immediately accurate until table statistics are updated by the background statistics refreshing job. Clusters that have been running stably with a larger object count should raise the limit or disable the limit by setting the value to 0. In future releases, the default value for this setting will be raised as more CockroachDB features support larger object counts. [#154576][#154576]
+- `sql.trace.txn.include_internal.enabled` - You can now exclude internal transactions from probabilistic transaction tracing and latency-based logging by setting the `sql.trace.txn.include_internal.enabled` cluster setting to false. This setting is enabled by default to preserve the current behavior, but disabling it is recommended when debugging customer workloads to reduce noise in trace output. [#151433][#151433]
+- `sql.trace.txn.jaeger_json_output.enabled` - You can now output transaction traces to the logs in Jaeger-compatible JSON format. This is controlled by the `sql.trace.txn.jaeger_json_output.enabled` cluster setting, which is disabled by default. When enabled, traces triggered by probabilistic sampling or statement latency thresholds will be formatted for easier ingestion by tools that support the Jaeger tracing format. [#151414][#151414]
+- `storage.unhealthy_write_duration` - Added the cluster setting `storage.unhealthy_write_duration` (defaults to 20s), which is used to indicate to the allocator that a store's disk is unhealthy. The cluster setting `kv.allocator.disk_unhealthy_io_overload_score` controls the overload score assigned to a store with an unhealthy disk, where a higher score results in preventing lease or replica transfers to the store, or shedding of leases by the store. The default value of that setting is 0, so the allocator behavior is unaffected. [#154459][#154459]
 
-<h5 id="v25-3-0-settings-changed">Setting changes</h5>
+<h5 id="v25-4-0-settings-changed-default">Settings with changed defaults</h5>
 
-- Bullet
-- Bullet
+- The value of `feature.vector_index.enabled` now defaults to `true`. Vector indexing is now enabled by default. [#155561][#155561]
 
-[#]: https://github.com/cockroachdb/cockroach/pull/
-[#]: https://github.com/cockroachdb/cockroach/pull/
-[#]: https://github.com/cockroachdb/cockroach/pull/
-[#]: https://github.com/cockroachdb/cockroach/pull/
\ No newline at end of file
+<h5 id="v25-4-0-settings-other-changes">Other setting changes</h5>
+
+- Removed the `bulkio.backup.deprecated_full_backup_with_subdir.enabled` cluster setting, since backups will now fail if this is set to true. [#153628][#153628]
+- Removed the `storage.columnar_blocks.enabled` cluster setting; columnar blocks are always enabled. [#149371][#149371]
+- Introduced the cluster setting `sql.stats.error_on_concurrent_create_stats.enabled`, which modifies how CockroachDB reacts to concurrent auto stats jobs. The default, `true`, maintains the previous behavior. Setting `sql.stats.error_on_concurrent_create_stats.enabled` to `false` will cause the concurrent auto stats job to be skipped with just a log entry and no increased error counters. [#149538][#149538]
+- Updated TTL job replanning to be less sensitive by focusing specifically on detecting when nodes become unavailable rather than reacting to all plan differences. The cluster setting `sql.ttl.replan_flow_threshold` may have been set to `0` to work around the TTL replanner being too sensitive; this fix will alleviate that and any instance that had set `replan_flow_threshold` to `0` can be reset back to the default. [#150771][#150771]
+- Updated the redaction policy for cluster settings in `debug zip` output. All "sensitive" settings are now redacted in all debug zips, whether or not redaction is explicitly requested. In redacted debug zips, both "sensitive" and "non-reportable" settings are redacted. This replaces the previous behavior, which redacted all string-type settings only in redacted debug zips. [#150364][#150364]
+- Added a new file, `cluster_settings_history.txt`, to debug zips. This file contains a history of cluster setting changes based on the system event log table. The history is only available while the corresponding events remain in the table. Sensitive settings are always redacted, and non-reportable settings are redacted when the debug zip is generated with redaction enabled. [#151066][#151066]
+
+[#149371]: https://github.com/cockroachdb/cockroach/pull/149371
+[#149538]: https://github.com/cockroachdb/cockroach/pull/149538
+[#150364]: https://github.com/cockroachdb/cockroach/pull/150364
+[#150771]: https://github.com/cockroachdb/cockroach/pull/150771
+[#151066]: https://github.com/cockroachdb/cockroach/pull/151066
+[#151414]: https://github.com/cockroachdb/cockroach/pull/151414
+[#151433]: https://github.com/cockroachdb/cockroach/pull/151433
+[#151807]: https://github.com/cockroachdb/cockroach/pull/151807
+[#151827]: https://github.com/cockroachdb/cockroach/pull/151827
+[#153491]: https://github.com/cockroachdb/cockroach/pull/153491
+[#153628]: https://github.com/cockroachdb/cockroach/pull/153628
+[#154459]: https://github.com/cockroachdb/cockroach/pull/154459
+[#154491]: https://github.com/cockroachdb/cockroach/pull/154491
+[#154576]: https://github.com/cockroachdb/cockroach/pull/154576
+[#155123]: https://github.com/cockroachdb/cockroach/pull/155123
+[#155561]: https://github.com/cockroachdb/cockroach/pull/155561

From a9e324a62abf2bf8db6e0a5da7ffb59ed89133ad Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Fri, 31 Oct 2025 14:27:16 -0400
Subject: [PATCH 05/22] Cluster setting change updates

---
 .../releases/v25.4/cluster-setting-changes.md | 67 +++++++++++++++----
 1 file changed, 54 insertions(+), 13 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/cluster-setting-changes.md b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
index 6dbe3db1746..d2c96f57bc4 100644
--- a/src/current/_includes/releases/v25.4/cluster-setting-changes.md
+++ b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
@@ -2,26 +2,66 @@ Changes to [cluster settings]({% link v25.4/cluster-settings.md %}) should be re
 
 <h5 id="v25-4-0-settings-added">New settings</h5>
 
-- `changefeed.progress.frontier_persistence.interval` - Changefeeds will now periodically persist their entire span frontiers so that fewer duplicates will need to be emitted during restarts. The default persistence interval is 30s, but this can be configured with the `changefeed.progress.frontier_persistence.interval` cluster setting. [#153491][#153491]
-- `log.channel_compatibility_mode.enabled` - In v26.1, changefeed events will be logged to the `CHANGEFEED` logging channel instead of `TELEMETRY`. To test the impact of this change before upgrading, set the cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects changefeed logs to the `CHANGEFEED` channel and should be tested only in non-production environments. [#151807][#151807] In v26.1, SQL performance events will be logged to the `SQL_EXEC` channel instead of the `SQL_PERF` and `SQL_INTERNAL_PERF` channels. To test the impact of this change, you can set the new cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects SQL performance logs to the `SQL_EXEC` channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. [#151827][#151827]
-- `sql.catalog.allow_leased_descriptors.enabled` - Added the `sql.catalog.allow_leased_descriptors.enabled` cluster setting, which is false by default. When set to true, queries that access the `pg_catalog` or `information_schema` can use cached leased descriptors to populate the data in those tables, with the tradeoff that some of the data could be stale. [#154491][#154491]
-- `sql.log.scan_row_count_misestimate.enabled` - Added a cluster setting (`sql.log.scan_row_count_misestimate.enabled`) that enables logging a warning on the gateway node when optimizer estimates for scans are inaccurate. The log message includes the table and index being scanned, the estimated and actual row counts, the time since the last table stats collection, and the table's estimated staleness. [#155123][#155123]
-- `sql.schema.approx_max_object_count` - Added cluster setting `sql.schema.approx_max_object_count` (default: 20,000) to prevent creation of new schema objects when the limit is exceeded. The check uses cached table statistics for performance and is approximate - it may not be immediately accurate until table statistics are updated by the background statistics refreshing job. Clusters that have been running stably with a larger object count should raise the limit or disable the limit by setting the value to 0. In future releases, the default value for this setting will be raised as more CockroachDB features support larger object counts. [#154576][#154576]
-- `sql.trace.txn.include_internal.enabled` - You can now exclude internal transactions from probabilistic transaction tracing and latency-based logging by setting the `sql.trace.txn.include_internal.enabled` cluster setting to false. This setting is enabled by default to preserve the current behavior, but disabling it is recommended when debugging customer workloads to reduce noise in trace output. [#151433][#151433]
-- `sql.trace.txn.jaeger_json_output.enabled` - You can now output transaction traces to the logs in Jaeger-compatible JSON format. This is controlled by the `sql.trace.txn.jaeger_json_output.enabled` cluster setting, which is disabled by default. When enabled, traces triggered by probabilistic sampling or statement latency thresholds will be formatted for easier ingestion by tools that support the Jaeger tracing format. [#151414][#151414]
-- `storage.unhealthy_write_duration` - Added the cluster setting `storage.unhealthy_write_duration` (defaults to 20s), which is used to indicate to the allocator that a store's disk is unhealthy. The cluster setting `kv.allocator.disk_unhealthy_io_overload_score` controls the overload score assigned to a store with an unhealthy disk, where a higher score results in preventing lease or replica transfers to the store, or shedding of leases by the store. The default value of that setting is 0, so the allocator behavior is unaffected. [#154459][#154459]
+- `changefeed.progress.frontier_persistence.interval`
+
+    Changefeeds will now periodically persist their entire span frontiers so that fewer duplicates will need to be emitted during restarts. The default persistence interval is 30s, but this can be configured with the `changefeed.progress.frontier_persistence.interval` cluster setting. [#153491][#153491]
+
+- `log.channel_compatibility_mode.enabled` {% comment %}Verify with PM/Docs{% endcomment %}
+
+  - In v26.1, changefeed events will be logged to the `CHANGEFEED` logging channel instead of `TELEMETRY`. To test the impact of this change before upgrading, set the cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects changefeed logs to the `CHANGEFEED` channel and should be tested only in non-production environments. [#151807][#151807]
+  - In v26.1, SQL performance events will be logged to the `SQL_EXEC` channel instead of the `SQL_PERF` and `SQL_INTERNAL_PERF` channels. To test the impact of this change, you can set the new cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects SQL performance logs to the `SQL_EXEC` channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. [#151827][#151827]
+  - In v26.1, `sampled_query` and `sampled_transaction` events will move from the `TELEMETRY` channel to the `SQL_EXEC` logging channel. To test for potential logging pipeline impacts of these changes, set `log.channel_compatibility_mode.enabled` to `false`. Avoid testing in production, as this setting changes live log behavior. [#151949][#151949]
+
+- `sql.catalog.allow_leased_descriptors.enabled`
+
+    Added the `sql.catalog.allow_leased_descriptors.enabled` cluster setting, which is false by default. When set to true, queries that access the `pg_catalog` or `information_schema` can use cached leased descriptors to populate the data in those tables, with the tradeoff that some of the data could be stale. [#154491][#154491]
+
+- `sql.log.scan_row_count_misestimate.enabled`
+
+    Added a cluster setting (`sql.log.scan_row_count_misestimate.enabled`) that enables logging a warning on the gateway node when optimizer estimates for scans are inaccurate. The log message includes the table and index being scanned, the estimated and actual row counts, the time since the last table stats collection, and the table's estimated staleness. [#155123][#155123]
+
+- `sql.schema.approx_max_object_count`
+
+    Added cluster setting `sql.schema.approx_max_object_count` (default: 20,000) to prevent creation of new schema objects when the limit is exceeded. The check uses cached table statistics for performance and is approximate - it may not be immediately accurate until table statistics are updated by the background statistics refreshing job. Clusters that have been running stably with a larger object count should raise the limit or disable the limit by setting the value to 0. In future releases, the default value for this setting will be raised as more CockroachDB features support larger object counts. [#154576][#154576]
+
+- `sql.trace.txn.include_internal.enabled`
+
+    You can now exclude internal transactions from probabilistic transaction tracing and latency-based logging by setting the `sql.trace.txn.include_internal.enabled` cluster setting to false. This setting is enabled by default to preserve the current behavior, but disabling it is recommended when debugging customer workloads to reduce noise in trace output. [#151433][#151433]
+
+- `sql.trace.txn.jaeger_json_output.enabled`
+
+    You can now output transaction traces to the logs in Jaeger-compatible JSON format. This is controlled by the `sql.trace.txn.jaeger_json_output.enabled` cluster setting, which is disabled by default. When enabled, traces triggered by probabilistic sampling or statement latency thresholds will be formatted for easier ingestion by tools that support the Jaeger tracing format. [#151414][#151414]
+
+- `storage.unhealthy_write_duration` {% comment %}Verify with Eng{% endcomment %}
+
+    Added the cluster setting `storage.unhealthy_write_duration` (defaults to 20s), which is used to indicate to the allocator that a store's disk is unhealthy. The cluster setting `kv.allocator.disk_unhealthy_io_overload_score` controls the overload score assigned to a store with an unhealthy disk, where a higher score results in preventing lease or replica transfers to the store, or shedding of leases by the store. The default value of that setting is 0, so the allocator behavior is unaffected. [#154459][#154459]
 
 <h5 id="v25-4-0-settings-changed-default">Settings with changed defaults</h5>
 
-- The value of `feature.vector_index.enabled` now defaults to `true`. Vector indexing is now enabled by default. [#155561][#155561]
+- `feature.vector_index.enabled` {% comment %}Verify with Eng{% endcomment %}
+
+    The value of `feature.vector_index.enabled` now defaults to `true`. Vector indexing is now enabled by default. [#155561][#155561]
 
 <h5 id="v25-4-0-settings-other-changes">Other setting changes</h5>
 
-- Removed the `bulkio.backup.deprecated_full_backup_with_subdir.enabled` cluster setting, since backups will now fail if this is set to true. [#153628][#153628]
-- Removed the `storage.columnar_blocks.enabled` cluster setting; columnar blocks are always enabled. [#149371][#149371]
-- Introduced the cluster setting `sql.stats.error_on_concurrent_create_stats.enabled`, which modifies how CockroachDB reacts to concurrent auto stats jobs. The default, `true`, maintains the previous behavior. Setting `sql.stats.error_on_concurrent_create_stats.enabled` to `false` will cause the concurrent auto stats job to be skipped with just a log entry and no increased error counters. [#149538][#149538]
-- Updated TTL job replanning to be less sensitive by focusing specifically on detecting when nodes become unavailable rather than reacting to all plan differences. The cluster setting `sql.ttl.replan_flow_threshold` may have been set to `0` to work around the TTL replanner being too sensitive; this fix will alleviate that and any instance that had set `replan_flow_threshold` to `0` can be reset back to the default. [#150771][#150771]
+- `bulkio.backup.deprecated_full_backup_with_subdir.enabled` {% comment %}Verify with msbutler{% endcomment %}
+
+    Removed the `bulkio.backup.deprecated_full_backup_with_subdir.enabled` cluster setting, since backups will now fail if this is set to true. [#153628][#153628]
+
+- `storage.columnar_blocks.enabled`
+
+    Removed the `storage.columnar_blocks.enabled` cluster setting; columnar blocks are always enabled. [#149371][#149371]
+
+- `sql.stats.error_on_concurrent_create_stats.enabled`
+
+    Introduced the cluster setting `sql.stats.error_on_concurrent_create_stats.enabled`, which modifies how CockroachDB reacts to concurrent auto stats jobs. The default, `true`, maintains the previous behavior. Setting `sql.stats.error_on_concurrent_create_stats.enabled` to `false` will cause the concurrent auto stats job to be skipped with just a log entry and no increased error counters. [#149538][#149538]
+
+- `sql.ttl.replan_flow_threshold` {% comment %}Verify with spilchen{% endcomment %}
+
+    Updated TTL job replanning to be less sensitive by focusing specifically on detecting when nodes become unavailable rather than reacting to all plan differences. The cluster setting `sql.ttl.replan_flow_threshold` may have been set to `0` to work around the TTL replanner being too sensitive; this fix will alleviate that and any instance that had set `replan_flow_threshold` to `0` can be reset back to the default. [#150771][#150771]
+
 - Updated the redaction policy for cluster settings in `debug zip` output. All "sensitive" settings are now redacted in all debug zips, whether or not redaction is explicitly requested. In redacted debug zips, both "sensitive" and "non-reportable" settings are redacted. This replaces the previous behavior, which redacted all string-type settings only in redacted debug zips. [#150364][#150364]
+
 - Added a new file, `cluster_settings_history.txt`, to debug zips. This file contains a history of cluster setting changes based on the system event log table. The history is only available while the corresponding events remain in the table. Sensitive settings are always redacted, and non-reportable settings are redacted when the debug zip is generated with redaction enabled. [#151066][#151066]
 
 [#149371]: https://github.com/cockroachdb/cockroach/pull/149371
@@ -33,6 +73,7 @@ Changes to [cluster settings]({% link v25.4/cluster-settings.md %}) should be re
 [#151433]: https://github.com/cockroachdb/cockroach/pull/151433
 [#151807]: https://github.com/cockroachdb/cockroach/pull/151807
 [#151827]: https://github.com/cockroachdb/cockroach/pull/151827
+[#151949]: https://github.com/cockroachdb/cockroach/pull/151949
 [#153491]: https://github.com/cockroachdb/cockroach/pull/153491
 [#153628]: https://github.com/cockroachdb/cockroach/pull/153628
 [#154459]: https://github.com/cockroachdb/cockroach/pull/154459

From c91a9f6e29fae35eba81aab8805fb5e469df64b5 Mon Sep 17 00:00:00 2001
From: Florence Morris <florence@cockroachlabs.com>
Date: Fri, 31 Oct 2025 14:48:27 -0400
Subject: [PATCH 06/22] =?UTF-8?q?In=20cluster-setting-changes.md=20and=20v?=
 =?UTF-8?q?25.4.0-alpha.1.md,=20replace=20v26.1=20with=20=E2=80=9Cfuture?=
 =?UTF-8?q?=20major=20release=E2=80=9D.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../_includes/releases/v25.4/cluster-setting-changes.md   | 8 ++++----
 src/current/_includes/releases/v25.4/v25.4.0-alpha.1.md   | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/cluster-setting-changes.md b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
index d2c96f57bc4..f16e425c5de 100644
--- a/src/current/_includes/releases/v25.4/cluster-setting-changes.md
+++ b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
@@ -6,11 +6,11 @@ Changes to [cluster settings]({% link v25.4/cluster-settings.md %}) should be re
 
     Changefeeds will now periodically persist their entire span frontiers so that fewer duplicates will need to be emitted during restarts. The default persistence interval is 30s, but this can be configured with the `changefeed.progress.frontier_persistence.interval` cluster setting. [#153491][#153491]
 
-- `log.channel_compatibility_mode.enabled` {% comment %}Verify with PM/Docs{% endcomment %}
+- `log.channel_compatibility_mode.enabled`
 
-  - In v26.1, changefeed events will be logged to the `CHANGEFEED` logging channel instead of `TELEMETRY`. To test the impact of this change before upgrading, set the cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects changefeed logs to the `CHANGEFEED` channel and should be tested only in non-production environments. [#151807][#151807]
-  - In v26.1, SQL performance events will be logged to the `SQL_EXEC` channel instead of the `SQL_PERF` and `SQL_INTERNAL_PERF` channels. To test the impact of this change, you can set the new cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects SQL performance logs to the `SQL_EXEC` channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. [#151827][#151827]
-  - In v26.1, `sampled_query` and `sampled_transaction` events will move from the `TELEMETRY` channel to the `SQL_EXEC` logging channel. To test for potential logging pipeline impacts of these changes, set `log.channel_compatibility_mode.enabled` to `false`. Avoid testing in production, as this setting changes live log behavior. [#151949][#151949]
+  - In a future major release, changefeed events will be logged to the `CHANGEFEED` logging channel instead of `TELEMETRY`. To test the impact of this change before upgrading, set the cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects changefeed logs to the `CHANGEFEED` channel and should be tested only in non-production environments. [#151807][#151807]
+  - In a future major release, SQL performance events will be logged to the `SQL_EXEC` channel instead of the `SQL_PERF` and `SQL_INTERNAL_PERF` channels. To test the impact of this change, you can set the new cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects SQL performance logs to the `SQL_EXEC` channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. [#151827][#151827]
+  - In a future major release, `sampled_query` and `sampled_transaction` events will move from the `TELEMETRY` channel to the `SQL_EXEC` logging channel. To test for potential logging pipeline impacts of these changes, set `log.channel_compatibility_mode.enabled` to `false`. Avoid testing in production, as this setting changes live log behavior. [#151949][#151949]
 
 - `sql.catalog.allow_leased_descriptors.enabled`
 
diff --git a/src/current/_includes/releases/v25.4/v25.4.0-alpha.1.md b/src/current/_includes/releases/v25.4/v25.4.0-alpha.1.md
index 5a98f58eeb4..d4316d1bf95 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0-alpha.1.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0-alpha.1.md
@@ -168,10 +168,10 @@ Release Date: September 17, 2025
 - Added `auth.ldap.conn.latency.internal` metric to denote the internal authentication time for LDAP auth method. [#151105][#151105]
 - Introduced two new logging channels: `KV_EXEC` and `CHANGEFEED`. The `KV_EXEC` channel is intended for KV events that do not fall into the `KV_DISTRIBUTION` channel. The `CHANGEFEED` channel is intended for changefeed-related events that are currently logged to the `TELEMETRY` channel. This change does not include logic to move existing logs to the new channels. [#151692][#151692]
 - Restricted access to internal tables in the `crdb_internal` schema. Only a predefined allowlist of internal objects is accessible when the session variable `allow_unsafe_internals` is enabled or when the caller is internal. [#151804][#151804]
-- In v26.1, changefeed events will be logged to the `CHANGEFEED` logging channel instead of `TELEMETRY`. To test the impact of this change before upgrading, set the cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects changefeed logs to the `CHANGEFEED` channel and should be tested only in non-production environments. [#151807][#151807]
-- In v26.1, SQL performance events will be logged to the `SQL_EXEC` channel instead of the `SQL_PERF` and `SQL_INTERNAL_PERF` channels. To test the impact of this change, you can set the new cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects SQL performance logs to the `SQL_EXEC` channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. [#151827][#151827]
+- In a future major release, changefeed events will be logged to the `CHANGEFEED` logging channel instead of `TELEMETRY`. To test the impact of this change before upgrading, set the cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects changefeed logs to the `CHANGEFEED` channel and should be tested only in non-production environments. [#151807][#151807]
+- In a future major release, SQL performance events will be logged to the `SQL_EXEC` channel instead of the `SQL_PERF` and `SQL_INTERNAL_PERF` channels. To test the impact of this change, you can set the new cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects SQL performance logs to the `SQL_EXEC` channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. [#151827][#151827]
 - Restricted access to all `crdb_internal` built-ins unless the session variable `allow_unsafe_internals` is set to `true`, or the caller is internal. [#151887][#151887]
-- In v26.1, `sampled_query` and `sampled_transaction` events will move from the `TELEMETRY` channel to the `SQL_EXEC` logging channel. To test for potential logging pipeline impacts of these changes, set `log.channel_compatibility_mode.enabled` to `false`. Avoid testing in production, as this setting changes live log behavior. [#151949][#151949]
+- In a future major release, `sampled_query` and `sampled_transaction` events will move from the `TELEMETRY` channel to the `SQL_EXEC` logging channel. To test for potential logging pipeline impacts of these changes, set `log.channel_compatibility_mode.enabled` to `false`. Avoid testing in production, as this setting changes live log behavior. [#151949][#151949]
 - Delegate queries (such as `SHOW DATABASES`) are now excluded from unsafe SQL checks that restrict access to the `system` database and `crdb_internal` schema. This change ensures that these commands continue to function even when access to internal components is otherwise restricted. [#152084][#152084]
 - The Physical Cluster Replication (PCR) reader tenant is always destroyed on cutover [#152509][#152509]
 - `SYSTEM` privileges are inherited in read-only mode in standby Physical Cluster Replication (PCR) clusters. [#149708][#149708]

From a263e6305663e2230420ffd098247a5f27c70017 Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Fri, 31 Oct 2025 15:18:30 -0400
Subject: [PATCH 07/22] Updates to Feature Highlights

---
 .../_includes/releases/v25.4/v25.4.0.md       | 115 ++++++++----------
 1 file changed, 54 insertions(+), 61 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index 6630d3087e8..24949c5f071 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -7,7 +7,7 @@ With the release of CockroachDB v25.4, we've added new capabilities to help you
 For a summary of the most significant changes, refer to [Feature Highlights](#v25-4-0-feature-highlights), which contains the following categories:
 
   - [SQL](#v25-4-0-sql)
-  - [Security](#v25-4-0-security)
+  - [Observability](#v25-4-0-observability)
   - [CockroachDB Cloud](#v25-4-0-cloud)
 
 Before [upgrading to CockroachDB v25.4]({% link v25.4/upgrade-cockroach-version.md %}), be sure to also review the following [Upgrade Details](#v25-4-0-upgrade-details):
@@ -47,7 +47,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Vector Indexing Improvements</p>
     <p class="feature-description" markdown="1">
-      [Needs writer review] Vector indexes in CockroachDB now support table backfills, making it easy to add vector indexes to existing tables without requiring manual data rewrites or service interruption. This update enhances the usability of vector search features by allowing seamless indexing of pre-existing data. Additionally, support for both cosine distance and inner product has been added, giving users more flexibility in selecting similarity metrics that best suit their machine learning or AI workloads. Together, these improvements make it easier to build and scale intelligent applications directly on CockroachDB.
+      Vector indexes in CockroachDB now support table backfills, making it easy to add vector indexes to existing tables without requiring manual data rewrites or service interruption. This update enhances the usability of vector search features by allowing seamless indexing of pre-existing data. Additionally, support for both cosine distance and inner product has been added, giving users more flexibility in selecting similarity metrics that best suit their machine learning or AI workloads. Together, these improvements make it easier to build and scale intelligent applications directly on CockroachDB.
     </p>
    </td>
    <td>25.4</td>
@@ -56,47 +56,25 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td class="icon-center">{% include icon-yes.html %}</td>
    <td class="icon-center">{% include icon-yes.html %}</td>
   </tr>
- </tbody>
-</table>
-
-<h4 id="v25-4-0-security">Security</h4>
-
-<table>
- <thead>
-  <tr>
-   <th class="center-align" colspan="1" rowspan="2">Feature</th>
-   <th class="center-align" colspan="5" rowspan="1">Availability</th>
-  </tr>
-  <tr>
-    <th colspan="1" rowspan="1">Ver.</th>
-    <th colspan="1" rowspan="1" style="white-space: nowrap;">Self-hosted</th>
-    <th colspan="1" rowspan="1">Advanced</th>
-    <th colspan="1" rowspan="1">Standard</th>
-    <th colspan="1" rowspan="1">Basic</th>
-  </tr>
- </thead>
- <tbody>
   <tr>
    <td>
-    <p class="feature-summary">JWT/OIDC Authorization Support</p>
-    <p class="feature-description">
-      [Placeholder. Need PM draft.] This release adds support for authorization with JWT/OIDC authentication, similar to existing LDAP authorization capabilities.
+    <p class="feature-summary">Stable SQL API and Controlled Access to Unsupported crdb_internal Tables</p>
+    <p class="feature-description" markdown="1">
+      CockroachDB is introducing a stable and well-defined SQL API for system introspection, ensuring that customers and third-party tools can safely and reliably query cluster metadata and performance data in production environments.
     </p>
    </td>
    <td>25.4</td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
   </tr>
  </tbody>
 </table>
 
-<h4 id="v25-4-0-cloud">CockroachDB Cloud</h4>
+<h4 id="v25-4-0-observability">Observability</h4>
 
-<h5 id="v25-4-0-cloud-security">Security</h5>
-
-<table>
+<table markdown="1">
  <thead>
   <tr>
    <th class="center-align" colspan="1" rowspan="2">Feature</th>
@@ -113,36 +91,52 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
  <tbody>
   <tr>
    <td>
-    <p class="feature-summary">Customer-Managed Encryption Keys (CMEK) Improvements</p>
-    <p class="feature-description">
-      [Placeholder. Need PM draft.] This release includes general improvements and enhancements to CMEK functionality across AWS, GCP, and Azure.
+    <p class="feature-summary">Transaction Diagnostic Bundles for Comprehensive SQL Tracing</p>
+    <p class="feature-description" markdown="1">
+      CockroachDB now supports Transaction Diagnostic Bundles, enabling Cockroach Labs Support to capture and analyze a complete trace of an entire SQL transaction not just individual statements.
+
+      This feature extends the existing Statement Diagnostic Bundle capability to provide a holistic view of multi-statement transactions, making it significantly easier to diagnose complex customer issues during support incidents.
     </p>
+    <p class="feature-description">Each Transaction Diagnostic Bundle includes:</p>
+    <ul class="feature-description">
+      <li>A Jaeger and text trace of the full transaction execution path.</li>
+      <li>Individual statement diagnostic bundles for every statement executed within the transaction.</li>
+    </ul>
    </td>
-   <td>All<sup>*</sup></td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
+   <td>25.4</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-no.html %}</td>
+   <td class="icon-center">{% include icon-no.html %}</td>
   </tr>
   <tr>
    <td>
-    <p class="feature-summary">CMEK Configuration UI in Cloud Console</p>
-    <p class="feature-description">
-      [Placeholder. Need PM draft.] CMEK configuration is now available through the CockroachDB Cloud Console UI, providing feature parity with the API and making it easier for all customers to configure customer-managed encryption keys.
+    <p class="feature-summary">Structured and Consistent Logging Channels</p>
+    <p class="feature-description" markdown="1">
+      CockroachDB has updated structured and consistent logging channels across the system to improve log discoverability, production observability, and support troubleshooting.
     </p>
+    <p class="feature-description">New channels introduced:</p>
+    <ul class="feature-description">
+      <li>CHANGEFEED – dedicated channel for Change Data Capture (CDC) logs, migrated from DEV and TELEMETRY.</li>
+      <li>KV_EXEC – channel for KV execution logs, separated from general distribution logs.</li>
+    </ul>
+    <p class="feature-description">Rerouted existing logs:</p>
+    <ul class="feature-description">
+      <li>sampled_query logs moved from TELEMETRY → SQL_EXEC for better categorization.</li>
+    </ul>
    </td>
-   <td>All<sup>*</sup></td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
-   <td class="icon-center">?</td>
+   <td>25.4</td>
+   <td class="icon-center">{% include icon-yes.html %}</td>
+   <td class="icon-center">{% include icon-no.html %}</td>
+   <td class="icon-center">{% include icon-no.html %}</td>
+   <td class="icon-center">{% include icon-no.html %}</td>
   </tr>
  </tbody>
 </table>
 
-<h5 id="v25-4-0-cloud-administration">Administration</h5>
+<h4 id="v25-4-0-cloud">CockroachDB Cloud</h4>
 
-<table>
+<table markdown="1">
  <thead>
   <tr>
    <th class="center-align" colspan="1" rowspan="2">Feature</th>
@@ -160,19 +154,18 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
   <tr>
    <td>
     <p class="feature-summary">Metrics Viewer Role for CockroachDB Cloud</p>
-    <p class="feature-description">
-      [Needs writer review] This release introduces the Metrics Viewer role on CockroachDB Cloud, providing dedicated permissions for metrics collection and insights. This role is designed to enhance overall security by enabling granular access control to cluster performance data.
+    <p class="feature-description" markdown="1">
+      This release introduces the Metrics Viewer role on CockroachDB Cloud, providing dedicated permissions for metrics collection and insights. This role is designed to enhance overall security by enabling granular access control to cluster performance data.
 
       The Metrics Viewer role grants read-only access to cluster metrics and related insights, without conferring any administrative or data manipulation privileges.
-
-      Key benefits:
-
-      * Improved Security: Enables the principle of least privilege by allowing users or services to monitor cluster performance without broader access to sensitive data or configuration.
-      * Targeted Access: Provides focused access to operational metrics, empowering teams to monitor health and performance efficiently.
-      * Enhanced Collaboration: Facilitates secure collaboration by allowing different teams (e.g., SREs, developers) to access relevant metrics without over-provisioned permissions.
-
-      When combined with the existing Cluster Developer role, a user can effectively gain "Power Developer" like functionalities, enabling them to develop applications and monitor their performance comprehensively while maintaining a clear separation of privileges for security.
     </p>
+    <p class="feature-description">Key benefits:</p>
+    <ul class="feature-description">
+      <li>Improved Security: Enables the principle of least privilege by allowing users or services to monitor cluster performance without broader access to sensitive data or configuration.</li>
+      <li>Targeted Access: Provides focused access to operational metrics, empowering teams to monitor health and performance efficiently.</li>
+      <li>Enhanced Collaboration: Facilitates secure collaboration by allowing different teams (e.g., SREs, developers) to access relevant metrics without over-provisioned permissions.</li>
+    </ul>
+    <p class="feature-description">When combined with the existing Cluster Developer role, a user can effectively gain "Power Developer" like functionalities, enabling them to develop applications and monitor their performance comprehensively while maintaining a clear separation of privileges for security.</p>
    </td>
    <td>All<sup>*</sup></td>
    <td class="icon-center">{% include icon-no.html %}</td>

From f4c7e2227ef5d55934112ac43ecb7ed9863311d1 Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Sun, 2 Nov 2025 03:35:02 -0500
Subject: [PATCH 08/22] Update cluster settings, deprecations, finalization,
 backward-incompatible, and anchor link CSS

---
 .../releases/v25.4/backward-incompatible.md   |  3 +-
 .../releases/v25.4/cluster-setting-changes.md | 34 ++++++++++---------
 .../_includes/releases/v25.4/deprecations.md  | 19 ++++++-----
 .../releases/v25.4/upgrade-finalization.md    |  9 ++---
 .../releases/v25.4/v25.4.0-alpha.2.md         |  4 +--
 src/current/css/customstyles.scss             |  4 +++
 6 files changed, 40 insertions(+), 33 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/backward-incompatible.md b/src/current/_includes/releases/v25.4/backward-incompatible.md
index 01945a61c5f..8fd19417c94 100644
--- a/src/current/_includes/releases/v25.4/backward-incompatible.md
+++ b/src/current/_includes/releases/v25.4/backward-incompatible.md
@@ -1 +1,2 @@
-- Bullet
\ No newline at end of file
+There are no backward-incompatible changes.
+{% comment %}TODO: Are removed settings 'backward incompatbile' because if you downgrade you lose what you had set?{% endcomment %}
\ No newline at end of file
diff --git a/src/current/_includes/releases/v25.4/cluster-setting-changes.md b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
index f16e425c5de..321c02a61b1 100644
--- a/src/current/_includes/releases/v25.4/cluster-setting-changes.md
+++ b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
@@ -2,59 +2,61 @@ Changes to [cluster settings]({% link v25.4/cluster-settings.md %}) should be re
 
 <h5 id="v25-4-0-settings-added">New settings</h5>
 
-- `changefeed.progress.frontier_persistence.interval`
+- `changefeed.progress.frontier_persistence.interval` (default: `30s`)
 
     Changefeeds will now periodically persist their entire span frontiers so that fewer duplicates will need to be emitted during restarts. The default persistence interval is 30s, but this can be configured with the `changefeed.progress.frontier_persistence.interval` cluster setting. [#153491][#153491]
 
-- `log.channel_compatibility_mode.enabled`
+- `log.channel_compatibility_mode.enabled` (default: `true`)
 
   - In a future major release, changefeed events will be logged to the `CHANGEFEED` logging channel instead of `TELEMETRY`. To test the impact of this change before upgrading, set the cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects changefeed logs to the `CHANGEFEED` channel and should be tested only in non-production environments. [#151807][#151807]
   - In a future major release, SQL performance events will be logged to the `SQL_EXEC` channel instead of the `SQL_PERF` and `SQL_INTERNAL_PERF` channels. To test the impact of this change, you can set the new cluster setting `log.channel_compatibility_mode.enabled` to `false`. This redirects SQL performance logs to the `SQL_EXEC` channel. This setting should not be used in production environments, as it may affect downstream logging pipelines. [#151827][#151827]
   - In a future major release, `sampled_query` and `sampled_transaction` events will move from the `TELEMETRY` channel to the `SQL_EXEC` logging channel. To test for potential logging pipeline impacts of these changes, set `log.channel_compatibility_mode.enabled` to `false`. Avoid testing in production, as this setting changes live log behavior. [#151949][#151949]
 
-- `sql.catalog.allow_leased_descriptors.enabled`
+- `sql.catalog.allow_leased_descriptors.enabled` (default: `false`)
 
     Added the `sql.catalog.allow_leased_descriptors.enabled` cluster setting, which is false by default. When set to true, queries that access the `pg_catalog` or `information_schema` can use cached leased descriptors to populate the data in those tables, with the tradeoff that some of the data could be stale. [#154491][#154491]
 
-- `sql.log.scan_row_count_misestimate.enabled`
+- `sql.log.scan_row_count_misestimate.enabled` (default: `false`)
 
     Added a cluster setting (`sql.log.scan_row_count_misestimate.enabled`) that enables logging a warning on the gateway node when optimizer estimates for scans are inaccurate. The log message includes the table and index being scanned, the estimated and actual row counts, the time since the last table stats collection, and the table's estimated staleness. [#155123][#155123]
 
-- `sql.schema.approx_max_object_count`
+- `sql.schema.approx_max_object_count` (default: `20000`)
 
     Added cluster setting `sql.schema.approx_max_object_count` (default: 20,000) to prevent creation of new schema objects when the limit is exceeded. The check uses cached table statistics for performance and is approximate - it may not be immediately accurate until table statistics are updated by the background statistics refreshing job. Clusters that have been running stably with a larger object count should raise the limit or disable the limit by setting the value to 0. In future releases, the default value for this setting will be raised as more CockroachDB features support larger object counts. [#154576][#154576]
 
-- `sql.trace.txn.include_internal.enabled`
+- `sql.stats.error_on_concurrent_create_stats.enabled` (default: `true`)
+
+    Introduced the cluster setting `sql.stats.error_on_concurrent_create_stats.enabled`, which modifies how CockroachDB reacts to concurrent auto stats jobs. The default, `true`, maintains the previous behavior. Setting `sql.stats.error_on_concurrent_create_stats.enabled` to `false` will cause the concurrent auto stats job to be skipped with just a log entry and no increased error counters. [#149538][#149538]
+
+- `sql.trace.txn.include_internal.enabled` (default: `true`)
 
     You can now exclude internal transactions from probabilistic transaction tracing and latency-based logging by setting the `sql.trace.txn.include_internal.enabled` cluster setting to false. This setting is enabled by default to preserve the current behavior, but disabling it is recommended when debugging customer workloads to reduce noise in trace output. [#151433][#151433]
 
-- `sql.trace.txn.jaeger_json_output.enabled`
+- `sql.trace.txn.jaeger_json_output.enabled` (default: `false`)
 
     You can now output transaction traces to the logs in Jaeger-compatible JSON format. This is controlled by the `sql.trace.txn.jaeger_json_output.enabled` cluster setting, which is disabled by default. When enabled, traces triggered by probabilistic sampling or statement latency thresholds will be formatted for easier ingestion by tools that support the Jaeger tracing format. [#151414][#151414]
 
-- `storage.unhealthy_write_duration` {% comment %}Verify with Eng{% endcomment %}
+- `storage.unhealthy_write_duration` (default: `20s`) {% comment %}Verify with Eng{% endcomment %}
 
     Added the cluster setting `storage.unhealthy_write_duration` (defaults to 20s), which is used to indicate to the allocator that a store's disk is unhealthy. The cluster setting `kv.allocator.disk_unhealthy_io_overload_score` controls the overload score assigned to a store with an unhealthy disk, where a higher score results in preventing lease or replica transfers to the store, or shedding of leases by the store. The default value of that setting is 0, so the allocator behavior is unaffected. [#154459][#154459]
 
 <h5 id="v25-4-0-settings-changed-default">Settings with changed defaults</h5>
 
-- `feature.vector_index.enabled` {% comment %}Verify with Eng{% endcomment %}
+- `feature.vector_index.enabled` now defaults to `true`. Vector indexing is now enabled by default. [#155561][#155561]
 
-    The value of `feature.vector_index.enabled` now defaults to `true`. Vector indexing is now enabled by default. [#155561][#155561]
+- `storage.value_separation.enabled` now defaults to `true`. {% comment %}TODO: Verify with annrpom - Is this backward-incompatible due to significant storage behavior change?{% endcomment %}This enables [value separation]({% link v25.4/architecture/storage-layer.md %}#value-separation) for SSTables, where values exceeding a certain size threshold are stored in separate blob files rather than inline in the SSTable. This helps improve write performance (write amplification) by avoiding rewriting such values during compactions. [#148857][#148857]
 
-<h5 id="v25-4-0-settings-other-changes">Other setting changes</h5>
+<h5 id="v25-4-0-settings-removed">Removed settings</h5>
 
-- `bulkio.backup.deprecated_full_backup_with_subdir.enabled` {% comment %}Verify with msbutler{% endcomment %}
+- `bulkio.backup.deprecated_full_backup_with_subdir.enabled` {% comment %}TODO: Verify with msbutler - Is this backward-incompatible since backups fail if set to true?{% endcomment %}
 
     Removed the `bulkio.backup.deprecated_full_backup_with_subdir.enabled` cluster setting, since backups will now fail if this is set to true. [#153628][#153628]
 
-- `storage.columnar_blocks.enabled`
+- `storage.columnar_blocks.enabled` {% comment %}TODO: Verify with jbowens - Is this backward-incompatible since it can't be disabled anymore?{% endcomment %}
 
     Removed the `storage.columnar_blocks.enabled` cluster setting; columnar blocks are always enabled. [#149371][#149371]
 
-- `sql.stats.error_on_concurrent_create_stats.enabled`
-
-    Introduced the cluster setting `sql.stats.error_on_concurrent_create_stats.enabled`, which modifies how CockroachDB reacts to concurrent auto stats jobs. The default, `true`, maintains the previous behavior. Setting `sql.stats.error_on_concurrent_create_stats.enabled` to `false` will cause the concurrent auto stats job to be skipped with just a log entry and no increased error counters. [#149538][#149538]
+<h5 id="v25-4-0-settings-other-changes">Other setting changes</h5>
 
 - `sql.ttl.replan_flow_threshold` {% comment %}Verify with spilchen{% endcomment %}
 
diff --git a/src/current/_includes/releases/v25.4/deprecations.md b/src/current/_includes/releases/v25.4/deprecations.md
index 47060171037..be5c5b1192e 100644
--- a/src/current/_includes/releases/v25.4/deprecations.md
+++ b/src/current/_includes/releases/v25.4/deprecations.md
@@ -1,10 +1,13 @@
-The following deprecations/removals are announced in v25.3.
+The following deprecations/removals are announced in v25.4.
 
-- Bullet
-- Bullet
-- Bullet
- [#][#]
+- The functionality provided by session variable `enforce_home_region_follower_reads_enabled` was deprecated in v24.2.4 and is now removed. {% comment %}TODO: Verify with michae2 - Is this backward-incompatible?{% endcomment %}(The variable itself remains for backward compatibility but has no effect.) Note that the related session variable `enforce_home_region` is **not** deprecated and still functions normally. [#148314][#148314]
 
-[#]: https://github.com/cockroachdb/cockroach/pull/
-[#]: https://github.com/cockroachdb/cockroach/pull/
-[#]: https://github.com/cockroachdb/cockroach/pull/
\ No newline at end of file
+- The cluster settings `storage.columnar_blocks.enabled` and `bulkio.backup.deprecated_full_backup_with_subdir.enabled` have been removed. For details, refer to [Removed settings](#v25-4-0-settings-removed).
+
+- The bespoke restore and import event logs have been deprecated. For any deployment that is reliant on those logs, use the status change event log which now plumbs the SQL user that owns the job. [#153889][#153889]
+
+- The `incremental_location` backup option is now deprecated and will be removed in a future release. This feature was added so customers could define different TTL policies for incremental backups vs full backups. Users can still do this since incremental backups are by default stored in a distinct directory relative to full backups (`{collection_root}/incrementals`). [#153890][#153890]
+
+[#148314]: https://github.com/cockroachdb/cockroach/pull/148314
+[#153889]: https://github.com/cockroachdb/cockroach/pull/153889
+[#153890]: https://github.com/cockroachdb/cockroach/pull/153890
\ No newline at end of file
diff --git a/src/current/_includes/releases/v25.4/upgrade-finalization.md b/src/current/_includes/releases/v25.4/upgrade-finalization.md
index f9a6dbb031e..cf2117c0581 100644
--- a/src/current/_includes/releases/v25.4/upgrade-finalization.md
+++ b/src/current/_includes/releases/v25.4/upgrade-finalization.md
@@ -1,7 +1,4 @@
-During a major-version upgrade, certain features and performance improvements are not available until the upgrade is finalized. In v25.3, these are:
+During a major-version upgrade, certain features and performance improvements are not available until the upgrade is finalized. In v25.4, these are:
 
-- Bullet
-- Bullet
-- Bullet
-- Bullet
-- Bullet
\ No newline at end of file
+- **Partial statistics with constraining predicates**: {% comment %}TODO: Verify with michae2{% endcomment %}The ability to manually create single-column partial statistics on boolean predicate expressions using a constraining `WHERE` clause in `CREATE STATISTICS` statements. For details, refer to the [release note](#v25-4-0-alpha-2-partial-statistics).
+- **Changefeed span frontier persistence**: {% comment %}TODO: Verify with Eng{% endcomment %}Changefeeds now periodically persist their entire span frontiers so that fewer duplicates need to be emitted during restarts. The default persistence interval is 30 seconds, configurable with the `changefeed.progress.frontier_persistence.interval` cluster setting. For details, refer to the [release note](#v25-4-0-alpha-2-changefeed-frontier-persistence).
\ No newline at end of file
diff --git a/src/current/_includes/releases/v25.4/v25.4.0-alpha.2.md b/src/current/_includes/releases/v25.4/v25.4.0-alpha.2.md
index de8f7cbd497..32dcb5b8f26 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0-alpha.2.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0-alpha.2.md
@@ -8,7 +8,7 @@ Release Date: September 23, 2025
 
 - `CREATE USER` and `GRANT` role operations now wait for full-cluster visibility of the new user table version rather than blocking on convergence. [#150747][#150747]
 - Introduced the `inspect_errors` system table. [#151821][#151821]
-- You now manually create single-column partial statistics on boolean predicate expressions that can become simple index scans. These statistics can be created by adding a constraining `WHERE` expression to `CREATE STATISTICS`.
+- <a name="v25-4-0-alpha-2-partial-statistics"></a>You now manually create single-column partial statistics on boolean predicate expressions that can become simple index scans. These statistics can be created by adding a constraining `WHERE` expression to `CREATE STATISTICS`.
   
   For example:
   
@@ -39,7 +39,7 @@ Release Date: September 23, 2025
 
 <h3 id="v25-4-0-alpha-2-performance-improvements">Performance improvements</h3>
 
-- Changefeeds will now
+- <a name="v25-4-0-alpha-2-changefeed-frontier-persistence"></a>Changefeeds will now
   periodically persist their entire span frontiers so that
   fewer duplicates will need to be emitted during restarts.
   The default persistence interval is 30s, but this can be
diff --git a/src/current/css/customstyles.scss b/src/current/css/customstyles.scss
index 99fa6932737..f185178dfb8 100755
--- a/src/current/css/customstyles.scss
+++ b/src/current/css/customstyles.scss
@@ -101,6 +101,10 @@ td > div.anchored
    scroll-margin-top: 100px;
 }
 
+a[name] {
+  scroll-margin-top: 100px;
+}
+
 table {
   overflow-x: auto;
   width: 100%;

From 04fc735d623dff67d91811feeb3807a1d07fbca6 Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:37:38 -0500
Subject: [PATCH 09/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index 24949c5f071..f033a9e5446 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -100,7 +100,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
     <p class="feature-description">Each Transaction Diagnostic Bundle includes:</p>
     <ul class="feature-description">
       <li>A Jaeger and text trace of the full transaction execution path.</li>
-      <li>Individual statement diagnostic bundles for every statement executed within the transaction.</li>
+      <li>Individual Statement Diagnostic Bundles for each statement executed within the transaction.</li>
     </ul>
    </td>
    <td>25.4</td>

From 1ed0db25ccd1d15cb23c9558856e81cf6c9d7294 Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:37:53 -0500
Subject: [PATCH 10/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index f033a9e5446..a8b4da74944 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -99,7 +99,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
     </p>
     <p class="feature-description">Each Transaction Diagnostic Bundle includes:</p>
     <ul class="feature-description">
-      <li>A Jaeger and text trace of the full transaction execution path.</li>
+      <li>A Jaeger trace and text trace of the full transaction execution path.</li>
       <li>Individual Statement Diagnostic Bundles for each statement executed within the transaction.</li>
     </ul>
    </td>

From 8215c834c5b3f2098a686a30607467fdeec32a07 Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:38:07 -0500
Subject: [PATCH 11/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index a8b4da74944..141dba61241 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -95,7 +95,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
     <p class="feature-description" markdown="1">
       CockroachDB now supports Transaction Diagnostic Bundles, enabling Cockroach Labs Support to capture and analyze a complete trace of an entire SQL transaction not just individual statements.
 
-      This feature extends the existing Statement Diagnostic Bundle capability to provide a holistic view of multi-statement transactions, making it significantly easier to diagnose complex customer issues during support incidents.
+      This feature extends the existing Statement Diagnostic Bundle capability to provide a holistic view of multi-statement transactions, simplifying the diagnosis of complex customer issues during support incidents.
     </p>
     <p class="feature-description">Each Transaction Diagnostic Bundle includes:</p>
     <ul class="feature-description">

From da6be6c62b56853520f9240d5428c34d5a47b8eb Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:38:31 -0500
Subject: [PATCH 12/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index 141dba61241..430498e58f8 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -60,7 +60,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Stable SQL API and Controlled Access to Unsupported crdb_internal Tables</p>
     <p class="feature-description" markdown="1">
-      CockroachDB is introducing a stable and well-defined SQL API for system introspection, ensuring that customers and third-party tools can safely and reliably query cluster metadata and performance data in production environments.
+      CockroachDB introduces a stable, well-defined SQL API for system introspection. This API enables customers and third-party tools to safely and reliably query cluster metadata and performance data in production environments.
     </p>
    </td>
    <td>25.4</td>

From c8171210a65007e31acd88c913c97bc546091d8c Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:38:53 -0500
Subject: [PATCH 13/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index 430498e58f8..2b4e5eebaa5 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -117,7 +117,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
     </p>
     <p class="feature-description">New channels introduced:</p>
     <ul class="feature-description">
-      <li>CHANGEFEED – dedicated channel for Change Data Capture (CDC) logs, migrated from DEV and TELEMETRY.</li>
+      <li>CHANGEFEED – dedicated channel for Change Data Capture (CDC) logs, previously routed to DEV and TELEMETRY.</li>
       <li>KV_EXEC – channel for KV execution logs, separated from general distribution logs.</li>
     </ul>
     <p class="feature-description">Rerouted existing logs:</p>

From 516b6b09a844ed8c778c3a21309e613957d572e2 Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:39:12 -0500
Subject: [PATCH 14/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index 2b4e5eebaa5..acab426c822 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -122,7 +122,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
     </ul>
     <p class="feature-description">Rerouted existing logs:</p>
     <ul class="feature-description">
-      <li>sampled_query logs moved from TELEMETRY → SQL_EXEC for better categorization.</li>
+      <li>`sampled_query` and `sampled_transaction` logs moved from TELEMETRY to SQL_EXEC for better categorization.</li>
     </ul>
    </td>
    <td>25.4</td>

From 9f3fbd47351171748b77b97d4cf8a9681710884b Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:39:47 -0500
Subject: [PATCH 15/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index acab426c822..b62290f3b69 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -155,7 +155,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Metrics Viewer Role for CockroachDB Cloud</p>
     <p class="feature-description" markdown="1">
-      This release introduces the Metrics Viewer role on CockroachDB Cloud, providing dedicated permissions for metrics collection and insights. This role is designed to enhance overall security by enabling granular access control to cluster performance data.
+      This release introduces the Metrics Viewer role in CockroachDB Cloud, which provides dedicated permissions for collecting metrics and viewing insights. The role enhances security by enabling granular access to cluster performance data.
 
       The Metrics Viewer role grants read-only access to cluster metrics and related insights, without conferring any administrative or data manipulation privileges.
     </p>

From 7334ba84af4e208ff86337a6c038971f4e6b31e1 Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:40:15 -0500
Subject: [PATCH 16/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index b62290f3b69..6a909fbc6f7 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -157,7 +157,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
     <p class="feature-description" markdown="1">
       This release introduces the Metrics Viewer role in CockroachDB Cloud, which provides dedicated permissions for collecting metrics and viewing insights. The role enhances security by enabling granular access to cluster performance data.
 
-      The Metrics Viewer role grants read-only access to cluster metrics and related insights, without conferring any administrative or data manipulation privileges.
+      The Metrics Viewer role provides read-only access to cluster metrics and insights, without administrative or data modification privileges.
     </p>
     <p class="feature-description">Key benefits:</p>
     <ul class="feature-description">

From 7556c1e78801849e113f59bed92b4e5ddc2891d0 Mon Sep 17 00:00:00 2001
From: Mike Lewis <76072290+mikeCRL@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:40:48 -0500
Subject: [PATCH 17/22] Update src/current/_includes/releases/v25.4/v25.4.0.md

Per review

Co-authored-by: Florence Morris <58752716+florence-crl@users.noreply.github.com>
---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index 6a909fbc6f7..aed65ad4fbf 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -165,7 +165,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
       <li>Targeted Access: Provides focused access to operational metrics, empowering teams to monitor health and performance efficiently.</li>
       <li>Enhanced Collaboration: Facilitates secure collaboration by allowing different teams (e.g., SREs, developers) to access relevant metrics without over-provisioned permissions.</li>
     </ul>
-    <p class="feature-description">When combined with the existing Cluster Developer role, a user can effectively gain "Power Developer" like functionalities, enabling them to develop applications and monitor their performance comprehensively while maintaining a clear separation of privileges for security.</p>
+    <p class="feature-description">When combined with the Cluster Developer role, users effectively gain 'Power Developer'-like capabilities, allowing them to build applications and monitor performance while maintaining clear privilege separation for security.</p>
    </td>
    <td>All<sup>*</sup></td>
    <td class="icon-center">{% include icon-no.html %}</td>

From 759e3778615572f56d9d719c110def1ffd7fa140 Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Mon, 3 Nov 2025 14:17:02 -0500
Subject: [PATCH 18/22] Updated cluster settings and backward-incompatible
 changes

---
 .../_includes/releases/v25.4/backward-incompatible.md     | 7 +++++--
 .../_includes/releases/v25.4/cluster-setting-changes.md   | 8 ++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/backward-incompatible.md b/src/current/_includes/releases/v25.4/backward-incompatible.md
index 8fd19417c94..0877164ddee 100644
--- a/src/current/_includes/releases/v25.4/backward-incompatible.md
+++ b/src/current/_includes/releases/v25.4/backward-incompatible.md
@@ -1,2 +1,5 @@
-There are no backward-incompatible changes.
-{% comment %}TODO: Are removed settings 'backward incompatbile' because if you downgrade you lose what you had set?{% endcomment %}
\ No newline at end of file
+- `bulkio.backup.deprecated_full_backup_with_subdir.enabled`
+
+    Removed the `bulkio.backup.deprecated_full_backup_with_subdir.enabled` cluster setting. This optional ability to specify a target subdirectory with the `BACKUP` command when creating a full backup was deprecated in v22.1. [#153628][#153628]
+
+[#153628]: https://github.com/cockroachdb/cockroach/pull/153628
\ No newline at end of file
diff --git a/src/current/_includes/releases/v25.4/cluster-setting-changes.md b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
index 321c02a61b1..b814d03b48d 100644
--- a/src/current/_includes/releases/v25.4/cluster-setting-changes.md
+++ b/src/current/_includes/releases/v25.4/cluster-setting-changes.md
@@ -36,7 +36,7 @@ Changes to [cluster settings]({% link v25.4/cluster-settings.md %}) should be re
 
     You can now output transaction traces to the logs in Jaeger-compatible JSON format. This is controlled by the `sql.trace.txn.jaeger_json_output.enabled` cluster setting, which is disabled by default. When enabled, traces triggered by probabilistic sampling or statement latency thresholds will be formatted for easier ingestion by tools that support the Jaeger tracing format. [#151414][#151414]
 
-- `storage.unhealthy_write_duration` (default: `20s`) {% comment %}Verify with Eng{% endcomment %}
+- `storage.unhealthy_write_duration` (default: `20s`)
 
     Added the cluster setting `storage.unhealthy_write_duration` (defaults to 20s), which is used to indicate to the allocator that a store's disk is unhealthy. The cluster setting `kv.allocator.disk_unhealthy_io_overload_score` controls the overload score assigned to a store with an unhealthy disk, where a higher score results in preventing lease or replica transfers to the store, or shedding of leases by the store. The default value of that setting is 0, so the allocator behavior is unaffected. [#154459][#154459]
 
@@ -44,13 +44,13 @@ Changes to [cluster settings]({% link v25.4/cluster-settings.md %}) should be re
 
 - `feature.vector_index.enabled` now defaults to `true`. Vector indexing is now enabled by default. [#155561][#155561]
 
-- `storage.value_separation.enabled` now defaults to `true`. {% comment %}TODO: Verify with annrpom - Is this backward-incompatible due to significant storage behavior change?{% endcomment %}This enables [value separation]({% link v25.4/architecture/storage-layer.md %}#value-separation) for SSTables, where values exceeding a certain size threshold are stored in separate blob files rather than inline in the SSTable. This helps improve write performance (write amplification) by avoiding rewriting such values during compactions. [#148857][#148857]
+- `storage.value_separation.enabled` now defaults to `true`. This enables [value separation]({% link v25.4/architecture/storage-layer.md %}#value-separation) for SSTables, where values exceeding a certain size threshold are stored in separate blob files rather than inline in the SSTable. This helps improve write performance (write amplification) by avoiding rewriting such values during compactions. [#148857][#148857]
 
 <h5 id="v25-4-0-settings-removed">Removed settings</h5>
 
-- `bulkio.backup.deprecated_full_backup_with_subdir.enabled` {% comment %}TODO: Verify with msbutler - Is this backward-incompatible since backups fail if set to true?{% endcomment %}
+- `bulkio.backup.deprecated_full_backup_with_subdir.enabled`
 
-    Removed the `bulkio.backup.deprecated_full_backup_with_subdir.enabled` cluster setting, since backups will now fail if this is set to true. [#153628][#153628]
+    Removed the `bulkio.backup.deprecated_full_backup_with_subdir.enabled` cluster setting. This optional ability to specify a target subdirectory with the `BACKUP` command when creating a full backup was deprecated in v22.1. [#153628][#153628]
 
 - `storage.columnar_blocks.enabled` {% comment %}TODO: Verify with jbowens - Is this backward-incompatible since it can't be disabled anymore?{% endcomment %}
 

From 040438b948083dd756a476c624e8ada9a8ee38c5 Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Mon, 3 Nov 2025 14:28:53 -0500
Subject: [PATCH 19/22] Remove comments from upgrade-finalization

---
 src/current/_includes/releases/v25.4/upgrade-finalization.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/upgrade-finalization.md b/src/current/_includes/releases/v25.4/upgrade-finalization.md
index cf2117c0581..86e200b667b 100644
--- a/src/current/_includes/releases/v25.4/upgrade-finalization.md
+++ b/src/current/_includes/releases/v25.4/upgrade-finalization.md
@@ -1,4 +1,4 @@
 During a major-version upgrade, certain features and performance improvements are not available until the upgrade is finalized. In v25.4, these are:
 
-- **Partial statistics with constraining predicates**: {% comment %}TODO: Verify with michae2{% endcomment %}The ability to manually create single-column partial statistics on boolean predicate expressions using a constraining `WHERE` clause in `CREATE STATISTICS` statements. For details, refer to the [release note](#v25-4-0-alpha-2-partial-statistics).
-- **Changefeed span frontier persistence**: {% comment %}TODO: Verify with Eng{% endcomment %}Changefeeds now periodically persist their entire span frontiers so that fewer duplicates need to be emitted during restarts. The default persistence interval is 30 seconds, configurable with the `changefeed.progress.frontier_persistence.interval` cluster setting. For details, refer to the [release note](#v25-4-0-alpha-2-changefeed-frontier-persistence).
\ No newline at end of file
+- **Partial statistics with constraining predicates**: The ability to manually create single-column partial statistics on boolean predicate expressions using a constraining `WHERE` clause in `CREATE STATISTICS` statements. For details, refer to the [release note](#v25-4-0-alpha-2-partial-statistics).
+- **Changefeed span frontier persistence**: Changefeeds now periodically persist their entire span frontiers so that fewer duplicates need to be emitted during restarts. The default persistence interval is 30 seconds, configurable with the `changefeed.progress.frontier_persistence.interval` cluster setting. For details, refer to the [release note](#v25-4-0-alpha-2-changefeed-frontier-persistence).
\ No newline at end of file

From 24a512736e19085204a013770603b8dfa8029e2c Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Mon, 3 Nov 2025 14:54:49 -0500
Subject: [PATCH 20/22] Updates to feature highlights formatting

---
 .../_includes/releases/v25.4/v25.4.0.md       | 45 ++++++++++++-------
 1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index aed65ad4fbf..3ab7c279566 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -28,7 +28,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
 
 <h4 id="v25-4-0-sql">SQL</h4>
 
-<table markdown="1">
+<table>
  <thead>
   <tr>
    <th class="center-align" colspan="1" rowspan="2">Feature</th>
@@ -45,9 +45,24 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
  <tbody>
   <tr>
    <td>
-    <p class="feature-summary">Vector Indexing Improvements</p>
-    <p class="feature-description" markdown="1">
-      Vector indexes in CockroachDB now support table backfills, making it easy to add vector indexes to existing tables without requiring manual data rewrites or service interruption. This update enhances the usability of vector search features by allowing seamless indexing of pre-existing data. Additionally, support for both cosine distance and inner product has been added, giving users more flexibility in selecting similarity metrics that best suit their machine learning or AI workloads. Together, these improvements make it easier to build and scale intelligent applications directly on CockroachDB.
+    <p class="feature-summary">Vector Indexing Improved and Generally Available</p>
+    <p class="feature-description">
+      CockroachDB's vector indexing capabilities are now generally available, promoting production-ready similarity search for AI and machine learning workloads from Preview to GA. This release brings critical operational improvements while maintaining the distributed architecture advantages that distinguish CockroachDB from specialized vector databases and PostgreSQL with pgvector.
+    </p>
+    <p class="feature-description">
+      The standout v25.4 improvement is <strong>online table backfills</strong>: adding vector indexes to tables with existing data no longer requires taking the table offline during the backfill process. This eliminates downtime when adopting vector search capabilities, enabling seamless integration of AI features into live production systems without service interruption.
+    </p>
+    <p class="feature-description">Key capabilities:</p>
+    <ul class="feature-description" style="font-size: 16px;">
+      <li>Online table backfills: Add vector indexes without service interruption</li>
+      <li>Distributed horizontal scaling: Automatically partition vector indexes across nodes as data grows, unlike single-node PostgreSQL pgvector</li>
+      <li>Incremental index maintenance: No background rebuilds required when inserting or updating vectors</li>
+      <li>Multiple distance metrics: L2 distance, cosine distance, and inner product for diverse ML workloads</li>
+      <li>pgvector compatibility: Standard PostgreSQL vector operations and SQL semantics</li>
+      <li>Unified architecture: Combine vector search with operational data, transactions, and consistency</li>
+    </ul>
+    <p class="feature-description">
+      Vector indexing is now enabled by default (<code>feature.vector_index.enabled = true</code>), ready for production AI workloads including semantic search, retrieval-augmented generation, recommendation systems, and content similarity matching.
     </p>
    </td>
    <td>25.4</td>
@@ -59,7 +74,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
   <tr>
    <td>
     <p class="feature-summary">Stable SQL API and Controlled Access to Unsupported crdb_internal Tables</p>
-    <p class="feature-description" markdown="1">
+    <p class="feature-description">
       CockroachDB introduces a stable, well-defined SQL API for system introspection. This API enables customers and third-party tools to safely and reliably query cluster metadata and performance data in production environments.
     </p>
    </td>
@@ -74,7 +89,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
 
 <h4 id="v25-4-0-observability">Observability</h4>
 
-<table markdown="1">
+<table>
  <thead>
   <tr>
    <th class="center-align" colspan="1" rowspan="2">Feature</th>
@@ -92,13 +107,13 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
   <tr>
    <td>
     <p class="feature-summary">Transaction Diagnostic Bundles for Comprehensive SQL Tracing</p>
-    <p class="feature-description" markdown="1">
+    <p class="feature-description">
       CockroachDB now supports Transaction Diagnostic Bundles, enabling Cockroach Labs Support to capture and analyze a complete trace of an entire SQL transaction not just individual statements.
 
       This feature extends the existing Statement Diagnostic Bundle capability to provide a holistic view of multi-statement transactions, simplifying the diagnosis of complex customer issues during support incidents.
     </p>
     <p class="feature-description">Each Transaction Diagnostic Bundle includes:</p>
-    <ul class="feature-description">
+    <ul class="feature-description" style="font-size: 16px;">
       <li>A Jaeger trace and text trace of the full transaction execution path.</li>
       <li>Individual Statement Diagnostic Bundles for each statement executed within the transaction.</li>
     </ul>
@@ -112,17 +127,17 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
   <tr>
    <td>
     <p class="feature-summary">Structured and Consistent Logging Channels</p>
-    <p class="feature-description" markdown="1">
+    <p class="feature-description">
       CockroachDB has updated structured and consistent logging channels across the system to improve log discoverability, production observability, and support troubleshooting.
     </p>
     <p class="feature-description">New channels introduced:</p>
-    <ul class="feature-description">
+    <ul class="feature-description" style="font-size: 16px;">
       <li>CHANGEFEED – dedicated channel for Change Data Capture (CDC) logs, previously routed to DEV and TELEMETRY.</li>
       <li>KV_EXEC – channel for KV execution logs, separated from general distribution logs.</li>
     </ul>
     <p class="feature-description">Rerouted existing logs:</p>
-    <ul class="feature-description">
-      <li>`sampled_query` and `sampled_transaction` logs moved from TELEMETRY to SQL_EXEC for better categorization.</li>
+    <ul class="feature-description" style="font-size: 16px;">
+      <li><code>sampled_query</code> and <code>sampled_transaction</code> logs moved from TELEMETRY to SQL_EXEC for better categorization.</li>
     </ul>
    </td>
    <td>25.4</td>
@@ -136,7 +151,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
 
 <h4 id="v25-4-0-cloud">CockroachDB Cloud</h4>
 
-<table markdown="1">
+<table>
  <thead>
   <tr>
    <th class="center-align" colspan="1" rowspan="2">Feature</th>
@@ -154,13 +169,13 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
   <tr>
    <td>
     <p class="feature-summary">Metrics Viewer Role for CockroachDB Cloud</p>
-    <p class="feature-description" markdown="1">
+    <p class="feature-description">
       This release introduces the Metrics Viewer role in CockroachDB Cloud, which provides dedicated permissions for collecting metrics and viewing insights. The role enhances security by enabling granular access to cluster performance data.
 
       The Metrics Viewer role provides read-only access to cluster metrics and insights, without administrative or data modification privileges.
     </p>
     <p class="feature-description">Key benefits:</p>
-    <ul class="feature-description">
+    <ul class="feature-description" style="font-size: 16px;">
       <li>Improved Security: Enables the principle of least privilege by allowing users or services to monitor cluster performance without broader access to sensitive data or configuration.</li>
       <li>Targeted Access: Provides focused access to operational metrics, empowering teams to monitor health and performance efficiently.</li>
       <li>Enhanced Collaboration: Facilitates secure collaboration by allowing different teams (e.g., SREs, developers) to access relevant metrics without over-provisioned permissions.</li>

From c366f1dabefa9d61e1490d8dd84a731cd0e57766 Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Mon, 3 Nov 2025 15:00:09 -0500
Subject: [PATCH 21/22] Add links to Feature Highlights

---
 .../_includes/releases/v25.4/v25.4.0.md        | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index 3ab7c279566..76f376469e3 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -47,7 +47,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Vector Indexing Improved and Generally Available</p>
     <p class="feature-description">
-      CockroachDB's vector indexing capabilities are now generally available, promoting production-ready similarity search for AI and machine learning workloads from Preview to GA. This release brings critical operational improvements while maintaining the distributed architecture advantages that distinguish CockroachDB from specialized vector databases and PostgreSQL with pgvector.
+      CockroachDB's <a href="{% link v25.4/vector-indexes.md %}">vector indexing</a> capabilities are now generally available, promoting production-ready similarity search for AI and machine learning workloads from Preview to GA. This release brings critical operational improvements while maintaining the distributed architecture advantages that distinguish CockroachDB from specialized vector databases and PostgreSQL with <a href="{% link v25.4/vector-indexes.md %}">pgvector</a>.
     </p>
     <p class="feature-description">
       The standout v25.4 improvement is <strong>online table backfills</strong>: adding vector indexes to tables with existing data no longer requires taking the table offline during the backfill process. This eliminates downtime when adopting vector search capabilities, enabling seamless integration of AI features into live production systems without service interruption.
@@ -75,7 +75,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Stable SQL API and Controlled Access to Unsupported crdb_internal Tables</p>
     <p class="feature-description">
-      CockroachDB introduces a stable, well-defined SQL API for system introspection. This API enables customers and third-party tools to safely and reliably query cluster metadata and performance data in production environments.
+      CockroachDB introduces a stable, well-defined SQL API for <a href="{% link v25.4/crdb-internal.md %}#access-control">system introspection</a>. This API enables customers and third-party tools to safely and reliably query cluster metadata and performance data in production environments.
     </p>
    </td>
    <td>25.4</td>
@@ -108,7 +108,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Transaction Diagnostic Bundles for Comprehensive SQL Tracing</p>
     <p class="feature-description">
-      CockroachDB now supports Transaction Diagnostic Bundles, enabling Cockroach Labs Support to capture and analyze a complete trace of an entire SQL transaction not just individual statements.
+      CockroachDB now supports <a href="{% link v25.4/transaction-diagnostics.md %}">Transaction Diagnostic Bundles</a>, enabling Cockroach Labs Support to capture and analyze a complete trace of an entire SQL transaction not just individual statements.
 
       This feature extends the existing Statement Diagnostic Bundle capability to provide a holistic view of multi-statement transactions, simplifying the diagnosis of complex customer issues during support incidents.
     </p>
@@ -128,16 +128,16 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Structured and Consistent Logging Channels</p>
     <p class="feature-description">
-      CockroachDB has updated structured and consistent logging channels across the system to improve log discoverability, production observability, and support troubleshooting.
+      CockroachDB has updated structured and consistent <a href="{% link v25.4/logging-overview.md %}#logging-channels">logging channels</a> across the system to improve log discoverability, production observability, and support troubleshooting.
     </p>
     <p class="feature-description">New channels introduced:</p>
     <ul class="feature-description" style="font-size: 16px;">
-      <li>CHANGEFEED – dedicated channel for Change Data Capture (CDC) logs, previously routed to DEV and TELEMETRY.</li>
-      <li>KV_EXEC – channel for KV execution logs, separated from general distribution logs.</li>
+      <li><a href="{% link v25.4/logging-overview.md %}#changefeed">CHANGEFEED</a> – dedicated channel for Change Data Capture (CDC) logs, previously routed to DEV and TELEMETRY.</li>
+      <li><a href="{% link v25.4/logging-overview.md %}#kv_exec">KV_EXEC</a> – channel for KV execution logs, separated from general distribution logs.</li>
     </ul>
     <p class="feature-description">Rerouted existing logs:</p>
     <ul class="feature-description" style="font-size: 16px;">
-      <li><code>sampled_query</code> and <code>sampled_transaction</code> logs moved from TELEMETRY to SQL_EXEC for better categorization.</li>
+      <li><code>sampled_query</code> and <code>sampled_transaction</code> logs moved from TELEMETRY to <a href="{% link v25.4/logging-overview.md %}#sql_exec">SQL_EXEC</a> for better categorization.</li>
     </ul>
    </td>
    <td>25.4</td>
@@ -170,7 +170,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Metrics Viewer Role for CockroachDB Cloud</p>
     <p class="feature-description">
-      This release introduces the Metrics Viewer role in CockroachDB Cloud, which provides dedicated permissions for collecting metrics and viewing insights. The role enhances security by enabling granular access to cluster performance data.
+      This release introduces the <a href="{% link cockroachcloud/authorization.md %}">Metrics Viewer role</a> in CockroachDB Cloud, which provides dedicated permissions for collecting metrics and viewing insights. The role enhances security by enabling granular access to cluster performance data.
 
       The Metrics Viewer role provides read-only access to cluster metrics and insights, without administrative or data modification privileges.
     </p>
@@ -180,7 +180,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
       <li>Targeted Access: Provides focused access to operational metrics, empowering teams to monitor health and performance efficiently.</li>
       <li>Enhanced Collaboration: Facilitates secure collaboration by allowing different teams (e.g., SREs, developers) to access relevant metrics without over-provisioned permissions.</li>
     </ul>
-    <p class="feature-description">When combined with the Cluster Developer role, users effectively gain 'Power Developer'-like capabilities, allowing them to build applications and monitor performance while maintaining clear privilege separation for security.</p>
+    <p class="feature-description">When combined with the <a href="{% link cockroachcloud/authorization.md %}">Cluster Developer role</a>, users effectively gain 'Power Developer'-like capabilities, allowing them to build applications and monitor performance while maintaining clear privilege separation for security.</p>
    </td>
    <td>All<sup>*</sup></td>
    <td class="icon-center">{% include icon-no.html %}</td>

From 373be3f9e40091c2148f09652ed848bf2930894d Mon Sep 17 00:00:00 2001
From: mikeCRL <mike@cockroachlabs.com>
Date: Mon, 3 Nov 2025 15:11:30 -0500
Subject: [PATCH 22/22] Remove unnecessary link

---
 src/current/_includes/releases/v25.4/v25.4.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/releases/v25.4/v25.4.0.md b/src/current/_includes/releases/v25.4/v25.4.0.md
index 76f376469e3..20e3a32386f 100644
--- a/src/current/_includes/releases/v25.4/v25.4.0.md
+++ b/src/current/_includes/releases/v25.4/v25.4.0.md
@@ -47,7 +47,7 @@ This section summarizes the most significant user-facing changes in v25.4.0 and
    <td>
     <p class="feature-summary">Vector Indexing Improved and Generally Available</p>
     <p class="feature-description">
-      CockroachDB's <a href="{% link v25.4/vector-indexes.md %}">vector indexing</a> capabilities are now generally available, promoting production-ready similarity search for AI and machine learning workloads from Preview to GA. This release brings critical operational improvements while maintaining the distributed architecture advantages that distinguish CockroachDB from specialized vector databases and PostgreSQL with <a href="{% link v25.4/vector-indexes.md %}">pgvector</a>.
+      CockroachDB's <a href="{% link v25.4/vector-indexes.md %}">vector indexing</a> capabilities are now generally available, promoting production-ready similarity search for AI and machine learning workloads from Preview to GA. This release brings critical operational improvements while maintaining the distributed architecture advantages that distinguish CockroachDB from specialized vector databases and PostgreSQL with pgvector.
     </p>
     <p class="feature-description">
       The standout v25.4 improvement is <strong>online table backfills</strong>: adding vector indexes to tables with existing data no longer requires taking the table offline during the backfill process. This eliminates downtime when adopting vector search capabilities, enabling seamless integration of AI features into live production systems without service interruption.