What's new in the YugabyteDB Anywhere v2025.2 LTS release series - Yugabyte Db

What follows are the release notes for all releases in the YugabyteDB Anywhere (YBA) v2025.2 series. Content will be added as new notable features and changes are available in the patch releases of the YBA v2025.2 series.

For an RSS feed of all release series, point your feed reader to the RSS feed for releases.

Before you upgrade

{{< warning title="On-premises legacy provisioning deprecated" >}}

Legacy node provisioning for on-premises universe nodes is deprecated.

Update your node provisioning automation and workflows to support the node agent script.

To migrate universe nodes to the new automated provisioning, follow the node patching procedure.

{{< warning title="S3 storage and certificate validation" >}} v2025.2 and later requires certificate validation for S3 storage. If you are using S3 storage with custom self-signed or CA certificates, to connect to your S3 storage, you must add the certificates to the YugabyteDB Anywhere Trust Store before upgrading. {{< /warning >}}

Before upgrading, review the information in Prepare to upgrade YugabyteDB Anywhere.

v2025.2.2.2 - April 7, 2026 {#v2025.2.2.2}

Build: 2025.2.2.2-b11

Third-party licenses: YugabyteDB, YugabyteDB Anywhere

Download

<ul class="nav yb-pills"> <li> <a href="https://downloads.yugabyte.com/releases/2025.2.2.2/yba_installer_full-2025.2.2.2-b11-linux-x86_64.tar.gz"> Linux x86 </a> </li> </ul>

Bug fix

Adds toggle in the UI and a runtime flag feature_flags.enable_chunked_encoding to disable chunked transfer encoding for S3 in AWS API config. PLAT-19375,PLAT-20246

v2025.2.2.1 - April 3, 2026 {#v2025.2.2.1}

Build: 2025.2.2.1-b1

Third-party licenses: YugabyteDB, YugabyteDB Anywhere

Download

<ul class="nav yb-pills"> <li> <a href="https://downloads.yugabyte.com/releases/2025.2.2.1/yba_installer_full-2025.2.2.1-b1-linux-x86_64.tar.gz"> Linux x86 </a> </li> </ul>

Bug fix

Reverted PLAT-18364: Hides LDAP passwords in API responses to enhance security.

v2025.2.2.0 - March 12, 2026 {#v2025.2.2.0}

Download

{{< warning title="Use v2025.2.2.1.">}} v2025.2.2.0 includes an issue affecting LDAP in YugabyteDB Anywhere. In some circumstances, redacted values in ysql_hba_conf_csv can be overwritten during YBA-based universe operations, potentially leading to misconfigured database LDAP settings or authentication failures. Use v2025.2.2.1. {{< /warning >}}

New features

<div style="width:150px">Feature</div>	Description
{{<tags/feature/ga idea="1372">}}Backup throughput limit	You can set a limit for backup throughput in MB/s, providing more precise control over resource allocation.<hr style="margin: 0.5em 0;">To use: Feature enabled by default. You can set disk read/write bytes per second as part of configuring backup performance parameters for your universe.
{{<tags/feature/ea idea="2004">}}YugabyteDB Kubernetes Operator import universe	Added a capability to live-migrate an existing K8s universe that is managed by YBA to one that is managed by the K8s Operator. Additional improvements include adding CRDs that allow support for multi-region universes (spanning multiple K8s clusters).<hr style="margin: 0.5em 0;">To use: The feature can be used via API only and the K8s operator must be installed on YBA. See Before you begin.

Change log

<details> <summary>View the detailed changelog</summary>

Improvements

Automatically sets use_memory_defaults_optimized_for_ysql based on YSQL usage to optimize memory. PLAT-16880
Enables editing in-use providers using Kubernetes operator. PLAT-19481
Enables custom labels on Helm metadata for better resource management. PLAT-19491
Adds new CDC alerts in YBA for monitoring CDC activities. PLAT-19414,PLAT-19415,PLAT-19416,PLAT-19413
Enables decommission node retry for better task management. PLAT-19725
Enables yb-servers to pick up ulimit changes without rebooting. PLAT-19474
Adds common labels to YBA-generated objects in Kubernetes, including PDB, OTEL, and K8s. PLAT-18355
Enhances stability in universe creation by filtering unmodifiable default labels in Helm charts. PLAT-19099,PLAT-18354
Collects alerts in the support bundle as JSON for better analysis. PLAT-19424
Adds Azure IAM integration in the storage configuration UI. PLAT-19502
Enhances installation with new checks and help function robustness. PLAT-19513,PLAT-15040,PLAT-19331,PLAT-15451
Adds role and grant metadata to backup and restore processes. PLAT-19509

Bug fixes

Discontinues legacy on-prem node provisioning in YBA versions 2025.2 and above. PLAT-15612
Reduces the risk of OOM by breaking down the tserver_export metrics collection in support bundles. PLAT-17837
Relabels topology_kubernetes.io to az_name in container metrics for accurate pod identification. PLAT-17863
Fixes container metrics grouping by pod_name and displays individual pod data in UI. PLAT-17863
Ensures NFS mount checks include read replica nodes during restore prechecks. PLAT-18168
Hides LDAP passwords in API responses to enhance security. PLAT-18364
Ensures HA standby alert triggers correctly, now set for 15 minutes post-upgrade. PLAT-18539
Ensures all data drives are mounted before starting YugabyteDB processes. PLAT-18944,PLAT-19226
Limits Python version checks to 3.10, 3.11, and 3.12, and sets a minimum glibc version of 2.28. PLAT-19351,PLAT-19298
Enables DDL replication by default and updates version threshold to 2025.2.1. PLAT-19573
Fixes missing error details in GFlagsUtil.java by correcting string placeholders. PLAT-19631
Adds prechecks to detect active or enabled master processes in nodes before changes. PLAT-19732
Fixes roleBindings update problem when reusing old LDAP users. PLAT-19739
Removes the CDC Idle Stream alert from the system. PLAT-19836
Supports both prefixed and raw hex checksums in node agent verification. PLAT-19798
Ensures Chrony server settings apply correctly and fixes test failures during flag upgrades. PLAT-19507
Restores the RebootNode module enhancing stability in non-sudo onprem tests. PLAT-19526
Ensures accurate logging of node agent activities in the logs. PLAT-19581
Preflight checks now account for custom ports like masterHttpPort. PLAT-19291,PLAT-19663
Upgrades key Python dependencies and node_exporter to enhance stability and security. PLAT-19190,PLAT-19678,PLAT-19677,PLAT-19675,PLAT-19695,PLAT-19679
Fixes the issue of on-prem nodes not being released after precheck-only flow. PLAT-19777,PLAT-19684
Blocks hot certificate reload for TLS-only universes if the version is below 2025.2.1.0. PLAT-19812
Respects the skip_tls_verify setting when using node agent provisioning. PLAT-19864
Resolves an issue with the INI template in a backport-only branch. PLAT-19898
Ensures YBA OIDC redirect URIs respect X-Forwarded-Proto for correct HTTPS handling. PLAT-19012
Ensures OIDC redirect URIs use HTTPS when X-Forwarded-Proto=https is set. PLAT-19012
Adds collection of current YBA version info to support bundles. PLAT-19019
Ensures enableBackupsDuringDDL is passed to child backup tasks. PLAT-19554
Enables specifying tserver and master pod sizes directly in the CRD. PLAT-19629,PLAT-19558
Allows running only prechecks for node operations. PLAT-19503,PLAT-19779

Ensures Kubernetes status updates after importing existing universes. PLAT-19620
Allows custom prefix setting for support bundle filenames. PLAT-19625
Adds a new default alert for failed OTel log exports in DB Audit Log. PLAT-9864
Allows importing existing universes and their associated resources into the operator with enhanced idempotence and bug fixes. PLAT-12874
Adds null checks in OperatorUtils for safer secret name retrieval. PLAT-19505
Adds useRoles field to ScheduleResp model to display info on the UI. PLAT-19512
Fixes node agent cgroup v2 path building and adds unit tests. PLAT-19655
Fixes cert rotation failure when clientRootCA is specified without encryption enabled. PLAT-19792
Fixes silent failure in CLI during CToN-only cert rotation. PLAT-19813
Fixed Helm formatting issue that occurred when using AWS/GCP exporter in otel-template. PLAT-19169
Fixed issue with invalid YAML output due to newline removal in $appLabelArgs assignment in templates. PLAT-19169
Fixed an issue where testclocksync-onprem-cton-tls-systemd failed to verify NODE_CLOCK_DRIFT alert. PLAT-19488
Updated concatenated_crd.yaml in 2025.2.2 branch to include master/tserver resource spec as first-class citizens and allow extra values for some sub-fields in Kubernetes overrides. PLAT-19941
Enhances operator import to handle null fields in user intent and unknown fields in Kubernetes overrides section. PLAT-19944, PLAT-19940, PLAT-19894
Fixed issue causing no-op "edit universe overrides" tasks and erroneous "Error Updating" state for operator universes after import. PLAT-20010
Resolved chart rendering issues by correcting remaining instances of erroneous pattern in the template. PLAT-19169

</details>

v2025.2.1.0 - February 12, 2026 {#v2025.2.1.0}

Build: 2025.2.1.0-b141

Third-party licenses: YugabyteDB, YugabyteDB Anywhere

Download

<ul class="nav yb-pills"> <li> <a href="https://downloads.yugabyte.com/releases/2025.2.1.0/yba_installer_full-2025.2.1.0-b141-linux-x86_64.tar.gz"> Linux x86 </a> </li> </ul>

Highlights

We're excited to announce the key features and enhancements in the 2025.2.1.0 release, designed to improve performance, usability, and management of your database environments.

<div style="width:150px">Feature</div>	Description
{{<tags/feature/ga idea="153">}}xCluster DR automatic mode	Seamless automated replication of YSQL DDL changes across xCluster DR, eliminating the need to manually apply DDLs on both source and target clusters. This simplifies DDL operations and reduces management overhead.<hr style="margin: 0.5em 0;">To use: Enabled by default for universes running v2025.2.1 or later.
{{<tags/feature/ga idea="22">}}Automatic YB-Master failover	If a node with Master process fails unexpectedly (reducing health, but not causing service downtime), YBA auto-heals the universe by starting a Master process on a suitable surviving node (if one exists).<hr style="margin: 0.5em 0;">To use: Enabled by default for universes running v2.20.3 or later.

New features

<div style="width:150px">Feature</div>	Description
{{<tags/feature/ea idea="986">}}Azure Managed Identity for VM-based backups	When taking backups of a VM-based universe to Azure Blob Storage, instead of using an SAS token, you can use the Azure IAM roles assigned to YugabyteDB Anywhere and database nodes to authenticate.<hr style="margin: 0.5em 0;">To use: Feature enabled by default. Assign a managed identity to your YugabyteDB Anywhere and database node VMs, and create an Azure storage configuration that uses the same managed identity.
{{<tags/feature/ga idea="989">}}Restore to a point in time	Restore PITR-enabled backups to a specific point in time. Similar to instant database cloning, quickly recover from accidental SQL or CQL human errors that cause data loss or corruption by restoring at a time immediately prior to the incident.<hr style="margin: 0.5em 0;">To use: Feature enabled by default. Create a backup schedule with ability to restore to point-in-time.
{{<tags/feature/ga idea="2340">}}Improvements to Kubernetes cert-manager	YugabyteDB Anywhere now supports scenarios in which cert-manager manages only partial certificate chains (specifically, cert-manager only holds the root CA, without intermediate certificates).<hr style="margin: 0.5em 0;">To use: Feature enabled by default when using cert-manager for encryption in transit.
{{<tags/feature/ga idea="2559">}}IO2 EBS Volume Support on AWS	Use IO2 EBS volumes for disk storage in universes deployed on AWS.<hr style="margin: 0.5em 0;">To use: Feature enabled by default. Select IO2 EBS volumes when creating or modifying universes.

Change log

<details> <summary>View the detailed changelog</summary>

Improvements

Upgraded Prometheus client library to eliminate warnings caused by duplicate JVM metrics. PLAT-17918
Enables or disables TLS regardless of certificate issues during non-rolling upgrades. PLAT-18993
Removes flags that caused certificate rotation failures in the UI. PLAT-19080
Fixes the UI issue where toggling Encryption in Transit during Kubernetes universe creation incorrectly disables both client-server and node-to-node options. PLAT-19135
Enable setting node agent log level from YBA for convenient debugging. PLAT-18448
Introduces a runtime configuration to allow local user login even when Single Sign-On (SSO) is enabled on YugabyteDB Admin (YBA). This feature is enabled by default, but users have the option to disable it. PLAT-19204
Enables backing up and restoring global roles during off-cluster PITR when feature_flags.off_cluster_pitr_enabled is ON. PLAT-19209
Enables allow_connection_pooling by default. PLAT-19061

Bug fixes

Improved accuracy in Python version change detection and automatic pex environment rebuilding. PLAT-17781
Ensures HA standby alert triggers correctly, now set for 15 minutes post-upgrade. PLAT-18539
Prevents thread starvation by adding retry lock to listPitrConfigs API calls. PLAT-18842
Ensures replication streams are recreated on retry during switchover. PLAT-18913
Custom proxy selector of YBA now supports subdomain and CIDR for no_proxy. PLAT-18925
Adds a toggle to disable TLS when creating a universe in the UI. PLAT-18987
Supports backing up and restoring global role objects with configurable flags. PLAT-18686,PLAT-18988
Refines Certs rotate API to create new root CA, avoiding reliance on null values. PLAT-18989
Ensures enableClientToNodeEncrypt is false when both TLS options are disabled. PLAT-19002
Ensures special characters in flag values are escaped to prevent bash-related errors. PLAT-19018
Allows client-to-node server certificate rotation in YBA UI. PLAT-19054
Allows non-bash method in ValidateGFlags command to simplify escaping of special characters. PLAT-19067
Adds tserver p99 latency and enhanced outlier tables metrics to the dashboard. PLAT-19068
Ensures K8s platform backup excludes Prometheus when specified. PLAT-19071
Simplify certificate rotation in K8s universe with support for c2n only TLS, resolving rotation failures. PLAT-18989,PLAT-19083
Supports SLES_SP5, ensuring node agent provisioning operates correctly on this platform. PLAT-19111
Enables successful rotation of C2N certificates on VM universes. PLAT-19145
Resolves issue causing universe upgrade failure due to deprecated SYSTEMD_SUDOER_ENTRY in NodeInstance metadata. PLAT-19146
Updates Node Agent Service file to use "KillMode=process". PLAT-19164
Prevents deadlock in BackupTableYbc task during retries with multiple backups. PLAT-19172
Enhances security by validating runtime certificates for both master and tserver processes. PLAT-18414,PLAT-19232
Reduces unnecessary replica re-arrangement in placements. PLAT-19273,PLAT-18992
Increases default bootstrap_producer_timeout to 20 minutes to reduce xCluster setup failures. PLAT-19283
Adds a pre-upgrade hook to update password and prevent login failure during pg 11 to 14 upgrade. PLAT-18857
Upgraded Jinja2 version to 3.1.6, enhancing security and compatibility. PLAT-18964
Fixes node agent installation failure for CSPs on Ubuntu. PLAT-19023
Fixes metrics export with "_total" suffix and reduces API log noise. PLAT-19056
Resolves audit log export issue when setting custom log_line_prefix in ysql_pg_conf_csv flag. PLAT-19074
Ensures server and client correctly handle request deadlines and cancellations. PLAT-19078
Corrects master state removal in node-agent by passing arguments accurately. PLAT-19086
Resolved issue with PlatformInstanceClient not sending cluster header in HA API calls, restoring HA setup functionality. PLAT-19114
Corrects the Switchover DR failure in older YBA versions by setting a default value for automaticDdlMode. PLAT-19136
Removes getRawClientRootCA as a required field to maintain backward compatibility. PLAT-19176
Updates concated_crd in the charts repository. PLAT-19213
Enables auto-master failover by default for non-YBM configurations. PLAT-19247
Standardizes node agent provisioning folder structure across onprem and CSP. PLAT-19319
Ensures provisioning scripts continue running even if a command fails. PLAT-19372,PLAT-19214
Changes the logging directory path in node-agent from scripts/log to logs. PLAT-19453
Changes the owner of ynp_version to yugabyte to avoid cleanup issues. PLAT-19460
Logs stdout on remote execution failures for enhanced debugging in Python. PLAT-19252,PLAT-6478
Enables yb-servers to pick up ulimit changes without rebooting. PLAT-19474
Uses nc instead of ping to validate NTP servers, ensuring reliability across network configurations. PLAT-16715
Fixed an issue where certain ybp_health_check_tserver metrics were missing for RF1 clusters. PLAT-18636
Fixes issues with the RebootNode module in node agent provisioning for CSPs and on-prem setups. PLAT-18967
Allows for handling an empty string as null in case of k8s releases to avoid parsing exceptions. PLAT-18999
Allows successful backup restoration on Kubernetes by ignoring node-agent releases. PLAT-19026
Turns on the audit_logging_enabled flag by default. PLAT-19032
Updated PagerDuty alerts to display proper severity levels by renaming severity field in custom_details to yba_severity. PLAT-19084
Enables off-cluster PITR by default. PLAT-19110
Adds support for AWS IO2 disk type with high IOPS and throughput. PLAT-18880,PLAT-19167
Adds modify-provider support and clockbound options to CLI for on-prem providers. PLAT-19178
Corrected function scope in Helm templates to resolve errors when createServicePerPod is enabled. PLAT-19206
Ensures only relevant flags are applied to YBC, preventing parsing failures. PLAT-19265
Fixes node unreachable issue in universes with overridden ports. PLAT-19260,PLAT-19288
Enables backups during DDL by default for versions 2025.2.1 and up. PLAT-19388
Disables stats dump on DB version 2025.2 and sets supported version to 2025.2.2. PLAT-19427
Allows group_mapping_rbac_support flag by default, matching the default enabled status of RBAC. PLAT-18717
Enables statistics restoration by default during backup and restores in YBC, and adds Azure IAM support. PLAT-19238
Enables runtime modification of yb.support_bundle.application_logs_regex_pattern. PLAT-19369
Removes unnecessary custom serializer and deser from PlatformInstance. PLAT-19709
Allows deployment of Kubernetes operator without requiring cluster-wide permissions. PLAT-18415
Skip flag validation for flags specified in undefok during upgrades. PLAT-18833
Displays Dynatrace endpoint URL on the config side panel after creation. PLAT-18931
Adds support for hot reloading of TLS certificates in the YBC gRPC server. PLAT-18953
Fixed YCQL authentication enablement with port overrides to respect overrideNodePorts setting like YSQL. PLAT-19165
Ensures flag upgrade through CLI does not set values to empty if only present in one set. PLAT-19179
Flags now copy to read replica TServers during universe creation. PLAT-19259
Enforces YSQL and YCQL password input when disabling authentication via CLI. PLAT-19284
Ensures correct default image bundle assignment in CLI for GCP and Azure. PLAT-19348
Skips access key verification for on-prem universes provisioned using the node agent provisioning script. PLAT-19412
Resolves error when re-adding previously deleted AZs to a provider configuration. PLAT-19458,PLAT-19003
Enables Azure AD Workload identity for more secure backups and restores. PLAT-8708
Ensures Chrony server settings apply correctly during flag upgrades. PLAT-19507
Disables backups during DDL operations in version 2025.2.1. PLAT-19563
Enables DDL replication by default and updates version threshold to 2025.2.1. PLAT-19573

</details>

v2025.2.0.1 - January 26, 2026 {#v2025.2.0.1}

Build: 2025.2.0.1-b1

Third-party licenses: YugabyteDB, YugabyteDB Anywhere

Download

<ul class="nav yb-pills"> <li> <a href="https://downloads.yugabyte.com/releases/2025.2.0.1/yba_installer_full-2025.2.0.1-b1-linux-x86_64.tar.gz"> Linux x86 </a> </li> </ul>

Bug fixes

Ensures HA standby alert triggers correctly, now set for 15 minutes post-upgrade. PLAT-18539
Updates concatenated_crd.yaml in the charts repository. PLAT-19213
Corrected function scope in Helm templates to resolve errors when createServicePerPod is enabled. PLAT-19206

v2025.2.0.0 - December 11, 2025 {#v2025.2.0.0}

Build: 2025.2.0.0-b131

Third-party licenses: YugabyteDB, YugabyteDB Anywhere

Download

<ul class="nav yb-pills"> <li> <a href="https://downloads.yugabyte.com/releases/2025.2.0.0/yba_installer_full-2025.2.0.0-b131-linux-x86_64.tar.gz"> Linux x86 </a> </li> </ul>

Highlights

We're excited to announce the key features and enhancements in the 2025.2.0.0 release, designed to improve performance, usability, and management of your database environments.

PostgreSQL features enabled by default on new universes

For new universes running v2025.2 or later, the following YSQL features are now enabled by default when you deploy using YugabyteDB Anywhere:

In addition, if you upgrade to v2025.2 and the universe already has cost-based optimizer enabled, the following features are enabled by default:

Auto Analyze
YugabyteDB bitmap scan
Parallel append

Note that, apart from the exceptions noted, upgrading existing universes does not change the defaults for any of these features.

For more information on PostgreSQL features developed in YugabyteDB for enhanced compatibility, refer to Enhanced PostgreSQL Compatibility Mode.

YSQL Audit Logs {{<tags/feature/ga idea="1773">}}

Support for producing and exporting audit logs of PostgreSQL statements (which is often required for compliance with government, financial, or ISO certifications) to a log aggregator. This is based on the pgaudit extension.

For more information, refer to YSQL Audit Logs.

ARM processor support for Kubernetes universes {{<tags/feature/ga idea="1486">}}

Added support for running Kubernetes-based universes on ARM CPUs.

For information on deploying on Kubernetes, refer to Create a multi-zone universe.

Support for LDAP/OIDC groups and custom roles in YugabyteDB Anywhere {{<tags/feature/ga idea="1501">}}

Enhance Role-based Access Control (RBAC) by assigning custom roles to groups sourced from an OIDC-based Identity Provider (IDP) in a scalable and secure way.

For more information, refer to Support for LDAP/OIDC groups and custom roles in YugabyteDB Anywhere.

Relaxed Python version requirements in YugabyteDB Anywhere {{<tags/feature/ga idea="2091">}}

YugabyteDB Anywhere Python version requirements have been significantly relaxed, thanks to the removal of Ansible dependency. This change simplifies deployment.

Improved time synchronization across nodes for on-premises, AWS, and GCP environments {{<tags/feature/ea idea="2133">}}

Time synchronization across nodes has been enhanced through the use of the ClockBound library, resulting in improved P99 latency for certain workloads (those with near simultaneous writes and reads).

For more information, refer to ClockBound.

New features

CDC Observability. YugabyteDB Anywhere supports monitoring the status of replication slots when using PostgreSQL Logical Replication Protocol for Change Data Capture (CDC). {{<tags/feature/ga idea="709">}}
Azure support for multiple Resource Groups (one per region). Added support for Azure configurations with one Azure Resource Group per region (and also one network per Azure Resource Group), a configuration providing better network management and resilience. {{<tags/feature/ga idea="1606">}}
Non-root installation of YBA. You can install YugabyteDB Anywhere as a de-privileged user; a root-privileged user is no longer required. This reduces friction and security concerns during initial testing, setup, and proof of concepts. {{<tags/feature/ga idea="1521">}}
Kubernetes
- Kubernetes immutability. Added support to deploy code via immutable Helm images instead of at runtime, eliminating the use of 'kubectl cp' to push executables into the pod or container. {{<tags/feature/ga idea="1264">}}
- Kubernetes service endpoint. For single-region universes in Kubernetes, added support for creating a unified service endpoint. This is in addition to the already-supported one service endpoint per availability zone (AZ). {{<tags/feature/ga idea ="1405">}}
- Configurable common names for Kubernetes. You can configure a custom common name suffix for Kubernetes cert-manager. {{<tags/feature/ga idea="2065">}}
- Rotate certificates. Enables retry for the TLS toggle task in Kubernetes and resolves node task failure for ClientToNode only universes. {{<tags/feature/ga idea="1714">}}
Export metrics. Support for exporting universe metrics to third-party tools for analysis and customization, and adds Dynatrace as a metric export sink. {{<tags/feature/ea idea="441">}}
CipherTrust support. You can now use Thales CipherTrust as the Key Management System (KMS) for encryption at rest. {{<tags/feature/ga idea="1227">}}
Alerts. Removed the DB Queue Overflow Alert to reduce unnecessary alert noise and enhance user experience. {{<tags/feature/ea idea="905">}}
Backup

{{< warning title="S3 storage and certificate validation" >}} v2025.2 and later now requires certificate validation for S3 storage. If you are using S3 storage with custom self-signed or CA certificates, to connect to your S3 storage, you must add the certificates to the YugabyteDB Anywhere Trust Store before upgrading. {{< /warning >}}
- Backups with DDL. Backups succeed even when DDL changes are occurring during the backup process. {{<tags/feature/ea idea="1484">}}
- Adjusts backup directory structure to include Universe Name, enhancing multi-tenancy and DB portability. {{<tags/feature/ga idea="1888">}}
- Allows backup authorization for EKS using a service account annotated to each universe pod, eliminating the need for managing short-lived credentials. {{<tags/feature/ga idea="1924">}}
- Backups now capture PostgreSQL users (aka roles) and their permissions (aka grants) (via API). {{<tags/feature/ea idea="394">}}
- Back up and restore YBA. Adds support for regularly scheduled backups of your YugabyteDB Anywhere installation for recovery in case of the loss of the node running your YugabyteDB Anywhere instance. Store backups in remote storage buckets, and restore from the YugabyteDB Anywhere UI. {{<tags/feature/tp idea="1429">}}
Certify CIS-hardened RHEL 8 and RHEL 9 (x86) Facilitates running YugabyteDB with a CIS-hardened RHEL 8 and RHEL 9 image, enhancing security measures. {{<tags/feature/ga idea="1193">}}
Allows dynamic flag validation in YugabyteDB Anywhere when upgrading flags for cloud and Kubernetes provider-based universes, using the 'validateFlagValue' RPC. {{<tags/feature/ga idea="2058">}}

Known issues

For universes with only client-to-node encryption enabled, if you are rotating certificates, a restart is required; choose either the rolling or concurrent restart options. Do not use the Apply all changes which do not require a restart immediately option (which is selected by default) in this configuration.
Although the API documentation indicates that the getRawClientRootCA is a required field in UniverseDefinitionTaskParams, it's not mandatory. This error will be fixed in our automated API generation code in a future release. PLAT-19176

Change log

<details> <summary>View the detailed changelog</summary>

Improvements

Enables built-in log rotation for PostgreSQL and integrates logrotate for Prometheus, improving log management. PLAT-15663
Enables gallery image ID format validation for Azure provider in Java. PLAT-15964
Automatically deletes associated backup policies when a universe is removed. PLAT-17197
Excludes system_postgres database from the xCluster Add/Remove Tables display and keeps replicated_ddls hidden. PLAT-17904
Displays accurate database name for sequences_data table, replacing the PG schema with _. PLAT-18078
Enable volume encryption in YBA APIs and deprecate outdated fields. PLAT-18083
Allows skipping of already processed nodes during flag upgrade on retry, enhancing efficiency. PLAT-18146
Adds option to disable table-level metrics collection in YugabyteDB. PLAT-18210
Enables volume encryption support in the YBA UI and APIs. PLAT-18284
Streamlines AWS volume encryption with new CLI fields, removing deprecated options. PLAT-18380
Enables automatic bootstrapping for DR configurations in the UI. PLAT-18384
Adds a warning for users attempting to promote a standby using a backup older than 24 hours during HA failover. PLAT-18616
Removes flags createNewRootCA and createNewClientRootCA to prevent certificate rotation failure in the UI. PLAT-19080
Fixes the UI issue where toggling Encryption in Transit during Kubernetes universe creation incorrectly disables both client-server and node-to-node options. PLAT-19135
Enables running YBA in FIPS compliant mode, changing the hashing algorithm for user passwords and API keys, and migrating to FIPS validated Bouncy Castle version. PLAT-11945
Introduces UNIVERSE.DEBUG for specific debugging actions, enhancing access control. PLAT-14856
Enables scraping of internal otel metrics by YBA-I Prometheus. PLAT-16912
Adds a new metric to alert users hourly if the Encryption at Rest (EAR) key is invalid in any universe. PLAT-17266
Enables public access to the CipherTrust runtime configuration following QA qualification. PLAT-17315
Allows custom configuration of GCP connection draining timeout. PLAT-17356
Added a runtime flag, enable_backups_during_ddl, allowing control over running backups during DDL operations, and ensuring backups won't fail during a DDL as no catalogue version check is performed. PLAT-17392
Fixes AWS KMS exception logging. PLAT-17445
Allows retry and abort options for pause and resume universe tasks, with task versions instead of YBA version for comparisons. PLAT-17572
Introduces combined total_ysql_ycql_ops_per_sec and total_ysql_ycql_ops_latency metrics for YSQL and YCQL operations. PLAT-17751
Allows configuring the catalog upgrade admin ops timeout, now defaulting to 15 minutes. PLAT-17807
Allows custom values for service endpoints in operator universe CR to enhance flexibility. PLAT-18044
Adds OutlierDB support to metrics view and removes outdated code. PLAT-18272
Adds uninstall command details to yba-ctl help section for ease of use. PLAT-18377
Allows PA Installer to generate Sping overrides properties file, ensuring correct software directory path. PLAT-18547
Allows viewing and filtering of all available TP sinks by their export types using a new API. PLAT-18656
Expands supported Graviton instance types in YBA. PLAT-18781
Allows force rollback option in API for handling unexpected universe behaviour after detach operation. PLAT-18834
Shows a banner for cron-based universes needing an upgrade before v2025.2. PLAT-17422
Displays WAL status in CDC metrics for clearer stream expiry info. PLAT-18496
Enables viewing estimated sizes for support bundles in the YBA UI. PLAT-16312
Adds error logging for Azure load balancer backend pool updates to highlight potential permission issues. PLAT-17475
Allows creation of cross-cluster replication without a full table copy by making storage-config optional. PLAT-17555
Hides internal runtimeconfig keys from users during LDAP configuration. PLAT-17562
Removes code used for cross-compilation in the binary generation for CLI, aligning it with the machine's architecture. PLAT-17568
Corrects LDAPCustomerUUID runtimeConfig and enhances help text for group update command. PLAT-17619,PLAT-17651
Enables case-insensitive email comparison in YBA CLI. PLAT-17679
Masks API Token during register, login, and auth commands by default, unless user enables show-api-token flag. PLAT-17770
Removes otho8Aut prefix from PG log lines before export to customer sink in both PG logs and DBAL export. PLAT-18505
Introduces soft memory limits to the query log export API, enhancing control over log exports. PLAT-18552
Ensures correct backup intervals, and adds validation for continuous backups, limiting frequency to less than 2 minutes and longer than 1 day, and restricting restores to empty YBA or backups less than 1 day old. PLAT-18816,PLAT-18839,PLAT-18793
Enables allow_connection_pooling by default. PLAT-19061

Bug fixes

Backups succeed even when DDL changes are occurring during the backup process. PLAT-17628
Enables rotation of self-signed and Hashicorp certificates in K8s universe using rolling, non-rolling, or non-restart upgrade options. PLAT-12143
Enable non-rolling toggling of TLS on Kubernetes universes for node-to-node encryption. PLAT-12508
Secures LDAP passwords in logs by redacting sensitive flags during operations. PLAT-12639
Includes universe name and DB name in backup directory structure for easier identification. PLAT-15459
Allows preflight checks to pass for nodes experiencing drift greater than 400ms. PLAT-15864
Enhances latency alerts to display affected node names and ensures alert thresholds are in milliseconds. PLAT-16426
Packages earlyoom into the node agent package during build. PLAT-16584
Adds a health check to verify earlyoom's functionality and mlock capability, along with a metric to count earlyoom kills. PLAT-16591
Introduce a runtime configuration flag for controlling features via the UI/API interface. PLAT-16593
Introduces protection for applying grants to nonexistent roles and supports ON_ERROR_STOP during restore. PLAT-16613,PLAT-16614
Switches SSL certificate verification to use fingerprint comparison, enhancing compatibility and reducing task failures. PLAT-16726
Brings back missing commits for xCluster DR, preventing setup failure when source has empty tables. PLAT-16771
Triggers full backup instead of incremental if a scheduled full backup is missed. PLAT-17116
Adds THP configuration parameters to legacy provisioning documentation. PLAT-17169
Removes restriction on xCluster table status metric, ensuring it's always reported even when tasks are running. PLAT-17290
Corrects per zone replica setting in geo-partitioned cases during K8s universe creation. PLAT-17374
Allows non-sudo users to complete node agent setup in a fully manual provisioned universe using remote node tmp directory. PLAT-17391
Allows software upgrade in a 9-node 3 RF universe to follow user-defined batch size instead of upgrading one-by-one. PLAT-17420
Ensures TLS toggle and cert rotation manage YBC flags on dedicated masters. PLAT-17472
Eliminates collection of WARN logs in support bundles to save space as they duplicate INFO logs. PLAT-17480
Automates recovery from pending Helm upgrade status without needing manual intervention. PLAT-17485
Ensures YBA runs in UTC to maintain consistent timestamp handling. PLAT-17486
Increases the nproc limit to support larger T-Servers. PLAT-17490
Packages YBC as part of YBDB container image, offering built-in executable functionality for Kubernetes universes. PLAT-17505,PLAT-17500
Allows new YBC deployment flow and gflags upgrade via helm override, using pre-packaged YBC binary and mounted controller flag secret. PLAT-17506,EPIC-17500
Revamps YBA installer handling of self-signed certs, adding yba-ctl certs generate command. PLAT-17535
Enables users to configure Prometheus for remote write and HTTPS via yba-ctl. PLAT-17546
Automatically roll back universe edit if no new nodes are created, preventing nodes from being incorrectly marked To Be Removed. PLAT-17549
Enables BackupAdmin Role to perform old RBAC restore preflight checks. PLAT-17553
Prevents unnecessary re-installation of node agent if root-level systemd is detected. PLAT-17665
Disables Yugabyte managed image bundles for air-gapped installations, requiring custom images instead. PLAT-17699
Enhances yba-ctl rollback to better handle filesystem and service restoration. PLAT-17717
Blocks installs and upgrades on systems with incompatible GLIBC versions. PLAT-17725
Enables appending a custom suffix to the CN field of certificates created by cert-manager. PLAT-17732
Adds support for setting up and maintaining the configuration in YBA for xCluster with DDL replication setup. PLAT-17775
Prometheus logs for YBA now write to the data directory, solving issues with permission and HA setup. PLAT-17877
Adds a check to block non-restart upgrades when universe nodes are in-transit. PLAT-17905
Allows hot reload of certificates on Kubernetes universes without restart during task changes. PLAT-17956
Enhances method to decide if use_sudo is needed for Ansible runbooks based on TServer status. PLAT-17963
Enables runtime configuration by default for rolling nodes in Kubernetes and VMs starting in 2025.1. PLAT-17966
Enables automatic DDL replication mode in the YBA UI for easier schema changes. PLAT-17969
Updates Java dependencies to address multiple CVEs. PLAT-17981
Upgrades the Cassandra client library to enhance security. PLAT-18007
Upgrades Ansible version to enhance security and prepare for its future removal. PLAT-18009
Upgrades braces to version 3.0.3 to prevent memory exhaustion. PLAT-18011
Disables the DDL replication for xCluster configurations by default to prevent exceptions. PLAT-18025
Ensures YSQL migration file consistency during upgrades and backups. PLAT-18057
Allows usage of k8s_parent.py script for container image-based YBC deployment. PLAT-18062,EPIC-17500
Prevents entire configuration restart when a database with more failed tables than healthy ones fails to replicate. PLAT-18073
Allows dynamic GFlag validation in YBA when upgrading GFlags for CSP and k8s-based universes, using the validateFlagValue RPC. PLAT-18095,PLAT-18097
Enhances node operations for on-premises nodes by conducting prechecks for node consistency and failing operations if Node not found condition arises. PLAT-18131
Speeds up backups by updating universe details when all nodes are upgraded, not just when the background task detects it. PLAT-18165,PLAT-18175
Allows use of node hostname on master to fix pg_upgrade and InitDb issues in Kubernetes with encryption enabled. PLAT-18177
Ensures safer K8s rollbacks by tracking TServer upgrades and flag settings. PLAT-18178
Removes the DB Queue Overflow Alert due to its frequent false positives causing more issues. PLAT-18185
Allows setting a higher open file limit, includes a license reading command, stops services in reverse order to avoid dependencies, and displays binary location in status output. PLAT-16518,PLAT-18186,PLAT-15718,PLAT-17373
Allows asynchronous upgrading of YBC throttle parameters through the UI. PLAT-18199
Introduces the immutable YBC flow in Kubernetes universes, allowing users to modify throttle parameters for immutable YBC on Kubernetes universes using a new async API. PLAT-18140,PLAT-18200,PLAT-18198
Enables retry for the TLS toggle task in K8s and resolves node task failure for ClientToNode only universes. PLAT-18136,PLAT-18208
Allows super users other than "cassandra" to perform LDAP database syncs. PLAT-18209
Fixes race condition by saving temporary root CA with a unique label, preventing constraint check failure during simultaneous root CA rotation for multiple universes. PLAT-18214
Corrects the propagation of earlyoom state in universe creation, ensuring it's not incorrectly enabled on new nodes. PLAT-18221
Default runtime flag validation now occurs as skip_runtime_gflag_validation default value is changed to false. PLAT-18228
Simplify flag validation during VM universe creation and include redaction in task logs for improved data privacy. PLAT-18096,PLAT-18233
Removes outdated Path sections and updates logging to use journal in systemd files. PLAT-18249
Ensures support bundles correctly collect flag overrides in Kubernetes environments. PLAT-18255
Prevents simultaneous run of promotion and demotion operations to avoid system instability. PLAT-18279
Enables customization of tserver liveness probes in the Helm chart. PLAT-18285
Introduces disk throttling support during backup/restore in YBC throttle parameters window. PLAT-18300
Adds retries to systemctl commands for better stability during service management. PLAT-18321
Ensures bootstrapping is always indicated as required for automatic DDL replication setups. PLAT-18344
Enhances switchover reliability by excluding replicated_ddls from replication prechecks. PLAT-18346
Allows specifying a custom home directory for on-premises provisioning using the node agent provisioning script. PLAT-18347
Reduces lock scope in XClusterScheduler to prevent UI unresponsiveness during node failures. PLAT-18398
Prevents errors by checking PITR configuration existence before deletion. PLAT-18401
Allows tracking of client activities and identification of slow APIs through the new YBA web server access log. PLAT-18403
Ensures the UI reads tableId from sourceTableInfo for sequence data tables, resolving issues related to UUID truncation and comparison for equality. PLAT-18421
Allows users to configure cloud volume encryption at runtime. PLAT-18432
Disables DDL atomicity check for YCQL only universes to avoid unnecessary failures. PLAT-18442
Adds UI option for S3 "SIGNING_REGION" configuration behind a runtime flag. PLAT-18451
Allows restarts to be triggered when needed due to YBC flag changes by adding YBC flags annotation to TServer pod template. PLAT-18453
Allows deletion and recreation of PITR schedule during all upgrades, limiting xCluster DR operations during upgrade process. PLAT-18466
Corrects DR configuration issue for proper snapshot and retention settings. PLAT-18473
Reduces logical replication lag reporting issues by using cdcsdk_flush_lag metric. PLAT-18479
Changes query_id to string for compatibility in live queries. PLAT-18481
Updates xCluster schema change mode configuration descriptions for clarity. PLAT-18489
Prevents unexpected pod restarts during partial upgrades by setting the partition value as the number of pods, not 0. PLAT-18497
Allows installation scripts to run successfully as either root or non-root user, preventing permission errors. PLAT-18500
Allows toggling of TLS, hot certificate rotation, and updating of APIs for Kubernetes. PLAT-18502,PLAT-17695,PLAT-17696
Fixes the issue where the standby UI of YBA HA didn't respect UI restrictions for LDAP users, now correctly displaying a 401 error message for unauthorized requests. PLAT-18503
Disables misleading systemd precheck alerts for cron-based universes. PLAT-18515
Upgrades Postgres image in charts to address new customer-reported CVEs. PLAT-18517
Corrects text and suggestions for the xCluster command in the CLI. PLAT-18535
Accommodates future crypto policies by updating keys to use 3072 bits instead of 2048. PLAT-18556
Fixes the issue of excess masters by updating preflight checks and improving health monitoring. PLAT-18573
Adds support for the new use_privileges flag in YBC, enabling backup and restore of roles. PLAT-18588
Allows pausing and resuming of read replica clusters in Kubernetes deployments. PLAT-18663
Allows using yugabyte as the default SSH user in the provider creation page if left blank, specifically for on-premise manual configurations. PLAT-18666
Enables validation of NFS return codes in YBC for better error handling. PLAT-18671
Allows non-root users to correctly run yba-ctl status for global systemd. PLAT-18733
Solves the issue of not being able to rotate to a new certificate in an EIT enabled universe. PLAT-18794
Allows yb-server-ctl script to run successfully with system level systemd universes. PLAT-18804
Converts PKCS12 keystore to BCFIPS format and ensures compatibility with both JKS and PKCS12 format for java truststore file post-upgrade. PLAT-18815
Enhances error reporting for flag validation, ensuring all zones of every cluster get validated and display descriptive error messages for illegal value type errors. PLAT-18820,PLAT-18788
Allows individual certificate rotation on Kubernetes universe when either server or client cert is disabled. PLAT-18843
Allows TLS toggle, hot cert reload, and selection of different root certs for K8s universe, with enhanced API and UI options. PLAT-17695,PLAT-18791,PLAT-18502,PLAT-18845,PLAT-17696,PLAT-18237,PLAT-18790
Adds validation for flags during read replica cluster creation. PLAT-18859
Enables consistent TLS support for c2n on K8s universe by setting rootCa and clientRootCA the same. PLAT-18864
Enables non-restart certificate rotation for VM-based universes by passing the rolling-restart option. PLAT-18873
Streamlines CA certification error messages for K8s universes. PLAT-18979
Allows subdomain and CIDR support in YBA's custom proxy selector. PLAT-18925
Adds UI functionality to disable TLS in the creation of K8s universe. PLAT-18987
Refines Certs rotate API to create new root CA, avoiding reliance on null values. PLAT-18989
Fixes issue with creating a Kubernetes universe with TLS disabled and corrects payload generation errors. PLAT-19002,PLAT-18987
Ensures special characters in flag values are escaped to prevent bash-related errors. PLAT-19018
Allows client-to-node server certificate rotation in YBA UI. PLAT-19054
Allows non-bash method in ValidateGFlags command to simplify escaping of special characters. PLAT-19067
Simplify certificate rotation in K8s universe with support for c2n only TLS, resolving rotation failures. PLAT-19083,PLAT-18989
Prevents null pointer exceptions during backup restores in YBA. PLAT-17627
Enables password changes for ReadOnly and ConnectOnly roles via the reset_password API. PLAT-16734
Send notifications to users when changes, including password resets, are made to their accounts. PLAT-16735
Handles commas in TLS algorithm lists for different OS compatibility. PLAT-16931
Adds a critical alert for invalid THP settings on a node based on health check metric. PLAT-17170
Ensures Ansible provisioning validation works on Ubuntu by updating the scripting method. PLAT-17349
Enables retrying CreateUniverse for on-prem nodes by modifying preflight checks. PLAT-17368
Ensures YBA HA promotion success even if it fails midway after a restore. PLAT-17369
Ensures node updates during tasks won't overwrite live data with stale information. PLAT-17405
Enables the "Install Node Agent" action for on-prem universes with available SSH keys. PLAT-17436
Enables a UI banner to prompt enabling Node Agent auto-installation for convenience. PLAT-17437
Disables background node agent installer by default, but tracks universes needing migration. PLAT-17435,PLAT-17449
Reduces queue size for dead node agents' processor, minimizing delay in resolving unreachable state when connection is restored. PLAT-17518
Adds a field to track node agent status updates on universe nodes. PLAT-17520
Skips THP setting on CentOS 7 and AL2 to enhance stability. PLAT-17545
Simplifies running multiple shell commands in the node agent. PLAT-17625
Adds a critical alert to identify when RSS memory growth is due to incorrect THP settings, especially in busy servers. PLAT-17637
Ensures NFS backups in Kubernetes universes proceed despite minor errors. PLAT-17638
Removes the memory preflight check from node agent during node agent provisioning. PLAT-17647
Enables skipping software download when starting a master node in UpgradeTaskSubType, if software is already present. PLAT-17661
Ensures collect_metrics.sh script re-uploads if a node name is reused. PLAT-17671
Corrects file ownership for files generated using templates when run as root user. PLAT-17701
Upgrades YBC to version 2.2.0.2-b5 for client and server. PLAT-17736
Adds two tasks for OSS Cluster to YBA universe migration and includes support to add sudoers. PLAT-17747
Updates outdated CRDs in the charts repo manually and sets up automation for future updates. PLAT-17749
Sets execute permission on core dump files for accurate reporting. PLAT-17750
Ensures node agent installs correctly on hardened images by fixing permission issues. PLAT-17777
Updates gonja dependency for Node Agent to support newer syntax style. PLAT-17783
Separates runtime configuration for existing and new Performance Advisor to prevent regression issues. PLAT-17842
Transfers preview flags checks to an asynchronous task to prevent universe creation timeouts. PLAT-17878
Allows synchronous installation of node agent during add, edit, and VM image upgrade tasks using a runtime configuration. PLAT-17892
Deprecates the "role" field in the Users API response. PLAT-17902
Enables manual flow control for Java node agent gRPC streaming to prevent buffer overflow. PLAT-17927
Upgrades setuptools to 78.1.1 to address high-severity CVEs. PLAT-17982
Enhances security by updating Go libraries to address multiple CVEs. PLAT-17983
Disables creation of new cron-based universes in backend, anticipating users have migrated to systemd. PLAT-17993
Enables platform systemd timers to start via node agent. PLAT-18029
Allows changing ports in CP even if pgsql_proxy_bind_address is set manually. PLAT-18058
Ensures YBA Installer works on RHEL8/9 by handling native libs correctly. PLAT-18081
Adds support for CRUD operations for CipherTrust KMS configurations in CLI. PLAT-18102
Reduces large allocations in TabletClient with defensive measures and added logs for RPC operation details. PLAT-18106
Removes devops from the node-agent package extraction. PLAT-18149
Reduces buffer size to 1MB and switches to heap memory for easier management. PLAT-18164
Allows passing of request ID in node agent for easier debugging. PLAT-18171
Reduces high CPU usage by eliminating infinite loops in YBC upgrades. PLAT-18174
Clears the node agent error field after a successful heartbeat. PLAT-18176
Adjusts node agent to prevent JWT from expiring in less than a second during registration. PLAT-18187
Allows node agent to recommission on-premises nodes using absolute paths and conditional node-exporter disabling. PLAT-18196
Upgrades Prometheus in Helm charts to v3.5.0, addressing over 10 vulnerabilities. PLAT-18201
Allows creation of a pre-check binary to verify node agent and systemd activation for all universes. PLAT-18211
Allows externalizing node agent client connection parameters and enables GRPC logging for easier debugging. PLAT-18224
Upgrades node_exporter to version 1.9.1, enhancing security. PLAT-18315
Removes enable field from NodeAgentEnabler and makes node agent mandatory in live nodes after migration. PLAT-18337
Simplifies earlyoom installation in on-premises by removing incorrect and unnecessary script lines. PLAT-18412
Updates protobuf python dependency and setuptools for enhanced security and to fix high severity {{<cve "CVE-2025-4565">}}. PLAT-18428,PLAT-17982
Allows overriding pgsql_proxy_bind_address to internalYsqlServerRpcPort when CP is enabled without restarting. PLAT-18434
Upgrades Go version to 1.24.6 and updates dependencies to enhance security. PLAT-18446,PLAT-18447
Adds retry mechanism for systemctl commands in node agent to manage unstable dbus connections. PLAT-18450
Allows server configuration via node agent by disabling ansible with the flag disable_configure_server set to false. PLAT-18492
Addresses {{<cve "CVE-2025-58367">}} with a Deep Diff update. PLAT-18557
Resolves an issue where stopped on-prem nodes were incorrectly removed from the blacklist after release. PLAT-18572
Fixes node agent provisioning handling of settings to correctly replace lines in the file, preventing incorrect values after reboot. PLAT-18584
Excludes k8s universes during YBA upgrade precheck for node agents. PLAT-18586
Fixes rollback upgrade failure on OpenShift clusters by using pod configuration for cleanup. PLAT-18664
Fixes an issue causing failure in scaling up read replica cluster due to null pointer exception. PLAT-18703
Ensures checks for already enabled YB-Master service to prevent unnecessary crash loops. PLAT-18759
Sets default flags for Cost-Based Optimizer and read committed isolation levels on new clusters for version 2025.2. PLAT-18800
Allows installation of node agent on resume-universe for paused universes pending migration. PLAT-18847
Fixes issue with S3 cross-region bucket access due to AWS SDK upgrade, ensuring correct use of endpoint override for non-standard S3 endpoints only. PLAT-18936
Eliminates unreliable sudo access check and always installs service during node agent installation. PLAT-18940,PLAT-18881
Pass "ENABLE" opType to activate encryption at rest in new EAR workflow through the CLI. PLAT-18950
Adds a pre-upgrade hook to update password and prevent login failure during PG 11 to 14 upgrade. PLAT-18857
Upgrades Jinja2 to version 3.1.6 to address {{<cve "CVE-2025-27516">}} vulnerability. PLAT-18964
Fixes node agent installation failure for CSPs on Ubuntu. PLAT-19023
Corrects master state removal in node-agent by passing arguments accurately. PLAT-19086
Corrects the Switchover DR failure in older YBA versions by setting a default value for automaticDdlMode. PLAT-19136
Removes NGINX from YBA Helm charts in versions 2.14 to 2.20. PLAT-10837
Prevents client from making getUniverseLbState API calls while a task is active or before universe creation. PLAT-11782
Shows if YBA UI is running in FIPS mode through a new pill indicator. PLAT-12651
Adds more metrics for tracking read/write operations and latency on the tables metrics page. PLAT-14381
Enables configuration of continuous backup from the YBA platform admin tab, with the inclusion of a new backup storage configuration select field and a feature flag for activation. PLAT-14456
Add a restore backup feature in the YBA interface to support both cloud and local backups. PLAT-14457
Allows creating a one-time local backup of YBA through the user interface. PLAT-14484
Introduces a new folder structure for features using common components library in the Create Universe. PLAT-16231
Enhances user interface for Create Universe, with tooltips, improved rank display, new review and summary step, better validation, error messages, and accessibility. PLAT-16236
Introduces a new Hardware Settings page in the Create Universe section. PLAT-16239
Adds a Database Settings page with options to enable YSQL, YCQL, and Auth, and manage Connection Pool and Ports. PLAT-16240
Adds a Security Settings Page with options for enabling node-to-node and client-to-node encryption. PLAT-16241
Enhances "Create Universe" workflow by integrating RBAC logic, adding new parameters, introducing validation schema for settings, fixing UI bugs, optimizing Single Node selection, and introducing a Preferred Info modal. PLAT-16244
Streamlines the Create Universe process with enhanced user experience and cleaner code. PLAT-16244
Upgrades yugabyte-core library to version 2.0.1 and adds data-test id's for all components. PLAT-16245
Fixes UI bugs and adds YBSmart tag component for region in Create Universe. PLAT-16245
Refactors UI validation, adds translations, and manages dependent fields in Create Universe feature. PLAT-16246
Adds missing time module import and a retry loopin AWS elastic IPs deletion script. PLAT-16802
Enables on-prem provider server-side validation by default and standardizes validation controls. PLAT-16934
Enables expanding K8s universe with OIDC enabled by using task parameters universe details, resolving Kubernetes config cannot be null error. PLAT-17053
Adds a scheduled task to store and monitor slow queries data in each universe's system_platform DB for performance comparison, with a retention period of 7 days. PLAT-17072
Adds logging to Azure provider validator and creates network interface in the same resource group as VM. PLAT-17115
Simplifies attach/detach flow by ensuring source and destination platforms are of the same version. PLAT-17125
Refactors YBClient usage to consistently use try-with-resources, enhancing memory leak prevention. PLAT-17164
Enhances IP validation in multi-cluster deployments for accuracy. PLAT-17205
Enables updating server flags directly in the node agent. PLAT-17217
Reduces the occurrence of exceptions during load of previous results by shifting node_health process stats from /tmp. PLAT-17219
Enables software installation and certificate upload after package download in the node-agent. PLAT-17221
Streamlines the software upgrade process by enhancing the TServer check and ensuring the new API supports rollback requests. PLAT-17254
Allows for universe key rotation validation after recreating a new key with the same name, preventing later failures. PLAT-17264
Shifts Attach/Detach APIs to v2 for CLI support, includes custom vendor extensions, and marks v1 APIs as deprecated. PLAT-17294,PLAT-17285
Enables setting of custom NTP server in the provider for universe creation. PLAT-17303
Enables task checkpointing with an optional runtime flag for easy disabling. PLAT-17325
Adds checkbox to filter PgAudit logs from support bundles to protect sensitive data. PLAT-17371
Allows concurrent GFlag upgrades without displaying server delay in the UI. PLAT-17379
Writes PG upgrade check logs to a temporary file for better error parsing. PLAT-17418
Allows accurate display of master placement changes in the modal when moving from dedicated to colocated masters. PLAT-17443
Integrates old G-Flag UI with necessary modifications in database settings. PLAT-17460
Enables FIPS compliance through Helm by passing -Dorg.approved_only=true to Yugaware via YBA K8S helm chart. PLAT-17482
Preserves reserved on-prem nodes in memory until transaction success, allowing for potential retries. PLAT-17499
Enables Istio compatibility for TLS-enabled YugabyteDB clusters. PLAT-17513
Ensures custom pre-provisioning hooks run before any software installations. PLAT-17531
Enables new task details user interface by default. PLAT-17541
Adds support to modify disk rate limiting parameters on YBC via an API, and introduces new runtime configurations for controlling disk I/O read/write bytes per second. PLAT-17560
Adds CLI support for attach/detach APIs, currently under the PREVIEW feature flag. PLAT-17564
Implements configure server and setup provision in node-agent, leaving otel-collector installation and cgroups setup. PLAT-17577
Ensures arrow key presses do not change tabs when using the support bundle modal. PLAT-17578
Adds support for configuring otel collector for universe using node-agent. PLAT-17613
Introduce cgroup setup RPC in node-agent for smoother operations. PLAT-17614
Enables server destruction for on-premises setups using Ansible in the node agent. PLAT-17655
Resolves pod restart issues during Kubernetes volume resize combined with other spec changes. PLAT-17659
Fixes the tablespace backup issue by correctly setting backup flags. PLAT-17682
Ensures restore preflight fails correctly when PITR is out of window. PLAT-17719
Exits early if a node provisioned using the node agent provisioning script cannot connect to YBA. PLAT-17734
Incorporates waitForServerReady into universe creation task to ensure stable tablet operation. PLAT-17741
Updates minimum version for PG-15 upgrade to 2024.2.3.0. PLAT-17752
Resolves inconsistency in displayed instance type changes during smart resize, ensuring accurate tag representation. PLAT-17755
Ensures UI updates correctly when preflight checks fail during Linux upgrades. PLAT-17756
Allows admin users to view detailed subtask list under task details. PLAT-17761
Expands GLIBC precheck compatibility for various system versions. PLAT-17784
Resolves broken retryability and rollback issues during the PG 15 software upgrade in K8s. PLAT-17798
Enables resource reservation for Azure, grouped by instance type and region, which can be activated for operations like CREATE, EDIT, RESIZE, and RESUME. PLAT-17801
Adds resource reservation feature for AWS in YBA, grouped by instance type and region, but disabled by default. PLAT-17804
Adds Dynatrace as a metric export sink, custom prefix to all metrics, and validation for telemetry providers. PLAT-17818,PLAT-17830,PLAT-17823
Adds a new API for metrics export and incorporates a task to install otel collector if needed. PLAT-17833,PLAT-17825,PLAT-17824,PLAT-17817
Fixes an issue where GCP validation fails with null during universe key rotation. PLAT-17843
Ensures software upgrades correctly rollback by preserving the initial autoflag version. PLAT-17854
Now includes pg_upgrade_dump*.log and init db logs in the support bundle for easier PG11 to PG15 upgrade troubleshooting. PLAT-17855
Enhances backup reliability by preventing hangs during master address resolution failures. PLAT-17886
Adds configurable soft and hard memory limits to otel collector in configuration and systemd service files. PLAT-17827,PLAT-17897,PLAT-17828
Adds OpenShift compatibility to Helm charts via the ocpCompatibility.enabled flag. PLAT-17919
Enables OpenShift compatibility for Helm charts by using ocpCompatibility.enabled flag. PLAT-17919
Prevents Universe Overview page from crashing when retrieving LB state details fails. PLAT-17921
Adds a check to avoid null pointer exception when unable to fetch taskInfo. PLAT-17926
Allows getting the pricing of the universe before its creation via the POST universe_resources API in v2 APIs. PLAT-17939
Ensures YBA upgrades from 2.18 to 2025.1 handle migrations correctly on first attempt. PLAT-17940
Increases PG catalog operations default timeout to 1 hour for all universes. PLAT-17987
Adds a point-in-time recovery (PITR) warning to the database upgrade process. PLAT-17997
Enables architecture selection during On-Prem Universe deployment. PLAT-18036
Corrects issues with server flag configuration, OIDC key uploads, and folder symlinking during software upgrades. PLAT-17922,PLAT-18046,PLAT-17930
Adds a check to ensure correct otel collector placement when the configuration file is disabled. PLAT-18061
Adds an API to display if a YBA instance complies with FIPS in the UI. PLAT-18063
Automatically enables FIPS during universe creation on FIPS enabled systems. PLAT-18064
Hides LDAP passwords in the YBA flags configuration UI to enhance security. PLAT-18069
Allows connection pooling and flag groups in the v2 create universe API. PLAT-18072
Ensure local build uses craco instead of react-scripts, fixing import alias issue and preventing orphaned processes. PLAT-18076,PLAT-18075
Ensures appropriate utility versions for ARM architectures during Node Agent setup. PLAT-18093
Eliminates universe creation failures due to missing Node Exporter in primary read replica in on-prem environments. PLAT-18103
Refactors Hardware & Proxy Settings code and fixes UI/UX issues on the same page in Create Universe. PLAT-18115
Restores from backups now compare against the earliest snapshot time for accuracy. PLAT-18117
Updates YugabyteDB to version 2.2.0.2-b9, supporting backups during DDL. PLAT-18120
Uses pod-specific configuration to execute commands, enhancing permission accuracy during upgrades. PLAT-18121
Ensures correct kubeconfig is used when adding a new AZ in Kubernetes setups. PLAT-18154
Upgrades OAuth2 in Go services to fix a CVE. PLAT-18193
Switches On-premises Node Reprovision task from using Ansible to using node agent provisioning script. PLAT-18202
Allows new nodes to use the updated image by ignoring the machine_image in the edit universe flow. PLAT-18203
Enables Azure backups to operate correctly with subdirectory specifications. PLAT-18207
Enables yugaware precheck to confirm all universes use node agent for upgrades >=2025.2. PLAT-18212
Restores old backups correctly without migration errors. PLAT-18235
Integrates the review page with the backend API for Create Universe, adding PG Compatibility and fixing checkbox height. PLAT-18240
Introduces UI support for Dynatrace telemetry provider, along with a new column to show universes using specific export configurations. PLAT-18262
Increases YBC client and server version to 2.2.0.2-b12, fixing a race condition and dangling pointer issue. PLAT-18271
Allows user-specified task time-out to apply to async tasks, improving execution time control. PLAT-18275
Adjusts the configuration template file for correct PA service startup path. PLAT-18277
Enables PgAudit log filtering by default in support bundles, with an option to include via UI checkbox. PLAT-18302
Offers corrected region tags and map coordinates in the Create Universe feature. PLAT-18327
Update YBC client and server to the new version 2.2.0.3-b5. PLAT-18340
Enables successful PG-15 upgrades with DB audit logging. PLAT-18358
Ensures the Yugabyte home directory in the on-prem provider matches that on the DB node to prevent errors. PLAT-18366
Enables database metrics export functionality in the YBA UI with an added metrics export modal. PLAT-18369
Restores now allowed even with conflicting tablespaces detected, unless unsupported tablespaces are present. PLAT-18423
Increases success marker download timeout and makes it configurable using the flag ybc.success_marker_download_timeout_secs. PLAT-18429
Fixes symlink issues to prevent rolling restart failures in OpenShift. PLAT-18433
Adds new Mexico regions to YBA metadata files in both AWS and GCP. PLAT-18436
Fixes capacity leakage during universe creation failure and improves deletion in certain edge cases. PLAT-18440
Ensures the node agent provisioning script supports custom home directories. PLAT-18445
Prevents null pointer exceptions during continuous backups when the last backup record is null. PLAT-18449
Enhances stability by ignoring irrelevant index table IDs in the list universe tables API with xClusterSupportedOnly=True. PLAT-18485
Simplifies Performance Advisor Service setup by always running it in dedicated mode and removing withPlatform option. PLAT-18509
Removes the need to search for pa folder in perf-advisor and ensures correct installation by initializing version string. PLAT-18512
Shifts runtime configuration to provider level for enhanced flexibility. PLAT-18518
Fixes version check for dump_role_check in backups to apply flags correctly. PLAT-18533
Blocks database restore during the monitoring phase for all upgrades. PLAT-18555
Ensures Prometheus correctly uses self-signed certificates in HTTPS mode. PLAT-18561
Refactors tablespace handling during restore and enhances UI feedback for conflicts or unsupported tablespaces. PLAT-18565
Renames export log components to export telemetry to support both logs and metrics. PLAT-18574
Allows automatic rollback and retries on capacity reservation failures, and ensures unused resources aren't paid for. PLAT-18585
Adds tooltip, placeholder and helper text to Dynatrace telemetry provider form for enhanced user experience. PLAT-18589
Ensures the ybp_universe_connection_pooling_status metric is consistently exported, even when the universe is paused. PLAT-18590
Corrects the format of the query parameter for universe task list fetch. PLAT-18592
Allows picking any live TServer when the master leader node is unavailable during a PG-Upgrade check. PLAT-18618
Allows PITR configurations to stay enabled during upgrades without necessary finalization. PLAT-18619
Moves Performance Advisor's JAVA spring properties to the installer template, sets JAVA environment variable for new VMs, and aligns service names. PLAT-18622,PLAT-18583
Ensures AWS KMS Endpoint and S3 Bucket Host Base include https scheme when overriding endpoints. PLAT-18625
Allows SSH access to DB nodes using yugabyte user directly in RHEL 9 by fixing Selinux labeling issue. PLAT-18631
Export configuration options now filter based on the required support for logs or metrics export. PLAT-18654
Revamps the metrics export attributes processor to include exporter tags and manage scenarios with no added attributes. PLAT-18657
Updates the -netty-shaded to version >=1.75.0 to address {{<cve "CVE-2025-55163">}} and upgrades -security-crypto from version 5.8.16 to 5.8.18 or higher. Also, migrates spring libraries from 5.x to 6.x. PLAT-18658
Allows access to the telemetry providers page if either metrics export or audit logging is enabled. PLAT-18660
Allows metrics export enabling on a fresh universe by conditionally setting install_otel_collector to true. PLAT-18662,PLAT-18661
Fixes an error in CLI describe output when accessing latest flags without setting the environment variable. PLAT-18672
Fixes issue where creating a universe with EBS encryption led to incorrect cmk id on volumes. PLAT-18718
Allows skipping universe ownership validation if the universe is incompatible with the check, such as for old or non-YSQL universes, or if the yb.attach_detach.enabled runtime configuration is not enabled. PLAT-18725
Upgrades java dependencies to fix multiple vulnerabilities, including a Denial of Service issue and Netty's MadeYouReset HTTP/2 DDoS vulnerability. PLAT-18659,PLAT-18737
Integrates regex to enable volume stats metrics matching in OCP. PLAT-18763
Adds support for Python 12 and 13 in YBA installer. PLAT-18765
Enables CipherTrust Key Management System (KMS) runtime configuration by default. PLAT-18770
Marks all telemetry provider APIs as preview, excluding the query logging API, and sets the DBME runtime configuration metrics_export_enabled as public but disabled by default. PLAT-18772
Allows node exporter installation for non-login users without failure. PLAT-18782,PLAT-18639
Adds common attributes to database metrics export for consistency with audit and query logs. PLAT-18808
Adds additional warnings to backup restore process, updates user-facing text for clarity, integrates stricter access controls for backups, and improves UI error reporting for invalid backup intervals. PLAT-18841,PLAT-18812,PLAT-18819,PLAT-18818,PLAT-18858,PLAT-18836
Ensures correct disabling of Otel process after stopping metrics/logs export. PLAT-18888
Mark attach/detach APIs as preview instead of internal, affecting detach universe, attach universe, and delete attach detach metadata. PLAT-18898
Ensures Otel runs on newly added nodes in the universe after enabling metrics export and rectifies the validate function. PLAT-18908
Allows Otel health checks to function correctly even when DBME is disabled. PLAT-18928
Fixes three issues with the attach/detach feature: prevents unnecessary copying of YBC releases, ensures non-null expiry date, and properly sets universe UUID for backed up universes. PLAT-17078,PLAT-17256,PLAT-9573
Allows for handling an empty string as null in case of k8s releases to avoid parsing exceptions. PLAT-18999
Allows successful backup restoration on Kubernetes by ignoring node-agent releases. PLAT-19026
Turns on the audit_logging_enabled flag by default. PLAT-19032
Sets default resources for yb controller and yb cleanup containers to 1 CPU and 1GB memory. PLAT-11861
Adds KMS configuration names to EAR expiry alerts for clearer identification. PLAT-15668
Adds support for Python versions 3.6 and above, including 3.12, by installing setuptools and pywheel using .whl files and introducing a new flag use_system_python for system python usage. Ends script if venv isn't settable. PLAT-16111
Enable users to set latitude and longitude during custom region setup when using node agent provisioning script. PLAT-16184
Adds Encryption in Transit field in Security Settings and Connection Pool field in Database Settings with ports override feature. PLAT-16241,PLAT-16240
Adds Advanced/Proxy Settings and Advanced/Other Settings pages for universe creation with deployment ports, user tags, and additional options. PLAT-16242,PLAT-16243
Ensures query call counts exceed integer limits by using long data types. PLAT-16470
Allows capturing memory usage of top non-YugabyteDB processes on nodes, with configurable number of processes. PLAT-17159
Adds a loading indicator and feedback message when applying K8s overrides during universe creation. PLAT-17174
Fixes incorrect updates in ysql_pg_conf_csv after a concurrent flag upgrade and removes unnecessary red dot in the Actions dropdown of the Overview page. PLAT-17181
Adds LDAP configuration via CLI and allows users to override the default domain name in the universe specification using the Kubernetes operator. PLAT-17265
Enhances handling and defaults of YBA installer configuration. PLAT-17426,PLAT-17361
Resolves conflict between old and new versions of Leaflet in platform and yugabyte-ui-library. PLAT-17438
Allows configuring the timeout for PostgreSQL upgrade checks, defaulting to 600 seconds. PLAT-17473
Allows YBC installation through the node-agent. PLAT-17511
Enables linger to prevent systemd failures during service launches. PLAT-17556
Enables the addition of Geo partitions during universe editing. PLAT-17598
Shows original messages for failed tasks for better clarity. PLAT-17626
Removes "Use SystemD" option from the Create Universe workflow. PLAT-17779
Enable yb.skip_version_checks to bypass software upgrade version checks. PLAT-17780
Revamps YSQL and YCQL metrics chart for better visibility and readability. PLAT-17788
Allows node_agent RPCs by default, replacing ansible for configuring nodes. PLAT-17849
Updates YBA dashboards to display new Master RPC metrics. PLAT-17851
Fixes overlapping issue of checkbox and upgrade modal in Kubernetes. PLAT-17856
Retry of EditUniverse task now works correctly even when a node is in a terminated state. PLAT-17881
Adds options to set IP preferences and custom arguments in service configurations. PLAT-18055,PLAT-18045,PLAT-18054
Returns a 503 error when attempting to submit tasks while the system is in a shutdown state. PLAT-18065
Adds subtask execution time display on UI and refactors API endpoint for enhanced performance. PLAT-18074
Displays the current directory in the system prompt to reduce confusion. PLAT-18155
Enables creating and using custom Kubernetes regions. PLAT-18243
Fixes sensitive data exposure, helm template failure, and kubectl diff failure in Kubernetes. PLAT-18356,PLAT-18325
Allows filtering and adding of specific scrape configurations to the otel configuration generation pipeline. PLAT-17832,PLAT-18357,PLAT-17831,PLAT-17899
Adds support to Restore API for erroring out if tablespaces with same names already exist. PLAT-18392
Enables publishNotReadyAddress for all cases, ensuring DNS records for not-ready pods remain available. PLAT-18438
Introduces a bloom usefulness graph to outlier table/database views, enhancing metrics panel with rocksdb_bloom_filter_checked and rocksdb_bloom_filter_useful metrics. PLAT-18443
Defaults to operator's namespace if no namespace is set in the provider's custom resource in Kubernetes. PLAT-18532
Allows choosing disk type for boot disk based on volume type for c4(d,a) and n4 instance types. PLAT-18546
Fixes Prometheus startup issue on Ubuntu by adjusting redirect commands and logrotate timer frequency. PLAT-18587
Adds more validation to prevent scrape interval from exceeding scrape timeout and removes unnecessary fields from the DBME API. PLAT-18735,PLAT-18736
Hides the node agent installation banner for k8s universes where it's not required. PLAT-18869
Allows group_mapping_rbac_support flag by default, matching the default enabled status of RBAC. PLAT-18717
Removes unnecessary custom serializer and deser from PlatformInstance. PLAT-19709
Enables creating Kubernetes providers using the kubectl interface. PLAT-12862
Allows specifying node placementInfo in a universeCR for fine-grain control over pod placement across different zones. PLAT-12863
Enables importing existing universes created via UI into the operator for efficient workflow management. PLAT-12874
Allows editing PITR retention period directly from the DR config modal in YBA UI. PLAT-15144
Allows filtering of users in the GET list user API based on email addresses. PLAT-15811
Enable OIDC CRUD operations using CLI commands for smoother user management. PLAT-16132
Adds CLI commands to list, describe, download, and delete support bundles. PLAT-16362
Enables the creation of support bundles via the YBA CLI. PLAT-16363
Allows custom TLS certificate management and integration with Cert Manager in Kubernetes and Openshift environments. PLAT-16381
Allows disabling of otel health check when audit logs are turned off. PLAT-17095
Resets provider state if locked during the UpdateProviderMetadata task, preventing intermediate states. PLAT-17113
Ensures only Running tables are added to xCluster replication edits. PLAT-17387
Enables Single Sign-On (SSO) login through the Command Line Interface (CLI). PLAT-17410
Reduces wait times between pod rolling restarts and skips prechecks on task reruns for operators. PLAT-17412,PLAT-17413
Simplifies enabling and disabling of connection pooling for dual NIC cases, resolving issues with wrongly formed host addresses. PLAT-17417
Adds hyperscalar storage options and IOPS details for GCP dedicated mode. PLAT-17441
Resolves issue where xCluster edit command incorrectly removes tables from replication. PLAT-17521
Ensures PYTHON_EXECUTABLE is set for NTPD service checks in clock-skew configuration. PLAT-17524
Simplifies yba-ctl configuration by organizing all related code into a dedicated template package. PLAT-17536
Sets default values for new configuration structs, eliminating the need for complete fill-outs. PLAT-17537
Ensures yba-ctl clean succeeds even with incorrect configurations. PLAT-17547
Allows KMS configuration to be directly included in the universe creation process without separate input. PLAT-17581
Stores upgrade details like finalizeRequired and ysqlMajorVersionUpgrade in the audit table to facilitate smoother transition for YBM, even when auth is disabled in userIntent but enabled through flag override. PLAT-17586,PLAT-17244
Ensures HTTP requests redirect to HTTPS when collecting dump entities in TLS-enabled k8s environments. PLAT-17587
Adds Loki exporter support for DB Audit logging under the runtime flag allow_loki. PLAT-17280,PLAT-17279,PLAT-17664
Solves an issue where replace and decommission node operations fail due to non-existing nodes. PLAT-17669
Adds validation to Loki configuration creation to ensure readiness for log reception. PLAT-17677
Throws an error if universe names in GCP or K8s don't match the lowercase, numbers, and hyphen format. PLAT-17687
Allows editing of communication ports in the universe without replacing nodes, ensuring port overrides are respected. PLAT-17691
Allows direct access to create, update, and full copy commands by removing xCluster from preview flag. PLAT-17703
Allows separate configuration of Prometheus certificate/key paths from YBA to avoid permission issues. PLAT-17712
Incorporates the latest Performance Advisor updates into YBA, including file and variable renaming, package installation, and tab management. PLAT-17733
Allows explicit specification of group during Yugabyte user creation on CIS hardened images. PLAT-17738
Corrects RBS metric calculation and provides updated metrics in YBA graphs. PLAT-17792
Aligns tooltip with label in the Loki configuration UI for better visibility. PLAT-17794
Removes LDAP and group commands from preview, moves them to authentication and access-management. PLAT-17841
Allows background YBC upgrades using node_agent RPC calls, also correcting virtual environment permissions. PLAT-17862
Adds hooks to restart services after node upgrade and port changes. PLAT-17869
Respects Kubernetes override settings for CPU core calculations. PLAT-17874
Enables default service account to access opentelemetry-collector. PLAT-17884
Enables installation, initialization, restart, start, stop, status checking, and upgrade of Performance Advisor Service using yba-installer, along with integrated logging functionality. PLAT-17890
Lists user roles accurately using role binding APIs in CLI descriptions. PLAT-17901
Preserves the vm.max_map_count setting after reboot when is_cloud=true. PLAT-17967
Enhances ClockBound health checks to include systemd status and log analysis. PLAT-17978
Disallow PITR after PG-15 upgrade rollback or during upgrade finalization. PLAT-17999,PLAT-17998
Allows creating universe support bundles without compulsory Prometheus queries. PLAT-18000
Introduces retries for deleting blobs in GCP to enhance reliability of storage cleanup. PLAT-18006
Introduces a new API for query log export and a runtime configuration option, query_logging_enable, for enabling query logging in universes. PLAT-18040,PLAT-18037
Fixes upgrade failure when services are not defined in the statefile in the updated services implementation. PLAT-18068
Adjusts pex build to confirm PEX_ROOT directory exists and is writable, addressing disruption from the latest pex release. PLAT-18101
Adds a dropdown for automatic or legacy provisioning in the YBA UI when creating on-prem providers. PLAT-18112
Adds an API to set zone priorities, allowing for better control over data placement. PLAT-18158
Enables retrieving all user groups from Azure AD by adding pagination support. PLAT-18181
Adds delete, describe, and list commands for telemetry providers to the CLI. PLAT-18183
Reduces import snapshot timeout and adds additional RPC error retries. PLAT-18206
Adds skipKeyValidateAndUpload flag for AWS provider setup to bypass SSH key validation. PLAT-18230
Supports fetching flags checksum using both old and new Helm naming styles. PLAT-18232
Adds hybrid_clock_error metric to YBA for better node health assessment. PLAT-18238
Ensures target YSQL migration files include all source files in xCluster replication. PLAT-18248
Introduces a new metric to monitor the state of connection pooling in a Universe, beneficial for alert definition in YBM. PLAT-18254
Introduces subtasks for modifying query log exporting in universes and adds a health check for Otel processes. PLAT-18151,PLAT-18082,PLAT-18258,PLAT-18039
Enables ON_ERROR_STOP by default during restores on master. PLAT-18264
Automatically includes inherited values in runtime config fetches. PLAT-18267
Allows using node-agent RPC for cGroup configuration during smart resize. PLAT-18309
Optimizes YBA metrics endpoint for better CPU and memory use by implementing buffered writing and gzip compression. PLAT-18312
Enables GCP Cloud monitoring by adding telemetry providers to CLI create operations. PLAT-18324
Streamlines functions and duplicates host label with yugabyte.node_name for efficient query log export. PLAT-18332
Adds common labels to Kubernetes resources and Yugaware charts. PLAT-18353
Updates YBC client and server version to 2.2.0.3-b6. PLAT-18470
Removes log_line_prefix from API until YBM confirms compatibility with new OTEL config filters. PLAT-18501
Adds a universeDetached state and universe owner to universe details to regulate delete metadata operations and attach/detach flow. PLAT-18510,PLAT-17543,PLAT-17984
Prevents YBA backups from overwriting each other using timestamped temp directories. PLAT-18514
Introduces a runtime flag allow_s3 to block S3 exporter support for log export. PLAT-18528
Automatically converts disk throttle parameters from MB to bytes on the UI screen. PLAT-18531
Enables task state filtering option in the paginated tasks_list API. PLAT-18562
Adjusts the default value of revert_to_pre_roles_behaviour to true, impacting dump_role_checks and on_error_stop. PLAT-18594
Eliminates duplicate "SSH Private Key Content" label from the GCP provider creation form. PLAT-18602
Allows controlled server upgrades within availability zones with user-defined sleep time and enhanced logging for visibility. PLAT-18669,PLAT-18667
Ensures the config map is created before the job, preventing failure during helm YBA upgrades due to unavailable storage class issues. PLAT-18726
Prevents cleaning up the PG logs directory during rollback to retain initial logs after a software upgrade failure. PLAT-18752
Reduces unnecessary stack trace by ensuring TryLock for HA returns an empty optional when lock acquisition fails. PLAT-18758
Allows capacity reservation for single node operations. PLAT-18685,PLAT-18870
Adds check to stop Azure universes from using ClockBound to prevent creation failures. PLAT-18912
Updates and adds missing files for new and existing AWS regions, including new instance types. PLAT-18920
Adds support for hot reloading of TLS certificates in the YBC gRPC server. PLAT-18953
Allows successful rotation of clientRootCA for C2N in VM universes where only C2N TLS is enabled. PLAT-19145

</details>