26.3.10.20001 Altinity Antalya

26.3.10.20001 Altinity Antalya (0ef53dd) as compared to v26.1.11.20001.altinityantalya (75d2d67c5e994b61d8ce3729da6cf34bf7ef548a)

Backward Incompatible Change

• Added a new entra processor type which works with Entra using OIDC flow. Old azure type will be an alias. User now needs to specify tenant_id in configuration. (#1784 by @zvonand)

New Features

• Introduce the export partition all command, which schedules exports for all partitions in a given table. Introduce a setting to control scheduling failure behavior (#1741 by @arthurpassos)
• Query condition cache for iceberg tables (ClickHouse#102115 by @scanhex12 via #1804)
• clickhouse-client: added --jwt-command, which invokes an external script to obtain a token; the script is re-invoked on every reconnect. (#1809 by @zvonand)
• Added initial support for s3 tables (Iceberg REST catalog) (#1808 by @subkanthi)

Performance Improvements

• Reading a single large local Parquet file via file() / File engine is now parallelised across multiple sources, each handling a subset of row groups. (ClickHouse#104251 by @alexey-milovidov via #1806)
• Share S3 ClientCache per bucket, reduce repeated region discovery (ClickHouse#96802 by @zvonand via #1807)
• Don't commit while holding the export manifests locks. This avoid contention when the network / commit process is slow. (#1813 by @arthurpassos)
• Do not make 'describe table' query when schema is known (#1845 by @ianton-ru)

Improvements

• SELECT * FROM system.databases now always lists data lake catalog databases regardless of the show_data_lake_catalogs_in_system_tables setting. Previously they were hidden by default, which was inconsistent with SHOW DATABASES that always showed them. (ClickHouse#103444 by @alsugiliazova via #1689)
• Remove the export_merge_tree_partition_lock_inside_the_task setting. No longer maintained (#1713 by @arthurpassos)
• Make export part and partition respect background tasks memory limit (#1728 by @arthurpassos)
• Observability over exceptions on export partition operations was broken and not reliable. This PR simplifies it by making it a single JSON array instead of multiple paths in zookeeper. Another change is that now system.replicated_partition_exports returns only local information, it does not reach zookeeper. (#1730 by @arthurpassos)
• Enabled experimental datalake catalogues by-default (#1504 by @Enmk). (#1743 by @zvonand)
• Support for 'time' type in Iceberg, read and write. (#1761 by @ianton-ru)
• Adds native support for importing and exporting UUID data types in Arrow and Parquet formats. Users can now directly query and transfer UUID data between ClickHouse and other data tools without requiring manual string conversions or workarounds. Automated logical inference for top-level UUIDs, and support for explicit schema hint for nested UUIDs (ClickHouse#99521 by @ivanmantova via #1774)
• Exporting UUIDs to Parquet via the Arrow encoder now includes the correct UUID type annotation, eliminating the need to manually cast FixedString(16) data when reading the files back into ClickHouse or other systems (ClickHouse#100150 by @ivanmantova via #1774)
• Object information used for parsing data files in iceberg now contains the number of file rows and file size in bytes parsed from manifest file (ClickHouse#100645 by @divanik via #1776)
• Resolve problems with paths and compatibility problems with Spark in Azure (v2) (ClickHouse#100420, ClickHouse#100295 via #1785)
• Hybrid tables now can ignore the segments that can't be reached by the combination of WHERE and segment predicate (#1788 by @mkmkme)
• Added system.hybrid_watermarks to introspect the hybrid tables watermarks (#1789 by @mkmkme)
• Various token-based auth improvements (#1799 by @zvonand)
• Change the interface for Iceberg inserts with the catalog. Deprecate settings: storage_catalog_type, storage_aws_access_key_id, etc (ClickHouse#100334 by @scanhex12 via #1800)
• Support Nullable(Tuple) for Arrow, ArrowStream, ORC, legacy Parquet formats (ClickHouse#101272 by @nihalzp via #1802)
• Support Iceberg tables that have data files outside the table location or on a different object storage (#1812 by @zvonand)
• No longer require allow_insert_into_iceberg to be enabled on all replicas for the partition export to work. (#1836 by @arthurpassos)
• Make the export task timeout 24 hours instead of 1 hour (#1843 by @arthurpassos)
• Prevent commit race conditions by adding a per-task commit_lock (#1847 by @arthurpassos)

Bug Fixes (user-visible misbehavior in an official stable release)

• Fix incorrect work view over Iceberg table (#1759 by @ianton-ru)
• Fix infinite recursion with empty namespace in Iceberg catalog (#1762 by @ianton-ru)
• Fix server crash (LOGICAL_ERROR) when executing ALTER TABLE UPDATE/DELETE on Iceberg tables when no prior SELECT or INSERT was done on the table in the same server lifetime (ClickHouse#102113 by @alexey-milovidov via #1767)
• Fix LOGICAL_ERROR crash "Unexpected number of rows in column subchunk" in native Parquet V3 reader when reading nullable columns with a WHERE filter (ClickHouse#102628 by @groeneai via #1768)
• Now ClickHouse should properly handle spark-style tables (where we have full absolute path for each file or relative path to common table path) (ClickHouse#99935 by @alesapin via #1769)
• Fix logical error exception when inserting into an Iceberg table with a Date column partitioned by year, month, or day transforms (ClickHouse#100404 by @alexey-milovidov via #1770)
• Fix Iceberg INSERT retry loop failing when the table was created with iceberg_metadata_file_path and the target metadata version already exists (ClickHouse#101548 by @groeneai via #1771)
• Fix server crash (LOGICAL_ERROR) when SELECT-ing from a materialized view backed by an IcebergLocal table engine (ClickHouse#101577 by @groeneai via #1772)
• Fix Logical error: 'partitions_count > 0' exception when performing consecutive ALTER TABLE UPDATE on a partitioned Iceberg table (ClickHouse#101278 by @Desel72 via #1773)
• Fix crash in IcebergLocal ALTER TABLE ... UPDATE when using Avro format, caused by LowCardinality/Nullable wrapper types not being unwrapped before serialization (ClickHouse#102337 by @Desel72 via #1773)
• Fix exception when Iceberg metadata file path setting contains a null byte (ClickHouse#100283 by @alexey-milovidov via #1775)
• Address OAuth security audit (#1777 by @zvonand)
• Fix incorrect interaction between object_storage_remote_initiator and object_storage_cluster. (#1783 by @ianton-ru)

Build/Testing/Packaging Improvements

• Fix llvm-libc link error with -O0 build (ClickHouse#100023 by @zheguang via #1722)

CI Fixes or Improvements

• Fix exception "Logical error: prewhere_info" when querying URL/S3 Parquet tables with a row-level security policy and no PREWHERE clause. (ClickHouse#100361 by @alexey-milovidov via #1733)
• Fix test_database_iceberg/test.py::test_namespace_filter (#1842 by @ianton-ru)
• Fix Memory Sanitizer build (#1846 ...

24.8.14.10546 Altinity Stable

v24.8.14.10546.altinitystable (2066b28) as compared to v24.8.14.10545.altinitystable (19217e5096cecbca4a02c9cce8f2bd503e4cd92c)

Build/Testing/Packaging Improvements

• Bump openssl to 3.2.6; fix CVEs: CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31790; bump Keeper alpine base image to 3.21.7 (#1707 by @zvonand)
• Fix Sign jobs showing error (#1734 by @MyroTk)
• Increase the timeout for asan integration tests (#1735 by @MyroTk)

Full Changelog: 19217e5...2066b28

Build Report: https://s3.amazonaws.com/altinity-build-artifacts/0/2066b28944d33461f26e5a27053060c4d5f0613b/ci_run_report.html

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/ as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server:24.8.14.10546.altinitystable

25.8.22.20001 Altinity Antalya

25.8.22.20001 Altinity Antalya (6657993) as compared to v25.8.16.20002.altinityantalya (49bb3f7beb5e6e424a1e94c749478fd23a8e6196)

New Features

• Different improvement for remote initiator (#1576 by @ianton-ru)

Improvements

• Add support for EC JWT validation (ES* algorithms) (#1598 by @zvonand)
• Use object_storage_remote_initiator without object_storage_cluster on initial node. (#1638 by @ianton-ru)

Bug Fixes (user-visible misbehavior in an official stable release)

• Fix incorrect potential initiator crash in cluster request when cluster node is unavailable. Fix file identifier for distributed tasks in cluster request. (#1561 by @ianton-ru)
• Fix attempt to create table from table function (#1701 by @ianton-ru)
• Fix race in DDLWorker that broke recursive deletion of the DDL queue path in ZooKeeper. (#1712 by @CarlosFelipeOR)
• Backport upstream fixes for LOGICAL_ERROR in queries with parallel replicas and multiple JOINs (LEFT/INNER...RIGHT, RIGHT...RIGHT, n-way with GLOBAL/FULL) (ClickHouse#86895, ClickHouse#87178, ClickHouse#97316 by @devcrafter via #1724)

Build/Testing/Packaging Improvements

• Use openssl 3.5.6 (ClickHouse#102606 by @thevar1able) (#1679 by @zvonand)

CI Fixes or Improvements

• Fix test_storage_iceberg/test.py::test_object_storage_remote_initiator (#1726 by @ianton-ru)

And ALL Antalya features from previous releases

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/#altinityantalya as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server:25.8.22.20001.altinityantalya

Full Changelog: https://github.com/Altinity/ClickHouse/compare/v25.8.16.20002.altinityantalya...Altinity:ClickHouse:v25.8.22.20001.altinityantalya?expand=1

Build report: https://s3.amazonaws.com/altinity-build-artifacts/REFs/antalya-25.8/e1a7eb14c505eff84ec1dbf50b0a85c810ffc2f7/25331533370/ci_run_report.html

26.1.11.20001 Altinity Antalya

26.1.11.20001 Altinity Antalya (75d2d67) as compared to v26.1.6.20001.altinityantalya (948d4e9a67012444f2e58f7f76c57eb4cdd272ef)

New Features

• Cluster Joins part 2 - global mode (#1527 by @ianton-ru)
• Added support for moving Hybrid table watermarks (#1659 by @mkmkme)
• Add OAuth2 login flow to clickhouse-client. (#1606 by @BorisTyshkevich)

Improvements

• Use object_storage_remote_initiator without object_storage_cluster on initial node. (#1608 by @ianton-ru)
• Make changes to the export partition background engine and support experimental exports to apache iceberg (#1618 by @arthurpassos)
• SELECT * FROM system.databases now always lists data lake catalog databases regardless of the show_data_lake_catalogs_in_system_tables setting. Previously they were hidden by default, which was inconsistent with SHOW DATABASES that always showed them. (ClickHouse#103444 by @alsugiliazova via #1690)
• Change the default value of export_merge_tree_partition_manifest_ttl from 180 seconds to 86400 (a day). This gives visibility over completed export partitions on real usage scenarios. (#1692 by @arthurpassos)

Bug Fixes (user-visible misbehavior in an official stable release)

• Fix rescheduleTasksFromReplica (#1568 by @ianton-ru)
• Solved #1486 File identifier for distributed tasks was changed between 25.8 and 26.1 In frontport #1414 it was missed and rescheduleTasksFromReplica continued to use old variant. Fix unsyncronized access to replica_to_files_to_be_processed class member. (#1493 by @ianton-ru)
• Fix apache iceberg queries not hitting the parquet metadata cache (#1631 by @arthurpassos)

Build/Testing/Packaging Improvements

• Update libssl and libcrypto libraries to fix existing CVEs. (#1656 by @MyroTk)
• Use openssl 3.5.6 (ClickHouse#102606 by @thevar1able via #1650)

And ALL Antalya features from previous releases

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/#altinityantalya as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server:26.1.11.20001.altinityantalya

Full Changelog: 948d4e9...75d2d67

25.3.8.30001 Altinity FIPS

This release delivers a build of ClickHouse based on Altinity Stable release v25.3.8.10042, with changes to cryptography, packaging, and feature availability to ensure compliance with FIPS 140-3 standard. Key changes include:

• Replacing the cryptographic foundation with a validated module
• Enforcing strict security defaults
• Removing non-compliant features
• Providing operational transparency and validation tooling

⚠️ Due to encryption format changes and removed features, careful migration planning is required when upgrading from non-FIPS builds.

---

Changes compared to 25.3.8.10042.altinitystable

FIPS Compliance

AWS-LC FIPS 2.0.0 Integration

• ClickHouse is now built against AWS-LC FIPS 2.0.0, replacing OpenSSL library.
• Full FIPS validation flow enforced at build time, including Known Answer Tests (KAT) and integrity verification.
• FIPS mode is enabled and verified at runtime.

Startup Visibility

• Server logs now explicitly confirm FIPS status:
  • FIPS mode enabled
  • KAT test result
  • Integrity check result

Build Introspection

• system.build_options now exposes:
  • FIPS_CLICKHOUSE=1
  • OPENSSL_VERSION=AWS-LC-FIPS-2.0.0
• Enables programmatic validation of compliance state.

---

⚠️ Breaking Changes

Encryption Codecs (Incompatible Change)

• AES-GCM-SIV codecs removed (not FIPS-approved).
• Replaced with:
  • AES_128_GCM
  • AES_256_GCM
• On-disk format is incompatible:
  • Data encrypted with Codec(AES_128_GCM_SIV) / Codec(AES_256_GCM_SIV) cannot be read by this FIPS release.
  • Symmetrically, data encrypted by this release with Codec(AES_128_GCM) / Codec(AES_256_GCM) cannot be read by other builds.

Migration required:

1. Decrypt data using the original build used for encryption.
2. Re-encrypt using new FIPS codec.

---

🚫 Disabled Features

Due to FIPS constraints and removal of Rust dependencies:

• Delta Lake engine (DeltaLake, deltaLake())
• PRQL query dialect
• Interactive fuzzy history search (Ctrl+R in client)

These features rely on Rust components that are not currently FIPS-compatible.

---

TLS & Security Enhancements

TLS 1.3 Hardening

• Default cipher suites restricted to FIPS-approved:
  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
• ChaCha20-Poly1305 removed from defaults.

Full TLS Configuration Enforcement

• All components (including Keeper) now enforce:
  • cipherSuites
  • cipherList
  • dhParamsFile
  • ecdhCurve

Protocol Control Fix

• disableProtocols tlsv1_3 now works correctly (previously ignored).

---

Authentication & Security Changes

Kerberos (Breaking Behavior Change)

• Only AES-based encryption types supported:
  • aes256-cts-hmac-sha1-96
  • aes128-cts-hmac-sha1-96
• DES / 3DES configurations are rejected.

PostgreSQL Authentication

• Hashing functions routed through AWS-LC to ensure FIPS compliance.

---

Storage & Integration Changes

Enabled Integrations

FIPS builds include full support for:

• S3
• Azure Blob Storage (via Altinity fork)
• gRPC
• Parquet
• Kafka, NATS, MySQL, MongoDB
• Cassandra, AMQP

Forked Dependencies

To ensure compatibility with AWS-LC:

• Azure SDK → Altinity/azure-sdk-for-cpp
• Kerberos → Altinity/krb5

---

Packaging & Distribution

Crash Reporting Disabled by Default

• No Sentry endpoint configured
• Even if enabled, no data is sent externally

---

FIPS Validation Tooling

New built-in subcommands for compliance validation:

• clickhouse ssl-shim — TLS conformance testing
• clickhouse ssl-handshaker — test harness peer
• clickhouse acvp-server — cryptographic validation (ACVP)

These tools support certification and auditing workflows.

---

Platform Support

• x86_64 (existing)
• ARM64 / AArch64 (newly supported)

---

Operational Improvements

• Improved TLS error handling compatibility with AWS-LC
• Fixed MongoDB TLS connectivity issues
• Cleaner and more consistent TLS configuration behavior across services

---

Build report

Full Changelog: v25.3.8.10042.altinitystable...v25.3.8.30001.altinityfips

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/#altinityfips as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server/25.3.8.30001.altinityfips

26.1.6.20001 Altinity Antalya

Altinity Antalya release 26.1.6.20001.altinityantalya (948d4e9) as compared to upstream/v26.1.6.6-stable (078d5649b090d5006135479f9ca9b6a50fb39d22)

New Features

• Add TRUNCATE TABLE support for the Iceberg database engine with REST catalog backends (#1529 by @il9ue)
• Google biglake catalog integration (ClickHouse#97104, ClickHouse#97561 by @scanhex12 via #1528)
• Introduce async prefetch and staleness for Iceberg metadata (ClickHouse#96191 by @arsenmuk via #1575)
• Parquet metadata cache and arrow library version bump (ClickHouse#98140, ClickHouse#99230 by @grantholly-clickhouse, ClickHouse#96545 by @vitlibar, ClickHouse#99231 by @azat via #1574)
• Different improvement for remote initiator (#1577 by @ianton-ru)

Performance Improvements

• Improve the performance of data lakes. In previous versions, reading from object storage didn't resize the pipeline to the number of processing threads. (ClickHouse#99548 by @alexey-milovidov via #1580)

Improvements

• Add support for EC JWT validation (ES* algorithms) (#1596 by @zvonand)
• Add role-based access to Glue catalog. Use settings aws_role_arn and, optionally, aws_role_session_name. (ClickHouse#90825 by @antonio2368 via #1427)
• Improve system.replicated_partition_exports performance and add metrics zk partition export (#1402 by @arthurpassos)
• Add setting to define filename pattern for part exports - helps with sharding (#1490 by @arthurpassos)
• Enabled experimental datalake catalogues by-default (#1504 by @Enmk)
• Fix local replicated_partition_exports table might miss entries (#1500 by @arthurpassos)
• Bump scheduled exports count only in case it has been scheduled (#1499 by @arthurpassos)
• Improved processing 'show tables' query by fetching only names of tables and improved getLightweightTablesIterator to return structure containing only table names (ClickHouse#97062 by @SmitaRKulkarni via #1552)
• Enable prewhere for iceberg (and fixes) (ClickHouse#95476 by @scanhex12, ClickHouse#98360, ClickHouse#100361 by @alexey-milovidov via #1581)
• Avoid scanning the whole remote data lake catalog for “Maybe you meant …” table hints when show_data_lake_catalogs_in_system_tables is disabled (ClickHouse#100452 by @alsugiliazova via #1583)

Bug Fixes (user-visible misbehavior in an official stable release)

• Fixes an issue when Iceberg columns with dot in names returned NULL as values (ClickHouse#94335 by @mkmkme via #1448)
• Use serialized metadata size to calculate the cache entry cell (#1484 by @arthurpassos)
• Fix race condition on IPartitionStrategy (#1517 by @arthurpassos)
• Fix timezone parameter in sorting key for Iceberg table when type of key is DateTime and setting iceberg_partition_timezone is used (#1526 by @ianton-ru)
• Fix remote initiator host name (#1551 by @ianton-ru)
• Fix export task not being killed during s3 outage (#1564 by @arthurpassos)
• Use key (parsed without URI decoding) so that percent-encoded characters in object keys are preserved. Fixes issues where there retrieving data returns a 404 when there are slashes in s3 path (#1516 by @subkanthi)
• Iceberg partitioing fix (ClickHouse#96620 by @scanhex12 via #1579)
• Export Partition - release the part lock when the query is cancelled (#1593 by @arthurpassos)
• Fix row policies silently ignored on Iceberg tables with PREWHERE enabled (#1597 by @mkmkme)

CI Fixes or Improvements

• Fixes export part/ partition tests failing under db disk integration test suites because those tests require MinIO traffict to be blocked and db disk relies on remote metadata stored in MinIO/s3 for plain merge tree tables, causing a deadlock and the suite to time out (#1478 by @arthurpassos)

And ALL Antalya features from previous releases

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/#altinityantalya as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server:26.1.6.20001.altinityantalya

Full Changelog: https://github.com/ClickHouse/ClickHouse/compare/v26.1.6.6-stable...Altinity:ClickHouse:v26.1.6.20001.altinityantalya?expand=1

25.8.16.20002 Altinity Antalya

Altinity Antalya release v25.8.16.20002.altinityantalya (c5dc696) as compared to v25.8.16.20001.altinityantalya (027f87165d1035cbd110054e534db3f0e7bb09b9)

Critical Bug Fixes

• Add setting allow_local_data_lakes, turned off by default (#1531, #1542 by @zvonand)

New Features

• DataLakeCatalog namespace filter (#1337 by @ianton-ru)

Improvements

• Add role-based access to Glue catalog. Use settings aws_role_arn and, optionally, aws_role_session_name. (ClickHouse#90825 by @antonio2368 via #1428)
• Datalakes catalogs database for distributed processing (ClickHouse#88273 by @scanhex12 via #1458)
• Setting iceberg_partition_timezone with timezone, used to create Iceberg tables partitions (#1349 by @ianton-ru)
• Add setting to define filename pattern for part exports - helps with sharding (#1512 by @arthurpassos)

Performance Improvements

• Improvement locking Iceberg iterator (#1436, #1497 by @ianton-ru)

Bug Fixes (user-visible misbehavior in an official stable release)

• Fix remote initiator host name (#1550 by @ianton-ru)
• Fix incorrect encoding special characters in S3 paths (#1537 by @ianton-ru)

CI Fix or Improvement

• fix regression parquet suite running some tests multiple times; fix red PR workflow for PRs from third party repos (#1468 by @strtgbb)
• For MergeTree tables using object storage which do not support writing with append, it will not support transactions. (ClickHouse#88490 by @tuanpach via #1475)
• Check if encrypted disks support writing with append (ClickHouse#89999 by @tuanpach via #1475)

And ALL Antalya features from previous releases

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/#altinityantalya as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server:25.8.16.20002.altinityantalya

Full Changelog: https://github.com/Altinity/ClickHouse/compare/v25.8.16.20001.altinityantalya...Altinity:ClickHouse:v25.8.16.20002.altinityantalya?expand=1

Build report: https://s3.amazonaws.com/altinity-build-artifacts/REFs/antalya-25.8/49bb3f7beb5e6e424a1e94c749478fd23a8e6196/23407769837/ci_run_report.html

25.3.8.10042 Altinity Stable

Altinity Stable release v25.3.8.10042 (01932da) as compared to 25.3.8.10041 Altinity Stable (cfe75cb0ba14d5c72cc045c534cc618d82a22665)

Critical Bug Fixes

• Add setting allow_local_data_lakes, turned off by default.

CI Fixes or Improvements

• Add branch_name to db queries used by report to fix odd report behavior and match logic in newer branches (#1142 by @strtgbb)

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/#altinitystable as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server:25.3.8.10042.altinitystable

Full Changelog: v25.3.8.10041.altinitystable...v25.3.8.10042.altinitystable

Build Report: https://s3.amazonaws.com/altinity-build-artifacts/0/01932da05aa07365d019a987640316d3a1b711e2/ci_run_report.html

24.8.14.10545 Altinity Stable

Changes compared to v24.8.14.10544.altinitystable (fd0fddb)

Backward Incompatible Changes

• ALTER MODIFY COLUMN now requires explicit DEFAULT when converting nullable columns to non-nullable types. Previously such ALTERs could get stuck with cannot convert null to not null errors, now NULLs are replaced with column's default expression. (ClickHouse#84770 by @vdimir via #1370)

Critical Bug Fixes

• Fixed crash in old analyzer if JOIN and duplicated aliases (ClickHouse#96405 by @ilejn via #1401)
• Fix nullptr dereference with disabled send_profile_events. This feature was introduced recently for the ClickHouse Python driver (ClickHouse#94466 by @alexey-milovidov via #1515)

Bug Fixes (user-visible misbehavior in an official stable release)

• Possible crash/undefined behavior in IN function where primary key column types are different from IN function right side column types (ClickHouse#89367 by @ilejn via #1146)
• Fix aggregation of sparse columns for sum and timeseries when group_by_overflow_mode is set to any (ClickHouse#95301 by @mkmkme via #1372)
• Fix aggregation of sparse columns when group_by_overflow_mode is set to any (ClickHouse#88440 by @korowa via #1389)
• Fixed a crash in SimpleSquashingChunksTransform that occurred in rare cases when processing sparse columns (ClickHouse#72226 by @vdimir via #1399)
• Reintroduce fix for a crash when ClickHouse is used in AWS ECS to connect to AWS S3 (ClickHouse#65362 by @Avogar via #1449)
• Fix skip indexes (and primary key conditions) not being applied for ALIAS columns when query plan expression merging is disabled (query_plan_merge_expressions = 0 or query_plan_enable_optimizations = 0). (ClickHouse#98960 by @fastio via #1544)

Performance Improvements

• SELECT query with FINAL clause on a ReplacingMergeTree table with the is_deleted column now executes faster because of improved parallelization (ClickHouse#88090 by @shankar-iyer via #1373)

Improvements

• Allow a user to have multiple authentication methods instead of only one. Allow authentication methods to be reset to most recently added method. (ClickHouse#65277 by @arthurpassos via #1371)

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/ as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server:24.8.14.10545.altinitystable

Full Changelog: v24.8.14.10544.altinitystable...v24.8.14.10545.altinitystable
Build Report: https://s3.amazonaws.com/altinity-build-artifacts/0/19217e5096cecbca4a02c9cce8f2bd503e4cd92c/ci_run_report.html

25.8.16.10002 Altinity Stable

Changes compared to v25.8.16.10001.altinitystable

Critical Bug Fixes

• Add setting allow_local_data_lakes. Turned off by default (#1530 by @zvonand)

Build report

Release notes

Packages

Available for both AMD64 and Aarch64 from https://builds.altinity.cloud/ as either .deb, .rpm, or .tgz

Docker images

Available for both AMD64 and Aarch64: altinity/clickhouse-server/25.8.16.10002.altinitystable