blog-banner

CockroachDB 25.3: PCI and HIPAA readiness on Azure, a new Kubernetes operator, improved Oracle migrations

David-Bressler

David Bressler

Samanee-Mahbub

Samanee Mahbub

Last edited on August 12, 2025

0 minute read

    Cockroach Labs has announced the launch of CockroachDB 25.3.

    Cockroach Labs 25.3 launch BLOG

    Enterprises today expect a lot of their OLTP database, including:

    • Uninterrupted Business Operations

    • Kubernetes for Automation and Reliability 

    • Risk Reduction and Data Protection

    • Operational Efficiency and Agility

    • Regulatory and Audit Readiness

    • Customer Satisfaction and Trust

    • Scalability and Future-Proofing

    It’s a crucial combination for rapid growth and long-term success.

    That’s why even better performance, smoother migrations, and heightened compliance are central to CockroachDB 25.3.

    Launched on August 12, 25.3 builds on the distributed SQL database built for business-critical resilience. CockroachDB continues to push the limits of scalability, improving Oracle migrations with many new enhancements for both self-hosted and cloud offerings.

    Top-level updates:

    Performance –  A high-performing database provides a better user experience. With value separation (in public preview) CockroachDB has dramatically improved throughput and scalability, especially for write-heavy workloads.

    New Kubernetes operator – The new Kubernetes Operator for CockroachDB simplifies and automates the deployment, scaling, and management of CockroachDB in cloud native environments. It addresses common operational challenges for database management, by ensuring high availability, resilience, and seamless upgrades with minimal manual intervention. This enables platform teams to operate CockroachDB with greater confidence and lower operational overhead. 

    MOLT Fetch for Oracle – Database migration can be a risky process: Common challenges faced during database migration include maintaining data integrity, assuring predictable application performance, and minimizing downtime. MOLT Fetch dramatically shortens and de-risks your database migration effort when migrating to CockroachDB from Oracle.  It offers the best solution for CockroachDB migrations, providing superior fault tolerance, speed, and ease of use compared to third-party tools.

    Let’s drill down into highlight features of CockroachDB 25.3:

    1. Enhanced securityCopy Icon

    Automated LDAP/AD User ProvisioningCopy Icon

    CockroachDB now even more deeply integrates LDAP authentication and authorization. This provides enterprises with several benefits:

    Seamless Security:

    • Strong database security is critical, enhancing business continuity and trust. CockroachDB 25.3 leverages Lightweight Directory Access Protocol/Active Directory, or LDAP/AD as the source of truth for authentication and authorization. User credentials and access controls are managed consistently and securely within a customer’s existing security infrastructure.

    Simplified User Management:

    • Enterprises often face database security management challenges as they scale. Centralized user management through LDAP/AD reduces administrative overhead by allowing IT teams to manage users and their permissions in a single system. 

    This efficient integration seamlessly incorporates CockroachDB into the existing IT ecosystem, so database access always aligns with established security protocols and policies.

    Improved Compliance:

    • Continuous compliance management is a must in enterprise data architectures. LDAP/AD for authentication and authorization in CockroachDB 25.3 helps you adhere to internal policies via a unified and auditable approach to access management. 

    2. HIPAA Readiness and PCI Compliance on Microsoft Azure for CockroachDB Cloud Advanced ClustersCopy Icon

    Enterprises have significant responsibilities for HIPAA readiness and PCI compliance. With enhancements to both CMEK for Azure and Perimeter Egress Control for Azure, CockroachDB is HIPAA-ready on Microsoft Azure.

    3. Egress Private Endpoints for Advanced Tier on CockroachDB CloudCopy Icon

    Private connectivity can enhance both scalability and fault tolerance for service integrations. In addition, many industry compliance certifications and regulatory requirements either strongly encourage or require private connectivity for integrations, rather than relying on public internet. 

    Egress Private Endpoints, available as limited access, let CockroachDB Cloud customers securely connect to external services like Kafka or webhooks without using the public internet. This new self-service feature improves security, simplifies compliance, and speeds up production readiness by enabling private, outbound connections over AWS PrivateLink or GCP Private Service Connect.

    4. Restore APICopy Icon

    Monitoring and auditing automated database restores is a key role of IT teams. Automating the restore flow is crucial for enterprises that require high reliability, short recovery times, and auditable processes. This allows you to scale and adapt your database operations securely. 

    Released into limited access, CockroachDB 25.3’s Restore API makes it easy for users to automate a restore flow in their application or service. 

    5. PCR on CockroachDB CloudCopy Icon

    Mission-critical workloads in finance, healthcare, government, and e-commerce operate in stringent environments. They have demanding compliance or regulatory requirements for data availability and disaster recovery – they require uninterrupted transaction flows, with minimal performance impact after failover. 

    Available as limited access, Physical Cluster Replication (PCR) enables customers to leverage an active-passive cluster setup, with one “active” primary cluster which receives application traffic replicating physical bytes to the “passive” standby cluster. The standby cluster is then a transactionally consistent copy of the primary cluster, allowing the user to cut over to the standby with minimal RPO (~30s) and downtime (order of minutes depending on cluster size).

    Vital to enterpriseCopy Icon

    Taken together, 25.3 further elevates CockroachDB into a strategic asset for data architects. It drives resilient, secure, compliant and elite-performance operations, so enterprises can scale quickly with confidence. 

    There are many more improvements in this release: Visit us at What’s New to go deeper. 

    Try CockroachDB NowCopy Icon

    We’re currently offering $400 in free credits for new CockroachDB Cloud organizations. These credits allow you to easily get started with CockroachDB. For example, you can try deploying multi-region Standard clusters with up to 12 vCPUs for 10 days, or with up to 4 vCPUs for the full 30 days. You can learn more about the terms here.

    Get started on CockroachDB Cloud today.

    You can also get a free 30-day trial of CockroachDB Enterprise on self-hosted environments. Get access to our full suite of enterprise features without having to go through sales or an initial financial commitment.

    Get started CockroachDB self-hosted today.

    David Bressler is Staff Product Marketer for Cockroach Labs.

    Samanee Mahbub is Senior Product Marketing Manager for Cockroach Labs.

    Keep reading

    View all posts
    [IMAGE] Retail campaign blog #1

    For high availability & low latency: Architect a globally distributed eCommerce system

    eCommerce is a broad domain, but at a basic level it encompasses any business that primarily buys or sells goods or services over the internet. This includes all sorts of companies from classic retailers and marketplaces, to food delivery and online travel. In this space, customer expectations are extremely high. They want a personalized experience, fast access/answers, and have zero tolerance for downtime. Not only do businesses have to accommodate a demanding customer, but they also have to figure out how to serve a geographically dispersed user base.

    Cockroach Labs Performance Under Adversity BLOG

    Ideal Isn't Real, But Improvement Is: CockroachDB's Resilience Enhanced in 25.2

    Real-world database resilience is not about surviving under ideal conditions – it's about thriving when adversity strikes.

    crl-stake-case-study-hero

    The limitations of PostgreSQL in financial services

    PostgreSQL has almost 40 years of active development under its belt making it one of the most powerful and reliable relational database management systems (RDBMS). Even today it’s the fourth most popular database in the world, backed by a global community of dedicated supporters. It’s a good fit for business critical workloads because PostgreSQL delivers a highly stable foundation and is ACID compliant. This is also why it’s often used in financial services and for use cases that handle money.