February 11, 2020
This page lists additions and changes in v19.2.4 since v19.2.3.
- For a comprehensive summary of features in v19.2, see the v19.2 GA release notes.
- To upgrade to v19.2, see Upgrade to CockroachDB v19.2
A denial-of-service (DoS) vulnerability is present in CockroachDB v19.2.0 - v19.2.11 due to a bug in protobuf. This is resolved in CockroachDB v19.2.12 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.
For more information, including other affected versions, see Technical Advisory 58932.
Cockroach Labs has discovered a bug relating to incremental backups, for CockroachDB v19.2.0 - v19.2.12. If a backup coincides with an in-progress index creation (backfill), RESTORE, or IMPORT, it is possible that a subsequent incremental backup will not include all of the indexed, restored or imported data.
Users are advised to upgrade to v20.1.15 or v20.2.8 or later, which includes resolutions.
For more information, including other affected versions, see Technical Advisory 63162.
Get future release notes emailed to you:
Downloads
Docker image
$ docker pull cockroachdb/cockroach:v19.2.4
Security updates
- Previous versions of CockroachDB were incorrectly enabling non-admin SQL users to use the statements details in the Admin UI and the HTTP endpoint
/_status/statements. This information is sensitive because the endpoint does not hide data that the requester does not have privilege over. This has been corrected by requiring a SQLadminuser to access the statements details page and the HTTP endpoint. #44354
Bug fixes
- Fixed a bug where CockroachDB would return an internal error when the
substringfunction with a negative length was executed via the vectorized engine. CockroachDB now returns a regular query error on executing the function. #44629 - Fixed "no output column equivalent to.." and "column not in input" errors in some cases involving
DISTINCT ONandORDER BY. #44598 - Fixed "expected constant FD to be strict" internal error. #44604
- Fixed possibly incorrect query results in various cornercases, especially when
SELECT DISTINCTis used. #44604 - Fixed a bug where running a query with the
LIKEoperator using the customESCAPEsymbol when the pattern contained Unicode characters could result in an internal error in CockroachDB. #44648 - CockroachDB no longer repeatedly looks for non-existing jobs, which may cause high memory usage, when cleaning up schema changes. #44698
- Fixed "no indexes" internal error in some cases when we
GROUP BYon a virtual table. #44723 - Fixed invalid query results in some corner cases where part of a
WHEREclause is incorrectly discarded. #44749 - Fixed a typechecking error where
BETWEENwould sometimes allow boundary expressions of a different type. #44810 CASEoperators with an unknownWHENtype no longer return an error. #44818
Contributors
This release includes 15 merged PRs by 10 authors.
Was this helpful?
