Technical Advisories

On this page Carat arrow pointing down

Technical advisories report major issues with CockroachDB that may impact security or stability in production environments.

Users are invited to evaluate advisories and consider the recommended mitigation actions independently from their version upgrade schedule.

Advisory Summary Affected versions Date
A-88042 A RESTORE of an incremental backup may include rows that should not be restored, in a narrow set of circumstances relating to an ongoing IMPORT INTO job. v22.1.0 to v22.1.8 and v21.2.0 to v21.2.16 October 24, 2022
A-88993 A query with ORDER BY and LIMIT clauses could return incorrect results if it scanned a multi-column index containing the ORDER BY columns, and a prefix of the index columns was held fixed to two or more constant values by the query filter or schema. v22.1.0 to v22.1.8 October 17, 2022
A-88047 Querying a REGIONAL BY ROW or partitioned multi-region table could produce incorrect results if the query has a LIMIT of less than 100,000 and uses an inverted index. v22.1.0 to v22.1.7 September 29, 2022
A-84144 Multi-region tables whose locality has been altered to REGIONAL BY ROW are at risk of being corrupted v22.1.0 to v22.1.3 July 19, 2022
A-82576 Adding a column to a table which references a sequence, or creating a table with columns referencing sequences, adds an incomplete back-reference to the sequence metadata. v22.1.0 to v22.1.2 July 18, 2022
A-82079 If a CREATE MATERIALIZED VIEW statement fails, all objects referenced in its SELECT query will be unusable. v21.2.0 to v21.2.12, v22.1.0 July 18, 2022
A-81448 Secondary indexes containing columns that are not null, have a volatile default expression, and are present in one or more secondary indexes will have inconsistent values relative to the primary index, which can lead to incorrect query results. v21.1.x, v21.2.0 to v21.2.12, v22.1.0 June 28, 2022
A-81968 Left outer joins and correlated subqueries can produce incorrect results. v22.1.0 June 6, 2022
A-82309 During or after an upgrade from CockroachDB v21.2.x to v22.1.0, existing changefeeds will stop emitting data. v22.1.0-alpha.1 to v22.1.0 June 3, 2022
A-81315 Prepared SELECT queries that filter a column with a constant casted to the wrong type fail to return the expected results v21.2.0 to v21.2.10, v22.1.0-alpha.1 to v22.1.0 May 23, 2022
A-79066 Data key rotation is inadvertently disabled if the store key hasn't changed since the last node start All clusters with encryption-at-rest enabled running versions of CockroachDB v20.2.x, v21.1.0 to v21.1.18, and v21.2.0 to v21.2.9. May 2, 2022
A-79384 The optimizer has been found to create logically incorrect query plans in some cases. v21.1.0 to v21.1.17, v21.2.0 to v21.2.8, v22.1.0-alpha.1 to v22.1.0-beta.1 April 14, 2022
A-79281 Importing duplicate keys can cause violations of UNIQUE constraints v21.2.0 to v21.2.7, 22.1.0-alpha.1-22.1.0-alpha.5, v22.1.0-beta.1. April 12, 2022
A-78681 The optimizer has been found to create logically incorrect query plans in some cases. v21.1.0 to v21.1.16, v21.2.0 to v21.1.7, 22.1.0-alpha.1-22.1.0-alpha.5 April 11, 2022
A-76522 The optimizer can omit ON conditions of joins in query plans, causing incorrect results. v20.2.0 to v20.2.19, v21.1.0 to v21.1.15, v21.2.0 to v21.2.6 March 9, 2022
A-75758 Users without the appropriate permissions may cancel any other users' sessions from the DB Console v20.2.0 to v20.2.18, v21.1.0 to v21.1.13, v21.2.0 to v21.2.4 February 10, 2022
A-74736 Queries can miss rows in a primary or unique index that is being scanned, causing incorrect query results. v21.2.0 to v21.2.4 February 7, 2022
A-74385 Partial indexes can be corrupted by UPDATE statements, resulting in incorrect query results for any queries that use the partial index v21.1 and v21.2 prior to v21.1.13 and v21.2.4 January 6, 2022
CVE-2021-44228 No Cockroach Labs products or services are affected by the recent CVE-2021-44228 Apache Log4j vulnerability. None December 14, 2021
A-73629 Planning queries over partitioned tables with a DEFAULT partition in a PARTITION BY LIST clause could cause a spurious internal error v21.1 and v21.2 prior to v21.1.13 and v21.2.3 December 14, 2021
A-73024 The optimizer could plan queries that use semi-joins against multi-region REGIONAL BY ROW tables incorrectly v21.2.0 November 29, 2021
A-72839 Backups fail during upgrade process v21.2.0 November 18, 2021
A-71553 SQL statements that used secondary unique indexes that were created as a result of an ALTER PRIMARY KEY statement can return incorrect results. v20.2, v21.1 November 8, 2021
A-71655 Zigzag joins could potentially produce incorrect results v19.2, v20.1, v20.2, v21.1 November 2, 2021
A-71002 CockroachDB v21.1.9 drops WHERE predicates from prepared statements in specific circumstances v21.1.9 October 7, 2021
A-69874 CockroachDB v21.1.8 can not be downgraded v21.1.8 September 7, 2021
A-68005 sql.trace.txn.enable_threshold cluster setting causes crash loops v21.1.0 to v21.1.6 August 20, 2021
A-62842 TRUNCATE TABLE during CREATE/ALTER INDEX can cause data corruption v20.2.0 to v20.2.8 July 29, 2021
A-64325 Race condition between reads and replica removal v20.1 and later May 3, 2021
A-63162 Invalid incremental backups under certain circumstances v19.1.0 to v19.1.11, v19.2.0 to v19.2.12, v20.1.0 to v20.1.14, v20.2.0 to v20.2.7 April 30, 2021
A-58932 HTTP requests can cause full-cluster denial of service (DoS) v19.2.0 to v19.2.11, v20.1.0 to v20.1.10, v20.2.0 to v20.2.3 February 2, 2021
A-56116 Incorrect timezone calculations with "slim" zoneinfo format All October 29, 2020
A-54418 Incorrect behavior with large batch UPSERTs v20.1.4, v20.1.5 September 24, 2020
A-50587 TRUNCATE prevents table renaming v19.1.0 to v19.1.10, v19.2.0 to v19.2.8 July 6, 2020
A-48860 Data corruption/loss issue with snapshots and delete range v2.1.0 to v2.1.9, v19.1.0 to v19.1.8, v19.2.0 to v19.2.6 May 20, 2020
A-44348 Data leak in statement details v2.1.0 to v2.1.11, v19.1.0 to v19.1.7, v19.2.0 to v19.2.3 February 12, 2020
A-44299 Schema changes may cause cluster unavailability v19.1.0 to v19.1.7, v19.2.0 to v19.2.3 February 12, 2020
A-44166 SHOW JOBS and Jobs page can endanger cluster stability v19.2.0 to v19.2.2 February 12, 2020
A-43870 HTTP authentication for non-Enterprise users v2.1.10-onward, v19.1.6-onward, v19.2.2 January 22, 2020
A-42567 HTTP endpoint vulnerability v2.1.0 to v2.1.8, v19.1.0 to v19.1.5, v19.2.0 to v19.2.1 January 22, 2020
A-30821 Authentication bypass for internal RPCs v1.1.0 to v1.1.8, v2.0.0 to v2.0.4 October 1, 2018

Yes No
On this page

Yes No