Technical Advisories

Technical advisories report major issues with CockroachDB that may impact security or stability in production environments.

Users are invited to evaluate advisories and consider the recommended mitigation actions independently from their version upgrade schedule.

Advisory Summary Affected versions Date
A-74385 Partial indexes can be corrupted by UPDATE statements, resulting in incorrect query results for any queries that use the partial index 21.1 and 21.2 prior to 21.1.13 and 21.2.4 January 6, 2022
A-CVE-2021-44228 No Cockroach Labs products or services are affected by the recent CVE-2021-44228 Apache Log4j vulnerability. None December 14, 2021
A-73629 Planning queries over partitioned tables with a DEFAULT partition in a PARTITION BY LIST clause could cause a spurious internal error 21.1 and 21.2 prior to 21.1.13 and 21.2.3 December 14, 2021
A-73024 The optimizer could plan queries that use semi-joins against multi-region REGIONAL BY ROW tables incorrectly 21.2.0 November 29, 2021
A-72839 Backups fail during upgrade process 21.2.0 November 18, 2021
A-71553 SQL statements that used secondary unique indexes that were created as a result of an ALTER PRIMARY KEY statement can return incorrect results. 20.2, 21.1 November 8, 2021
A-71655 Zigzag joins could potentially produce incorrect results 19.2, 20.1, 20.2, 21.1 November 2, 2021
A-71002 CockroachDB 21.1.9 drops WHERE predicates from prepared statements in specific circumstances 21.1.9 October 7, 2021
A-69874 CockroachDB 21.1.8 can not be downgraded 21.1.8 September 7, 2021
A-68005 sql.trace.txn.enable_threshold cluster setting causes crash loops 21.1.0-21.1.6 August 20, 2021
A-62842 TRUNCATE TABLE during CREATE/ALTER INDEX can cause data corruption 20.2.0-20.2.8 July 29, 2021
A-64325 Race condition between reads and replica removal 20.1 and later May 3, 2021
A-63162 Invalid incremental backups under certain circumstances 19.1.0-19.1.11, 19.2.0-19.2.12, 20.1.0-20.1.14, 20.2.0-20.2.7 April 30, 2021
A-58932 HTTP requests can cause full-cluster denial of service (DoS) 19.2.0-19.2.11, 20.1.0-20.1.10, 20.2.0-20.2.3 February 2, 2021
A-56116 Incorrect timezone calculations with "slim" zoneinfo format All October 29, 2020
A-54418 Incorrect behavior with large batch UPSERTs 20.1.4, 20.1.5 September 24, 2020
A-50587 TRUNCATE prevents table renaming 19.1.0-19.1.10, 19.2.0-19.2.8 July 6, 2020
A-48860 Data corruption/loss issue with snapshots and delete range 2.1.0-2.1.9, 19.1.0-19.1.8, 19.2.0-19.2.6 May 20, 2020
A-44299 Schema changes may cause cluster unavailability 19.1.0-19.1.7, 19.2.0-19.2.3 Feb 12, 2020
A-44348 Data leak in statement details 2.1.0-2.1.11, 19.1.0-19.1.7, 19.2.0-19.2.3 Feb 12, 2020
A-44166 SHOW JOBS and Jobs page can endanger cluster stability 19.2.0-19.2.2 Feb 12, 2020
A-43870 HTTP authentication for non-Enterprise users 2.1.10-onward, 19.1.6-onward, 19.2.2 Jan 22, 2020
A-42567 HTTP endpoint vulnerability 2.1.0-2.1.8, 19.1.0-19.1.5, 19.2.0-19.2.1 Jan 22, 2020
A-30821 Authentication bypass for internal RPCs 1.1.0-1.1.8, 2.0.0-2.0.4 Oct 1, 2018
YesYes NoNo