November 7, 2019
A denial-of-service (DoS) vulnerability is present in CockroachDB v19.2.0 - v19.2.11 due to a bug in protobuf. This is resolved in CockroachDB v19.2.12 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.
For more information, including other affected versions, see Technical Advisory 58932.
Get future release notes emailed to you:
$ docker pull cockroachdb/cockroach-unstable:v19.2.0-rc.4
SQL language changes
- CockroachDB now uses the zig-zag join algorithm only in cases where it can benefit performance. #42186
- Added the
sql.defaults.zigzag_join.enabledcluster setting, which can be used to control the default value of the
enable_zigzag_joinsession variable and, thus, whether zig-zag joins are allowed. #42182
- The error message generated when a transaction containing DDL is both partially committed and partially rolled back (
XXAOO) now contains a link to GitHub issue #42061 where this situation is discussed further. #42090
- CockroachDB now supports GSSAPI authentication from Postgres 11.5 and 12.0 clients. #42189
- Fixed a "cannot map variable to an indexed var" error for certain queries against partitioned tables. #42183
- Fixed "output columnTypes unset after planning" and "inconsistent post-processing" errors for certain queries involving
UNION ALL. #42184
- Fixed an "invalid indexIdx" error for certain queries involving zig-zag joins. #42182
This release includes 6 merged PRs by 3 authors.