What's New in v19.2.4

Warning:
This version of CockroachDB is no longer supported. For more details, see the Release Support Policy.

February 11, 2020

This page lists additions and changes in v19.2.4 since v19.2.3.

Warning:

A denial-of-service (DoS) vulnerability is present in CockroachDB v19.2.0 - v19.2.11 due to a bug in protobuf. This is resolved in CockroachDB v19.2.12 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.

For more information, including other affected versions, see Technical Advisory 58932.

Warning:

Cockroach Labs has discovered a bug relating to incremental backups, for CockroachDB v19.2.0 - v19.2.12. If a backup coincides with an in-progress index creation (backfill), RESTORE, or IMPORT, it is possible that a subsequent incremental backup will not include all of the indexed, restored or imported data.

Users are advised to upgrade to v20.1.15 or v20.2.8 or later, which includes resolutions.

For more information, including other affected versions, see Technical Advisory 63162.

Get future release notes emailed to you:

Downloads

Docker image

icon/buttons/copy
$ docker pull cockroachdb/cockroach:v19.2.4

Security updates

  • Previous versions of CockroachDB were incorrectly enabling non-admin SQL users to use the statements details in the Admin UI and the HTTP endpoint /_status/statements. This information is sensitive because the endpoint does not hide data that the requester does not have privilege over. This has been corrected by requiring a SQL admin user to access the statements details page and the HTTP endpoint. #44354

Bug fixes

  • Fixed a bug where CockroachDB would return an internal error when the substring function with a negative length was executed via the vectorized engine. CockroachDB now returns a regular query error on executing the function. #44629
  • Fixed "no output column equivalent to.." and "column not in input" errors in some cases involving DISTINCT ON and ORDER BY. #44598
  • Fixed "expected constant FD to be strict" internal error. #44604
  • Fixed possibly incorrect query results in various cornercases, especially when SELECT DISTINCT is used. #44604
  • Fixed a bug where running a query with the LIKE operator using the custom ESCAPE symbol when the pattern contained Unicode characters could result in an internal error in CockroachDB. #44648
  • CockroachDB no longer repeatedly looks for non-existing jobs, which may cause high memory usage, when cleaning up schema changes. #44698
  • Fixed "no indexes" internal error in some cases when we GROUP BY on a virtual table. #44723
  • Fixed invalid query results in some corner cases where part of a WHERE clause is incorrectly discarded. #44749
  • Fixed a typechecking error where BETWEEN would sometimes allow boundary expressions of a different type. #44810
  • CASE operators with an unknown WHEN type no longer return an error. #44818

Contributors

This release includes 15 merged PRs by 10 authors.

YesYes NoNo