What's New in v19.2.6

This version of CockroachDB is no longer supported. For more details, see the Release Support Policy.

April 13, 2020

This page lists additions and changes in v19.2.6 since v19.2.5.


A denial-of-service (DoS) vulnerability is present in CockroachDB v19.2.0 - v19.2.11 due to a bug in protobuf. This is resolved in CockroachDB v19.2.12 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.

For more information, including other affected versions, see Technical Advisory 58932.


Cockroach Labs has discovered a bug relating to incremental backups, for CockroachDB v19.2.0 - v19.2.12. If a backup coincides with an in-progress index creation (backfill), RESTORE, or IMPORT, it is possible that a subsequent incremental backup will not include all of the indexed, restored or imported data.

Users are advised to upgrade to v20.1.15 or v20.2.8 or later, which includes resolutions.

For more information, including other affected versions, see Technical Advisory 63162.

Get future release notes emailed to you:


Docker image

$ docker pull cockroachdb/cockroach:v19.2.6

Backward-incompatible changes

  • cockroach init now waits for server readiness and thus no longer fails when a mistaken server address is provided. #46477

Security updates

  • The non-authenticated /health HTTP endpoint was previously exposing the private IP address of the node, which can be privileged information in some deployments. This has been corrected. Deployments using automation to retrieve a node build details and address details should use /_status/details/local instead and use a valid admin authentication cookie. #46477
  • All users can now view any comments on any object (bypassing other privileges), but modifying comments require write privilege on the target object. Previously, any user could modify any database/table/view/index comment via direct SQL updates to system.comments. This was unintended and a form of privilege escalation, and is now prevented. The privileges required for the COMMENT statement, pg_description, col_description(), obj_description(), and shobj_description() are operating as in PostgreSQL and are unaffected by this change. #46833

SQL language changes

  • The type checking code now prefers aggregate overloads with string inputs if there are multiple possible candidates due to arguments of unknown type. #46807
  • Added an unimplemented error when attempting to ADD CONSTRAINT with the EXCLUDE USING syntax. #46910
  • Added support for CREATE INDEX .... INCLUDE (col1, col2, ...), which is an alias that PostgreSQL uses that is analogous to CockroachDB's STORING (col1, col2, ...) syntax. #46910
  • Added support for parsing the REINDEX syntax, which results in an unimplemented error that explains that REINDEXing is not required in CockroachDB. #46910
  • CREATE INDEX CONCURRENTLY and DROP INDEX CONCURRENTLY are now parsed but return errors. #46805
  • Improved the error message for unsupported interactions between correlated subqueries and WITH clauses. #46971

Command-line changes

  • The cockroach init command now waits until the node at the provided server address is ready to accept initialization. This also waits for network readiness. This makes it easier to implement initialization scripts by removing the need for a loop. In addition, implementing such a loop is operationally unsafe and is not recommended. #46477
  • CockroachDB will now dump the stacks of all goroutines upon receiving SIGQUIT prior to terminating. This feature is intended for use while troubleshooting misbehaving nodes. #46478
  • The cockroach start and cockroach start-single-node commands no longer initiate a 1-minute hard shutdown countdown after a request to gracefully terminate. This means that graceful shutdowns are now free to take longer than one minute. It also means that deployments where a maximum shutdown time must be enforced must now use a service manager that is suitably configured to do so. #46483
  • The cockroach debug zip command now creates valid zip files even if some of its requests encounter an error. #46635

Admin UI changes

  • Metrics relating to SQL transaction restarts and rollbacks are now properly captured and exported. #46272
  • The display options are now saved separately for each authenticated user. Note: When upgrading to a version with this change, all current display customizations for admin users are lost. #46479

Bug fixes

  • Fixed a bug where pg_catalog.pg_indexes showed the wrong index definition for inverted indexes. #46564
  • Fixed a performance bug where TRUNCATE would take 2*num columns round trips. This could lead to slow truncate performance in distributed clusters. #46648
  • Fixed an internal error that could occur in the optimizer when a WHERE filter contained at least one correlated subquery and one non-correlated subquery. #46167
  • CockroachDB no longer returns an internal error in some cases when running queries with CASE, AND, or OR operators via the vectorized execution engine. #46088
  • Fixed a bug where various session variables could not be set to the values "on" or "off", only true or false. #46219
  • Accesses to /health using a non-root authentication token no longer hang when a node is currently under load, or if a system range is unavailable. #46477
  • Fixed a race in the vectorized execution engine. #46486
  • The cockroach debug zip command now properly collects heap profiles. #46482
  • The goroutine dump facility now functions properly when logging to files is disabled, e.g., via --log-dir="" or --logtostderr. #46482
  • Fixed a bug where the vectorized engine could sometimes give an incorrect result when reading from interleaved parents or children. #46495
  • Fixed an internal error that could occur when an aggregate inside the right-hand side of a LATERAL join was scoped at the level of the left-hand side. #46544
  • Fixed an error that incorrectly occurred when an aggregate was used inside the WHERE or ON clause of a subquery but was scoped at an outer level of the query. #46544
  • Added support for queries with qualified stars that refer to tables in outer scopes. #46538
  • Fixed an incorrect "no data source matches prefix" error in some cases involving subqueries that use views. #46537
  • Expressions of the form NOT(a && b) no longer fail. #46539
  • Fixed a bug where operations on an index that contained a collated string in descending order would fail.#46578
  • Fixed a bug where the vectorized engine would throw an internal error when executing a query that utilized an inverted index. #46506
  • Fixed an internal error that could happen during planning when a column with a histogram was filtered with a predicate of a different data type. #46667
  • CockroachDB no longer incorrectly accounts for some RAM usage when computing aggregate functions. #46622
  • Fixed an incorrect query result that could occur when a scalar aggregate was called with a null input. #46807
  • Benign "outbox next" errors are now only logged when log verbosity is set to 1 or greater. #46837
  • Fixed incorrect result with count(*) when grouping on constant columns. #46894
  • Customizations of the Admin UI are once again properly saved across sessions. #46479
  • Fixed a rare bug causing transactions that have performed schema changes to deadlock after they restart. #46904

Performance improvements

  • Less memory is loaded into memory for crdb_internal.jobs. #46452
  • Virtual tables that access all table descriptors now make fewer round trips. #46950


This release includes 42 merged PRs by 16 authors.

YesYes NoNo