What's New in v19.2.8

June 29, 2020

This page lists additions and changes in v19.2.8 since v19.2.7.

  • For a comprehensive summary of features in v19.2, see the v19.2 GA release notes.
  • To upgrade to the latest production release of CockroachDB, see this article.

A denial-of-service (DoS) vulnerability is present in CockroachDB v19.2.0 - v19.2.11 due to a bug in protobuf. This is resolved in CockroachDB v19.2.12 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.

For more information, including other affected versions, see Technical Advisory 58932.


Cockroach Labs has discovered a bug relating to incremental backups, for CockroachDB v19.2.0 - v19.2.12. If a backup coincides with an in-progress index creation (backfill), RESTORE, or IMPORT, it is possible that a subsequent incremental backup will not include all of the indexed, restored or imported data.

Users are advised to upgrade to v20.1.15 or v20.2.8 or later, which includes resolutions.

For more information, including other affected versions, see Technical Advisory 63162.

Get future release notes emailed to you:


Docker image

$ docker pull cockroachdb/cockroach-unstable:v19.2.8

Security updates

  • HTTP endpoints beginning with /debug/ now require a valid admin login session. #50489

SQL language changes

  • The pg_database table in pg_catalog no longer requires privileges on any database in order for the data to be visible. #48766

Bug fixes

  • Fixed a bug where cockroach dump on a table with collated strings would omit the collation clause for the data insertion statements. #48833
  • Manually writing a NULL value into the system.users table for the "hashedPassword" column will no longer cause a server crash during user authentication. #48837
  • Fixed a memory leak which could affect changefeeds performing scans of large tables. #49162
  • Previously, when the value passed to --drain-wait was very small, but non-zero, cockroach quit in certain cases would not proceed to perform a hard shutdown. This has been corrected. This bug was present in v19.1.9, v19.2.7, and v20.1.1. #49364
  • Previously, some benign errors were reported as unexpected internal errors by the vectorized execution engine. This is now fixed. #49535
  • Fixed a bug causing file descriptors to be leaked during GSS authentication. #49655
  • Casting to width-limited strings now works correctly for strings containing Unicode characters. #50160
  • Fixed cases in which casting a string to a width-limited string array was not truncating the string. #50169
  • Fixed a RocksDB bug that could result in inconsistencies in rare circumstances. #50498

Performance improvements

  • Improved the optimizer's estimation of the selectivity of some filters involving a disjunction (OR) of predicates over multiple columns. This results in more accurate cardinality estimation and enables the optimizer to choose better query plans in some cases. #50473

Build changes

  • Release Docker images are now built on Debian 9.12. #50481

Doc updates

  • Updated guidance on node decommissioning. #7304
  • Renamed "whitelist/blacklist" terminology to "allowlist/blocklist". #7535
  • Updated the Releases navigation in the sidebar to expose the latest Production and Testing releases. #7550
  • Fixed scrollbar visibility on Chrome. #7487


This release includes 19 merged PRs by 16 authors. We would like to thank the following contributors from the CockroachDB community:

  • Drew Kimball (first-time contributor, CockroachDB team member)
  • Jackson Owens (first-time contributor, CockroachDB team member)
  • James H. Linder (first-time contributor, CockroachDB team member)

Yes No

Yes No