October 6, 2020
A denial-of-service (DoS) vulnerability is present in CockroachDB v20.2.0 - v20.2.3 due to a bug in protobuf. This is resolved in CockroachDB v20.2.4 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.
For more information, including other affected versions, see Technical Advisory 58932.
Get future release notes emailed to you:
$ docker pull cockroachdb/cockroach-unstable:v20.2.0-beta.4
SQL language changes
- The default search path for all sessions is now
$user, public(as opposed to just
public). This affects our name resolution semantics; now, if a table is present in both the
publicschema and the schema named the current user's username, an unqualified object name will be searched/placed in the user's schema. This doesn't impact the search semantics of tables in
temp_schema-- these continue to be searched before checking the
$userschema and the
- The display of statement timings in the SQL shell (
cockroach demo) has been simplified. #54765
- Previously, CockroachDB would crash when
jsonb_object_aggaggregate functions were used as window functions. Those functions were added in a v20.2 testing release, so only testing v20.2 releases were affected. This is now fixed. #54657
- Fixed a bug that could cause storage-level corruption under rare circumstances while using the Pebble storage engine. #54800
- Optimized compactions in Pebble to improve read/write performance in some write-heavy workloads. #54800
This release includes 13 merged PRs by 9 authors.