October 20, 2020
A denial-of-service (DoS) vulnerability is present in CockroachDB v20.2.0 - v20.2.3 due to a bug in protobuf. This is resolved in CockroachDB v20.2.4 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.
For more information, including other affected versions, see Technical Advisory 58932.
Get future release notes emailed to you:
$ docker pull cockroachdb/cockroach-unstable:v20.2.0-rc.2
- The Docker image is now based on RedHat's ubi8/ubi-minimal image (instead of ubi8/ubi). This image is smaller. #55519
- Prevented a crash in pre-release v20.2 binaries in plans that use the new virtual table lookup join feature. #55321
- CockroachDB now returns an appropriate error when attempting to partition by an
ENUMcolumn instead of crashing. #55357
- Fixed an issue where DB Console screens were not working properly when the user was logged in with a username containing uppercase or non-normalized unicode characters. #55384
- The OIDC-based UI process now respects the
LOGINrole option. #55384
- Added the
hostnamecommand to the Docker image so the image can be used with the CockroachDB Helm chart and
- Fixed a bug that caused incorrect query results on tables with partial indexes. This bug did not affect any queries involving tables without partial indexes. #55394
- Previously, observer statements (e.g.,
SHOW SYNTAX) and
PREPAREstatements would display a negative execution time on the client. This is now fixed. #55431
CREATE USERstatement without explicit
NOLOGINoption implicitly grants
LOGIN, and so requires the
CREATELOGINprivilege. This was not checked properly, and is now enforced. This bug was introduced earlier in the v20.2 development cycle. #55369
information_schema.tablesmetadata table no longer ignores tables from other schemas when searching based on table name. #55522
This release includes 11 merged PRs by 9 authors.