November 3, 2020
A denial-of-service (DoS) vulnerability is present in CockroachDB v20.2.0 - v20.2.3 due to a bug in protobuf. This is resolved in CockroachDB v20.2.4 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.
For more information, including other affected versions, see Technical Advisory 58932.
Get future release notes emailed to you:
$ docker pull cockroachdb/cockroach-unstable:v20.2.0-rc.4
- A bug in earlier v20.2 versions caused some
REVOKEcommands on user-defined schemas to incorrectly fail with an "invalid privileges" error. This affected schemas that were created after granting privileges at the database level. This bug is now resolved.
This release includes 1 merged PR by 1 author.