What's New in v20.2.2

Cockroach Labs will stop providing Assistance Support for this version on May 10, 2022. Prior to that date, upgrade to a more recent version to continue receiving support. For more details, see the Release Support Policy.

November 25, 2020

This page lists additions and changes in v20.2.2 since v20.2.1.


A denial-of-service (DoS) vulnerability is present in CockroachDB v20.2.0 - v20.2.3 due to a bug in protobuf. This is resolved in CockroachDB v20.2.4 and later releases. When upgrading is not an option, users should audit their network configuration to verify that the CockroachDB HTTP port is not available to untrusted clients. We recommend blocking the HTTP port behind a firewall.

For more information, including other affected versions, see Technical Advisory 58932.


Cockroach Labs has discovered a bug relating to incremental backups, for CockroachDB v20.2.0 - v20.2.7. If a backup coincides with an in-progress index creation (backfill), RESTORE, or IMPORT, it is possible that a subsequent incremental backup will not include all of the indexed, restored or imported data.

Users are advised to upgrade to v20.2.8 or later, which includes resolutions.

For more information, including other affected versions, see Technical Advisory 63162.

Get future release notes emailed to you:


Docker image

docker pull cockroachdb/cockroach:v20.2.2

Security updates

  • CockroachDB no longer reports the use of expired or invalid web auth cookies in the log file by default. #55298
  • Updated the state validation for the OIDC login flow and replaced it with a stateless hash validation of the state parameter with the browser cookie using HMAC. #56502

General changes

  • Added metrics to track job execution for various job types. These metrics include:
Metric Description
jobs.{job_type}.currently_running Number of {job_type} jobs currently running in Resume or OnFailOrCancel state
jobs.{job_type}.fail_or_cancel_completed Number of {job_type} jobs which successfully completed their failure or cancellation process
jobs.{job_type}.fail_or_cancel_failed Number of {job_type} jobs which failed with a non-retryable error on their failure or cancellation process
jobs.{job_type}.fail_or_cancel_retry_error Number of {job_type} jobs which failed with a retryable error on their failure or cancellation process
jobs.{job_type}.resume_completed Number of {job_type} jobs which successfully resumed to completion
jobs.{job_type}.resume_failed Number of {job_type} jobs which failed with a non-retryable error
jobs.{job_type}.resume_retry_error Number of {job_type} jobs which failed with a retryable error


Enterprise edition changes

  • The insecure_tls_skip_verify query string parameter may now be set on changefeed sinks. This disables client-side validation of responses and should be avoided if possible since it creates MITM vulnerabilities unless combined with another method of authentication. #56338
  • Added metrics to track the current number of running CHANGEFEEDs and the number of failed changefeed jobs. #56456

SQL language changes

  • Updated the TransactionRetryWithProtoRefreshError to include a HINT field that links to a web page containing useful information to resolve the error. #56049
  • Parsing intervals with fractional years now produces intervals with no more precision than months, to match the behavior of Postgres. #56158
  • The pg_attribute.atttypmod column in the pg_catalog is now populated for collated string types. This also populates the value of the TypeModifier in the RowDescription message of the pgwire protocol. #55154
  • Added an option to scheduled backups to maintain a timeseries metric for last backed up timestamp. #54987
  • Added an owner column to the following statements: SHOW DATABASES, SHOW ENUMS,SHOW TABLES, and SHOW SCHEMAS. #56325
  • A maximum of 65336 quadrant segments is allowed for the ST_Buffer spatial function. This used to be unlimited. #56676
  • A maximum of 65336 points can be interpolated for repeat=true option to the ST_InterpolatePoints spatial function. #56676
  • ALTER TABLE ... SET DATA TYPE ... is no longer available for operations that involve conversion (e.g., STRING to TIMESTAMPTZ) or precision/width truncation (e.g., INT(4) -> INT(2)) due to a bug in validation. These features are already gated by the session variable enable_experimental_alter_column_type_general - setting this session variable is now a no-op. #56629
  • Previously, timestamp/timestamptz - timestamp/timestamptz operators would normalize the interval into months, days, H:M:S (in older versions, this may be just H:M:S). This can give an incorrect result:

    select '2020-01-01'::timestamptz - '2018-01-01';
      2 years 10 days
    (1 row)

    This has now been fixed to be more Postgres compatible such that it is only normalized into days/H:M:S. #56751

  • Previously, the age builtin would incorrectly normalize months and days based on 30 days a month (in older versions this may be just H:M:S). This can give an incorrect result:

    select age('2020-01-01'::timestamptz, '2018-01-01');
      2 years 10 days
    (1 row)

    This is not as accurate as it could be, since age can use the given TIMESTAMPTZ arguments to be more accurate. This has been updated to be more Postgres compatible. #56751

API endpoint changes

  • AWS_SERVER_ENC_MODE and AWS_SERVER_KMS_ID can now be specified as parameters in all S3 URIs that write to the store. This change affects both changefeeds and BACKUPs. #56132

DB Console changes

  • Fixes a bug where the "Other Execution Statistics" box in the Statement Details page would be empty in situations where the same fingerprint had been processed by multiple nodes. #56774
  • A link to the Transactions Page is now shown between the Sessions and Statements links in the left hand navigation. This more clearly reflects the hierarchy between the 3 concepts. #56652
  • Rename Active Sessions to Sessions on the Session Details page. #56652
  • The diagnostics column on the Statements Page has been changed and includes an Activate button and a dropdown list to download completed reports. Also, the diagnostics badge status is changed from WAITING FOR QUERY to WAITING. #55890
  • Fixed an issue where the Statement Details page didn't scroll on top when navigating from the Statements Page. #55433
  • Loading table-level statistics on the Databases Page now requires a button click per-database in order to prevent contention for clusters with many databases and/or tables. In addition, the loading of table data is staggered by table instead of triggered simultaneously for all tables. #55777
  • Added a new cluster setting called server.oidc_authentication.autologin which enables an automatic redirect to the OIDC login flow instead of showing a password login prompt. A query parameter can force disable this feature in the browser by appending ?oidc_auto_login=false to the login path. #56510
  • Adjusted the styles for the Session Details page. #55889
  • Transaction statistics are no longer recorded if the sql.metrics.statement_details.threshold cluster setting has been enabled. #56380
  • Fixed link colors for "Back" link on the Node Overview, Jobs, Sessions, and Statement Details pages. #55889

Performance improvements

  • Adjusted the cost model in the optimizer so that the optimizer is less likely to plan a lookup join into a virtual table. Performing a lookup join into a virtual table is expensive, so this change will generally result in better performance for queries involving joins with virtual tables. #56349

Bug fixes

  • Fixed a bug introduced in v20.2 where we failed to upgrade foreign keys that used the pre-19.2-style internal representation when validating cross-references for tables. This bug caused validation failures that made the referenced tables and metadata unavailable. The fix gets rid of the validation errors by accounting for the pre-19.2-style internal representation of foreign keys. #57083
  • Fixed a bug where CockroachDB would crash when executing a query via the vectorized engine when most of the SQL memory (determined via --max-sql-memory argument to cockroach start) had already been reserved. #55457
  • Fixed a rare bug which could lead to possible write skew in distributed queries that have both zigzag joins and table readers with the zigzag joins reading keys not read by the table readers. #55563
  • The current implementation of changefeeds is incompatible with the vectorized engine. Therefore, whenever the vectorized engine was being used to run changefeeds, the command could hang indefinitely. This bug is now fixed. On v20.2 releases this could happen if the user ran SET vectorize_row_count_threshold=0;, and on v20.1 releases it could happen if the user ran SET vectorize=on. #55753
  • Fixed a bug where CockroachDB could incorrectly evaluate the sqrdiff function when used as a window function in some cases. #55995
  • Fixed a bug where CockroachDB could incorrectly compute some aggregate functions with DISTINCT clauses when the query projected other columns/functions and the vectorized engine was used. This bug was introduced in the v20.2.0.alpha.3 release. #55872
  • Fixed a bug where CockroachDB could return incorrect results when computing the aggregate functions when some of the functions have DISTINCT clauses and some do not (the latter might not see all the necessary data). #55872
  • Fixed a bug where the JSON fetch value operator -> would evaluate incorrectly in some cases. #55447
  • Scheduled BACKUP now supports KMS encryption. #56099
  • Fixed a bug where IMPORTs of malformed Avro records could hang forever. #56094
  • Updated CockroachDB to avoid crashing when BACKUP is unable to count the total nodes in the cluster. #56050
  • Fixed a bug where an IMPORT PGDUMP with INSERTs not targeting all columns in the database would panic. #56034
  • Using the min or max aggregate functions in a prepared statement will now report the correct data type size. #55622
  • Fixed an error "top-level relational expression cannot have outer columns" that could occur in some queries that involve a WITH expression. #56084
  • Fixed an internal error that could occur during query planning when the use_spheroid parameter was used in the ST_Distance spatial function as part of a filter predicate. For example, SELECT ... WHERE ST_Distance(geog1, geog2, false) < 10 previously caused an error. #55852
  • Fixed a bug where CockroachDB previously didn't account for all the memory used by the vectorized hash aggregation which could lead to an OOM crash. #55555
  • Fixed a bug which allowed statements after a schema change to fail to observe side-effects of that change on referenced tables. #56327
  • Fixed a bug where if a cluster backup was taken during a schema change, a cluster restore of that backup would create duplicates of the ongoing schema changes. #56390
  • Fixed a bug where dumps of tables with a BIT type column would result in an error. This column type is now supported. #56391
  • Fixed a bug which would cause transactions that modified roles and then attempted to read or modify other roles to encounter blocking and stale data. #55392
  • Fixed a bug where CockroachDB did not respect disabling protected timestamp settings kv.protectedts.max_bytes and kv.protectedts.max_spans by setting them to zero values. #56453
  • Fixed a panic that could occur when running SHOW STATISTICS USING JSON for a table in which at least one of the columns contained all NULL values. #56516
  • Fixed a hypothesized bug that could have allowed a follower read to miss data on a range in the middle of being merged away into its left-hand neighbor. #55691
  • Fixed a bug introduced in an alpha where IMPORTs of tables with foreign keys can fail in rare circumstances. #56457
  • Fixed a bug which would prevent the dropping of hash sharded indexes if they were added prior to other columns. #55822
  • Fixed a bug which cause CockroachDB to crash when executing a query with an AS OF SYSTEM TIME clause that attempted to use an unspecified placeholder value on a non-prepared statement. #56780
  • Fixed an internal error when a DATE/TIMESTAMP/TIMESTAMPTZ from the year 1 BC was sent between nodes for execution. Also, fixed a bug where it was not possible to specify the DATE/TIMESTAMP/TIMESTAMPTZ of the year 1 BC without using the AD/BC notation. #56742
  • Some boolean session variables would only accept quoted string values "true" or "false". Now they accept unquoted true or false values too. #56813
  • Fixed an internal error that could occur when collecting a statement diagnostic bundle. #56784


This release includes 88 merged PRs by 26 authors.

We would like to thank the following contributors from the CockroachDB community:

  • Max Neverov (first-time contributor)
YesYes NoNo