Technical advisories report major issues with CockroachDB that may impact security or stability in production environments.
Users are invited to evaluate advisories and consider the recommended mitigation actions independently from their version upgrade schedule.
| Advisory | Summary | Affected versions | Date |
|---|---|---|---|
| A-63162 | Invalid incremental backups under certain circumstances | v19.1.0-v19.1.11, v19.2.0-v19.2.12, v20.1.0-v20.1.14, v20.2.0-v20.2.7 | April 30, 2021 |
| A-58932 | HTTP requests can cause full-cluster denial of service (DoS) | 19.2.0-19.2.11, 20.1.0-20.1.10, 20.2.0-20.2.3 | February 2, 2021 |
| A-56116 | Incorrect timezone calculations with "slim" zoneinfo format | All | October 29, 2020 |
| A-54418 | Incorrect behavior with large batch UPSERTs | 20.1.4, 20.1.5 | September 24, 2020 |
| A-50587 | TRUNCATE prevents table renaming | 19.1.0-19.1.10, 19.2.0-19.2.8 | July 6, 2020 |
| A-48860 | Data corruption/loss issue with snapshots and delete range | 2.1.0-2.1.9, 19.1.0-19.1.8, 19.2.0-19.2.6 | May 20, 2020 |
| A-44299 | Schema changes may cause cluster unavailability | 19.1.0-19.1.7, 19.2.0-19.2.3 | Feb 12, 2020 |
| A-44348 | Data leak in statement details | 2.1.0-2.1.11, 19.1.0-19.1.7, 19.2.0-19.2.3 | Feb 12, 2020 |
| A-44166 | SHOW JOBS and Jobs page can endanger cluster stability |
19.2.0-19.2.2 | Feb 12, 2020 |
| A-43870 | HTTP authentication for non-Enterprise users | 2.1.10-onward, 19.1.6-onward, 19.2.2 | Jan 22, 2020 |
| A-42567 | HTTP endpoint vulnerability | 2.1.0-2.1.8, 19.1.0-19.1.5, 19.2.0-19.2.1 | Jan 22, 2020 |
| A-30821 | Authentication bypass for internal RPCs | 1.1.0-1.1.8, 2.0.0-2.0.4 | Oct 1, 2018 |
Yes
No