| title | toc | summary |
|---|---|---|
What's New in v19.1.6 |
true |
Additions and changes in CockroachDB version v19.1.6 since version v19.1.5 |
This page lists additions and changes in v19.1.6 since v19.1.5.
- For a comprehensive summary of features in v19.1, see the v19.1 GA release notes.
- To upgrade to v19.1, see Upgrade to CockroachDB v19.1
Get future release notes emailed to you:
{% include copy-clipboard.html %}
$ docker pull cockroachdb/cockroach-unstable:v19.1.6-
CockroachDB previously allowed non-authenticated access to privileged HTTP endpoints like
/_admin/v1/events, which operate usingrootuser permissions and can thus access (and sometimes modify) any and all data in the cluster. This security vulnerability has been patched by disallowing non-authenticated access to these endpoints and restricting access to admin users only.{{site.data.alerts.callout_info}} Users who have built monitoring automation using these HTTP endpoints must modify their automation to work using an HTTP session token for an admin user. {{site.data.alerts.end}}
-
Some Admin UI screens (e.g., Jobs) were previously incorrectly displayed using
rootuser permissions, regardless of the logged-in user's credentials. This enabled insufficiently privileged users to access privileged information. This security vulnerability has been patched by using the credentials of the logged-in user to display all Admin UI screens. -
Privileged HTTP endpoints and certain Admin UI screens require an admin user. However,
rootis disallowed from logging in via HTTP and it is not possible to create additional admin accounts without an Enterprise license. This is further discussed here and will be addressed in an upcoming patch revision.{{site.data.alerts.callout_info}} Users without an Enterprise license can create an additional admin user using a temporary evaluation license, until an alternative is available. A user created this way will persist beyond the license expiry. {{site.data.alerts.end}}
-
Some Admin UI screens currently display an error or a blank page when viewed by a non-admin user (e.g., Table Details). This is a known limitation mistakenly introduced by the changes described above. This situation is discussed further here and will be addressed in an upcoming patch revision. The list of UI pages affected includes but is not limited to:
-
Job details
-
Database details
-
Table details
-
Zone configurations
{{site.data.alerts.callout_info}} Users can access these Admin UI screens using an admin user until a fix is available. {{site.data.alerts.end}}
-
The list of HTTP endpoints affected by the first change above includes:
| HTTP Endpoint | Description | Sensitive information revealed | Special (see below) |
|---|---|---|---|
/_admin/v1/data_distribution |
Database-table-node mapping | Database and table names | |
/_admin/v1/databases/{database}/tables/{table}/stats |
Table stats histograms | Stored table data via PK values | |
/_admin/v1/drain |
API to shut down a node | Can cause DoS on cluster | |
/_admin/v1/enqueue_range |
Force range rebalancing | Can cause DoS on cluster | |
/_admin/v1/events |
Event log | Usernames, stored object names, privilege mappings | |
/_admin/v1/nontablestats |
Non-table statistics | Stored table data via PK values | |
/_admin/v1/rangelog |
Range log | Stored table data via PK values | |
/_admin/v1/settings |
Cluster settings | Organization name | |
/_status/allocator/node/{node_id} |
Rebalance simulator | Can cause DoS on cluster | yes |
/_status/allocator/range/{range_id} |
Rebalance simulatoor | Can cause DoS on cluster | yes |
/_status/certificates/{node_id} |
Node and user certificates | Credentials | |
/_status/details/{node_id} |
Node details | Internal IP addresses | |
/_status/enginestats/{node_id} |
Storage statistics | Operational details | |
/_status/files/{node_id} |
Retrieve heap and goroutine dumps | Operational details | yes |
/_status/gossip/{node_id} |
Gossip details | Internal IP addresses | yes |
/_status/hotranges |
Ranges with active requests | Stored table data via PK values | |
/_status/local_sessions |
SQL sessions | Cleartext SQL queries | yes |
/_status/logfiles/{node_id} |
List of log files | Operational details | yes |
/_status/logfiles/{node_id}/{file} |
Server logs + entries | Many: names, application data, credentials, etc. | yes |
/_status/logs/{node_id} |
Log entries | Many: names, application data, credentials, etc. | yes |
/_status/profile/{node_id} |
Profiling data | Operational details | |
/_status/raft |
Raft details | Stored table data via PK values | |
/_status/range/{range_id} |
Range details | Stored table data via PK values | |
/_status/ranges/{node_id} |
Range details | Stored table data via PK values | |
/_status/sessions |
SQL sessions | Cleartext SQL queries | yes |
/_status/span |
Statistics per key span | Whether certain table rows exist | |
/_status/stacks/{node_id} |
Stack traces | Application data, stored table data | |
/_status/stores/{node_id} |
Store details | Operational details |
{{site.data.alerts.callout_info}}
"Special" endpoints are subject to the cluster setting server.remote_debugging.mode. Unless the setting was customized, clients are only able to connect from the same machine as the node.
{{site.data.alerts.end}}
EXPLAIN (OPT,ENV)now returns a URL with the data encoded in the fragment portion. Opening the URL shows a page with the decoded data. Note that the data is processed in the local browser session and is never sent out. #41092EXPLAIN ANALYSEcan now be used as an alias toEXPLAIN ANALYZE. #41093- Mutations under
UNIONorUNION ALLare now disallowed. This restriction is temporary and will be lifted in a future release. #41496
- Certain web UI pages (like the list of databases or tables) now restrict their content to match the privileges of the logged-in user. #42727
- The event log now presents all cluster settings changes, unredacted, when an admin user uses the page. #42727
- Customization of the UI by users is now only properly saved if the user has write privilege to
system.ui(i.e., is an admin user). Also, all authenticated users share the same customizations. This is a known limitation and should be lifted in a future version. #42727 - Access to table statistics are temporarily blocked from access by non-admin users until further notice, for security reasons. #42727
- Certain debug pages have been blocked from non-admin users for security reasons. #42727
- The experimental cloud storage changefeed sink previously violated some of the changefeed invariants under rare conditions. A number of these have been fixed, but some fixes require changes to the format of the filenames output by the cloud storage changefeed. This is unsuitable for inclusion in a patch release, so users of cloud storage changefeed sinks are highly encouraged to upgrade to CockroachDB 19.2 or later. #42907
- Fixed a crash that occurs when a suboperator with a
LIKEcomparison has a NULL left-hand side. #41073 - Reduced write amplification by avoiding forcing files through compactions unnecessarily. #41301
- Fixed a rare data corruption bug in RocksDB caused by newer Linux kernel's handling of i_generation on certain file systems. #41393
- Fixed a bug causing the
cluster_logical_timestamp()function to sometimes return incorrect results. #41441 - Fixed internal errors generated during the execution of some complicated cases of correlated subqueries. #41667
- Fixed a bug causing zone configuration changes on tables with existing index zone configurations to not take effect unless the
num_replicasfield was also set. #41682 - Fixed bug causing zone configuration application on indexes to leak into configurations on partitions. #41679
- Fixed multiple bugs relating to zone configurations and
COPY FROM PARENT. Previously,COPY FROM PARENTwas ignored when using it on partitions and indexes, and when using it on a zone that had an existing value for the field that was being changed. #41699 - Fixed a bug causing rapid network disconnections to lead to cluster unavailability because goroutines waited for a connection which will never be initialized to send its first heartbeat. #42165
- Fixed an internal error in a rare case involving
UNIONand tuples insideVALUESclauses. #42266 - CockroachDB now permits planning of window functions within mutation statements, and other statements that can't be distributed. #42617
- Fixed a bug that would produce a spurious failure with the error message "incompatible COALESCE expressions" when adding or validating
MATCH FULLforeign key constraints involving composite keys with columns of differing types. #42652 - Fixed a case where we incorrectly determine that a query (or part of a query) which contains an
IS NULLconstraint on a unique index column returns at most one row, possibly ignoring aLIMIT 1clause. #42792 - It is now possible to transfer range leases to lagging replicas. #42764
ALTER INDEX IF EXISTSno longer fails when using an unqualified index name that does not match any existing index. Now it is a no-op. #42839- CockroachDB now prevents a number of panics from the SQL layer caused by an invalid range split. These would usually manifest with messages mentioning encoding errors ("found null on not null column" but also possibly various others). #42860
- Other callers to
acquireNodeLeasewill not get erroneously cancelled just because the context of the first caller was cancelled. #43028 - Fixed a bug in poller causing it to emit row updates at a timestamp less than or equal to an already forwarded resolved timestamp. #43027
- Fixed a bug in cloud storage sink file naming that violates ordering in presence of a schema changes. #43027
- Fixed a bug causing disk stalls to allow a node to continue heartbeating its liveness record and prevent other nodes from taking over its leases, despite being completely unresponsive. #41765
- CockroachDB now properly removes excess secondary log files (SQL audit logging, statement execution logging, and RocksDB events). #41034
cockroach debug zip,cockroach nodeandcockroach usernow work properly if thedefaultdbdatabase has been manually dropped and the connection URL does not specify a database. #41131
This release includes 34 merged PRs by 19 authors.