Release Notes for v19.2.4

Hi all,

This week we released v19.2.4.

To download the release click here.

Security updates

  • Previous versions of CockroachDB were incorrectly enabling non-admin SQL users to use the statements details in the Admin UI and the HTTP endpoint /_status/statements. This information is sensitive because the endpoint does not hide data that the requester does not have privilege over. This has been corrected by requiring a SQL admin user to access the statements details page and the HTTP endpoint. #44354

Bug fixes

  • Fixed a bug where CockroachDB would return an internal error when the substring function with a negative length was executed via the vectorized engine. CockroachDB now returns a regular query error on executing the function. #44629
  • Fixed "no output column equivalent to.." and "column not in input" errors in some cases involving DISTINCT ON and ORDER BY. #44598
  • Fixed "expected constant FD to be strict" internal error. #44604
  • Fixed possibly incorrect query results in various cornercases, especially when SELECT DISTINCT is used. #44604
  • Fixed a bug where running a query with the LIKE operator using the custom ESCAPE symbol when the pattern contained Unicode characters could result in an internal error in CockroachDB. #44648
  • CockroachDB no longer repeatedly looks for non-existing jobs, which may cause high memory usage, when cleaning up schema changes. #44698
  • Fixed "no indexes" internal error in some cases when we GROUP BY on a virtual table. #44723
  • Fixed invalid query results in some corner cases where part of a WHERE clause is incorrectly discarded. #44749
  • Fixed a typechecking error where BETWEEN would sometimes allow boundary expressions of a different type. #44810
  • CASE operators with an unknown WHEN type no longer return an error. #44818

Contributors

This release includes 15 merged PRs by 10 authors.

How can I create SQL admin user?

Hi @trial,

To create a SQL admin user, please refer to the documentation here.

With an enterprise license, as the root user run:
grant admin to <sql_user>

Thanks for your fast reply, so the Admin GUI statements details function will be only working on enterprise version?

Hi @trial,
If you do not have an enterprise license, please use the workaround below instead:

As the root user, run:
insert into system.role_members (role, member, "isAdmin") VALUES ('admin', '<sql_user>', true);

This will grant <sql_user> the admin role.

Thanks @florence-crl.