[Time-Sensitive] - Technical Advisory 56116

We’ve published a new technical advisory for CockroachDB. Technical advisories report major issues with CockroachDB that may impact security or stability in production environments.

We strongly encourage you to evaluate the advisory and consider remediating immediately.

See Full Advisory

Advisory 56116: Incorrectly interpretation of the daylight-savings flag in versions of the Go runtime

Issue

All currently-released versions of the Go runtime incorrectly interpret the daylight-savings flag in “slim” versions of zoneinfo that are used by some OS distributions.

Consequences

Any clusters impacted by this issue may produce incorrect results when performing date/time calculations that involve values in timezones and time periods for which daylight savings are in effect.

Affected Clusters

Your cluster may be affected if it doesn’t fall into one of the categories below. Please follow the mitigation steps to check if your cluster is affected.

Your cluster is not affected if you’re using:

  • Official CockroachDB Docker images
  • Our reference Kubernetes configurations
  • CockroachCloud

Mitigation Steps

We strongly recommend following these remediation steps to check if your cluster is affected and address the issue. Below is an overview of remediation. Please visit the Advisory page for full instructions

  • Run a simple SQL command to check if your cluster is affected
  • Download zoneinfo.zip 2020a from the golang development tree to each CockroachDB node
  • Perform a rolling restart with some parameters in place
  • Confirm the fix by re-executing the SQL statement.

See Full Advisory