Technical Advisories

Technical advisories report major issues with CockroachDB that may impact security or stability in production environments.

Users are invited to evaluate advisories and consider the recommended mitigation actions independently from their version upgrade schedule.

Advisory	Summary	Affected versions	Date
A-69874	CockroachDB v21.1.8 can not be downgraded	21.1.8	September 7, 2021
A-68005	sql.trace.txn.enable_threshold cluster setting causes crash loops	21.1.0-21.1.6	August 20, 2021
A-62842	TRUNCATE TABLE during CREATE/ALTER INDEX can cause data corruption	20.2.0-20.2.8	July 29, 2021
A-64325	Race condition between reads and replica removal	20.1 and later	May 3, 2021
A-63162	Invalid incremental backups under certain circumstances	v19.1.0-v19.1.11, v19.2.0-v19.2.12, v20.1.0-v20.1.14, v20.2.0-v20.2.7	April 30, 2021
A-58932	HTTP requests can cause full-cluster denial of service (DoS)	19.2.0-19.2.11, 20.1.0-20.1.10, 20.2.0-20.2.3	February 2, 2021
A-56116	Incorrect timezone calculations with "slim" zoneinfo format	All	October 29, 2020
A-54418	Incorrect behavior with large batch UPSERTs	20.1.4, 20.1.5	September 24, 2020
A-50587	TRUNCATE prevents table renaming	19.1.0-19.1.10, 19.2.0-19.2.8	July 6, 2020
A-48860	Data corruption/loss issue with snapshots and delete range	2.1.0-2.1.9, 19.1.0-19.1.8, 19.2.0-19.2.6	May 20, 2020
A-44299	Schema changes may cause cluster unavailability	19.1.0-19.1.7, 19.2.0-19.2.3	Feb 12, 2020
A-44348	Data leak in statement details	2.1.0-2.1.11, 19.1.0-19.1.7, 19.2.0-19.2.3	Feb 12, 2020
A-44166	SHOW JOBS and Jobs page can endanger cluster stability	19.2.0-19.2.2	Feb 12, 2020
A-43870	HTTP authentication for non-Enterprise users	2.1.10-onward, 19.1.6-onward, 19.2.2	Jan 22, 2020
A-42567	HTTP endpoint vulnerability	2.1.0-2.1.8, 19.1.0-19.1.5, 19.2.0-19.2.1	Jan 22, 2020
A-30821	Authentication bypass for internal RPCs	1.1.0-1.1.8, 2.0.0-2.0.4	Oct 1, 2018