-
Notifications
You must be signed in to change notification settings - Fork 546
/
5.5.4.rst
68 lines (48 loc) · 2.05 KB
/
5.5.4.rst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
.. _version_5.5.4:
=============
Version 5.5.4
=============
Released on 2024-01-29.
.. NOTE::
If you are upgrading a cluster, you must be running CrateDB 4.0.2 or higher
before you upgrade to 5.5.4.
We recommend that you upgrade to the latest 5.4 release before moving to
5.5.4.
A rolling upgrade from 5.4.x to 5.5.4 is supported.
Before upgrading, you should `back up your data`_.
.. WARNING::
Tables that were created before CrateDB 4.x will not function with 5.x
and must be recreated before moving to 5.x.x.
You can recreate tables using ``COPY TO`` and ``COPY FROM`` or by
`inserting the data into a new table`_.
.. _back up your data: https://crate.io/docs/crate/reference/en/latest/admin/snapshots.html
.. _inserting the data into a new table: https://crate.io/docs/crate/reference/en/latest/admin/system-information.html#tables-need-to-be-recreated
.. rubric:: Table of contents
.. contents::
:local:
See the :ref:`version_5.5.0` release notes for a full list of changes in the
5.5 series.
Security Fixes
==============
- Fixed a security issue where any CrateDB user could read/import the content of
any file on the host system, the CrateDB process user has read access to, by
using the ``COPY FROM`` command with a file URI. This access is now restricted
to the ``crate`` superuser only. See
`CVE-2024-24565 <https://www.cve.org/CVERecord?id=CVE-2024-24565>`_ for more
details. (Thanks to `@Tu0Laj1 <https://github.com/Tu0Laj1>`_ for reporting
this issue)
Fixes
=====
- Fixed an issue that caused ``SELECT`` statements with ``WHERE``
clause having an equality condition on a primary key to return ``NULL`` when
selecting an object sub-column of ``ARRAY(OBJECT)`` type.
- Fixed an issue that caused failure of a statement, mixing correlated subquery
and sub-select. An example::
CREATE TABLE tbl(x INT);
INSERT INTO tbl(x) VALUES (1);
SELECT (
SELECT x FROM tbl
WHERE t.x = tbl.x
AND
tbl.x IN (SELECT generate_series from generate_series(1, 1))
) FROM tbl t;