Version 5.5.4

Released on 2024-01-29.

Note

If you are upgrading a cluster, you must be running CrateDB 4.0.2 or higher before you upgrade to 5.5.4.

We recommend that you upgrade to the latest 5.4 release before moving to 5.5.4.

A rolling upgrade from 5.4.x to 5.5.4 is supported.

Before upgrading, you should back up your data.

Warning

Tables that were created before CrateDB 4.x will not function with 5.x and must be recreated before moving to 5.x.x.

You can recreate tables using COPY TO and COPY FROM or by inserting the data into a new table.

Table of contents

See the Version 5.5.0 release notes for a full list of changes in the 5.5 series.

Security Fixes

  • Fixed a security issue where any CrateDB user could read/import the content of any file on the host system, the CrateDB process user has read access to, by using the COPY FROM command with a file URI. This access is now restricted to the crate superuser only. See CVE-2024-24565 for more details. (Thanks to @Tu0Laj1 for reporting this issue)

Fixes

  • Fixed an issue that caused SELECT statements with WHERE clause having an equality condition on a primary key to return NULL when selecting an object sub-column of ARRAY(OBJECT) type.

  • Fixed an issue that caused failure of a statement, mixing correlated subquery and sub-select. An example:

    CREATE TABLE tbl(x INT);
    INSERT INTO tbl(x) VALUES (1);
    SELECT (
       SELECT x FROM tbl
          WHERE t.x = tbl.x
        AND
          tbl.x IN (SELECT generate_series from generate_series(1, 1))
    ) FROM tbl t;