Version 5.4.8¶
Released on 2024-01-29.
Note
If you are upgrading a cluster, you must be running CrateDB 4.0.2 or higher before you upgrade to 5.4.8.
We recommend that you upgrade to the latest 5.3 release before moving to 5.4.8.
A rolling upgrade from 5.3.x to 5.4.8 is supported. Before upgrading, you should back up your data.
Warning
Tables that were created before CrateDB 4.x will not function with 5.x and must be recreated before moving to 5.x.x.
You can recreate tables using COPY TO
and COPY FROM
or by
inserting the data into a new table.
Table of Contents
See the Version 5.4.0 release notes for a full list of changes in the 5.4 series.
Security Fixes¶
Fixed a security issue where any CrateDB user could read/import the content of any file on the host system, the CrateDB process user has read access to, by using the
COPY FROM
command with a file URI. This access is now restricted to thecrate
superuser only. See CVE-2024-24565 for more details. (Thanks to @Tu0Laj1 for reporting this issue)