Comments (3)
@Tu0Laj1
Thank you a lot for reporting. We have fixed this inside CrateDB with #15234.
We will release this fix asap for all current supported releases (5.2
-> 5.5
).
On CrateDB Cloud, the team took already the necessary actions to mitigate it for all existing clusters, and is working on further improvements to avoid such security risks in the future.
from crate.
We have just released CrateDB 5.2.11
, 5.3.8
, 5.4.7
and 5.5.2
which contain the related fix.
from crate.
Thank you for bringing this issue to our attention. We are currently looking into it with urgency.
As a preliminary measure, it's advisable to restrict superuser access to the PostgreSQL protocol.
- -Cauth.host_based.config.0.user=crate
- -Cauth.host_based.config.0.address=_local_
- -Cauth.host_based.config.0.method=trust
- -Cauth.host_based.config.0.protocol=pg
Additionally, it is highly recommended for CrateDB Cloud Clusters to use the IP Allow-List feature, effectively blocking access at the TCP level.
Which can be found in the Cluster > Manage Tab
from crate.
Related Issues (20)
- max_shards_per_node not behaving as documented HOT 5
- Improve SQLParseException to include query and approximate position of the error. HOT 2
- COPY FROM does not work on all files inside folder HOT 10
- Vector Store: Provide distance functions as scalar functions HOT 3
- Support for CREATE TYPE HOT 5
- Unable to copy data between tables using the syntax: `INSERT INTO test2 (SELECT * FROM test)` HOT 5
- Docker image for 5.5.4 unavailable HOT 3
- Prepared Statements Incorrectly Storing Partition Information HOT 5
- Allow non-superusers to run ALTER TABLE REROUTE commands HOT 1
- ArrayIndexOutOfBoundsException in complex query HOT 3
- Disallow setting both balance.index and balance.shard factors to 0
- Improve primary shards balancing/reduce primary shard write overhead HOT 1
- Support `GROUP BY ALL` HOT 9
- Avoid adding unreleased file in EOL branches (maybe we need a custom plugin?) HOT 2
- Support Parquet as export file format for `COPY TO` HOT 2
- Insert into column with default value doesnt work "standalone" HOT 1
- Enable more flexible killing of jobs HOT 4
- schema_rename_replacement in RESTORE SNAPSHOT not working as expected with partitioned table HOT 2
- Allow referencing grandparent fields
- GRANT on unknown objects need to be rejected HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crate.