Headline
CVE-2022-31011: Release tidb-server v5.3.1 · pingcap/tidb
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.
Compatibility changes
- Change the default value of the system variable tidb_analyze_version from 2 to 1 #31748
- Since v5.1.4, if TiKV is configured with storage.enable-ttl = true, the requests from TiDB are rejected, because the TTL feature of TiKV only supports the RawKV mode #27303
Feature enhancements
- Support partition pruning for the built-in IN expression in Range partition tables #26739
- Improve the accuracy of tracking memory usage when IndexJoin is executed #28650
Bug fixes
- Fix a memory leak bug that occurs when the system variable tidb_analyze_version is set to 2 #32499
- Fix the issue that the MaxDays and MaxBackups configurations do not take effect for the slow log #25716
- Fix the issue that executing the INSERT … SELECT … ON DUPLICATE KEY UPDATE statement gets panic #28078
- Fix the wrong result that might occur when performing JOIN on ENUM type columns #27831
- Fix the issue that INDEX HASH JOIN returns the send on closed channel error #31129
- Fix the issue that using the BatchCommands API might block sending TiDB requests to TiKV in some rare cases #32500
- Fix the issue of potential data index inconsistency in optimistic transaction mode #30410
- Fix the issue that window functions might return different results when using a transaction or not #29947
- Fix the issue that the length information is wrong when casting Decimal to String #29417
- Fix the issue that the GREATEST function returns incorrect result that occurs when setting the tidb_enable_vectorized_expression vectorized expression to off #29434
- Fix the issue that the optimizer might cache invalid plans for join in some cases #28087
- Fix wrong results of the microsecond and hour functions in vectorized expressions #29244 #28643
- Fix the TiDB panic when executing the ALTER TABLE… ADD INDEX statement in some cases #27687
- Fix a bug that the availability detection of MPP node does not work in some corner cases #3118
- Fix the DATA RACE issue when assigning MPP task ID #27952
- Fix the INDEX OUT OF RANGE error for a MPP query after deleting an empty dual table #28250
- Fix the issue of false positive error log invalid cop task execution summaries length for MPP queries #1791
Related news
### Impact Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. ### Patches Please upgrade to TiDB 5.3.1 or higher version ### Workarounds You can also mitigate risks by taking the following measures. Option 1: Turn off SEM (Security Enhanced Mode). Option 2: Disable local login for non-root accounts and ensure that the same IP cannot be logged in as root or normal user at the same time. ### References https://en.pingcap.com/download/ ### For more information If you have any questions or comments about this advisory: * Email us at [email protected]