RATATOSKRATATOSK
ログイン

Vitess

v24.0.2Storage & Data
2026年6月25日

Vitess v24.0.2 is a patch release combining two security hardening fixes (gRPC auth timing, twopcz value escaping) with a broad set of bug fixes across backup/restore, VReplication, vtgate, VTOrc, and connection pooling. No breaking API or config changes are stated.

  • securityTwo security hardening fixes: gRPC auth timing, twopcz reflected values

    Fixes for a timing side-channel in the static gRPC auth plugin's password comparison and a reflected-value escaping gap in the twopcz handler. Both apply unconditionally; upgrade to v24.0.2 if you run gRPC static auth or expose the twopcz endpoint.

主な変更 (7)

  • servenv: static gRPC auth plugin now uses constant-time password comparison, closing a timing side-channel.
  • tabletserver: twopcz handler now escapes reflected form values, closing a reflected-injection gap.
  • smartconnpool: multiple fixes covering MaxLifetime jitter, refresh worker persistence after reopen, idle reopen stalls, close deadlocks, Setting preservation, and rejecting SetCapacity on a closed pool.
  • VTOrc: fixed a deadlock between PrimaryIsReadOnly recovery and PrimarySemiSyncBlocked, plus a gauge reset for resolved errant GTIDs.
  • VReplication/vtgate: fixed a vstream StopOnReshard hang on reshard convergence, stale healthcheck updates from replaced tablets, and DECIMAL JSON leading-zero handling in binlog decoding.
  • vtgate: Filter streaming path now uses ToBoolean() for correct results, and prepared statements in OLAP/streaming mode get specialized plans.
  • Plus about six smaller fixes: mysqlctl remote shutdown timeout propagation, backup lastErr clearing, keyspaceState leak in discovery, etcd2topo lock-cleanup RPC bounding, and vttablet Stream schema clobbering.