Statement re: recently reported vulnerabilities in ClickHouse
- tl;dr: The latest Altinity Stable Builds Are Updated & Not Affected
About 6 months ago, multiple vulnerability issues were reported to the ClickHouse team and have since been resolved, with the report being published this week.
This story is making the news now and so we’d like to share this statement for Altinity customers and the wider community.
The ClickHouse community was aware of the vulnerabilities and acted upon them proactively and immediately.
Please see our Knowledge Base for the details: https://kb.altinity.com/upgrade/vulnerabilities/
The vulnerabilities have been fixed in ClickHouse for releases from v21.10.2.15, while the latest Altinity Stable Build releases also contain the bug fix.
We are evaluating the feasibility of porting fixes to older Altinity Stable versions that are still under support according to our published support SLA. We will publish further information on this topic.
Please note that we recommend upgrading if you’re using older versions and do check our Knowledge Base or Contact Us before upgrading if you have questions or concerns.
Altinity Stable Builds provide a secure, pre-compiled binary release of ClickHouse server and client, which are ready for production use, 100% open source and 100% compatible with ClickHouse community builds. We also offer an extended SLA for bug fixes. For more information on Altinity Stable Builds, please visit: https://altinity.com/altinity-stable/