This release includes 1 security fix for security teams reviewing exposed deployments.
Published 1mo
Relational Databases
✓ No known CVEs patched
This release patches 1 known CVE
Topics
bigquery
emulator
gcp
go
Affected surfaces
rce_ssrf
Summary
AI summaryReject backtick/backslash in SQL identifiers to close an injection vector.
Full changelog
Changelog
- 283a94d87cc9e77a93a4c2a6285b5fbff6d243bc Cap GoReleaser build parallelism to avoid OOM on the release runner (#466)
- 7282db96e750c0748913b16752f2b76ec698c33d Fix all open GitHub Security reports (#462)
- dafbca6c1e55eec0ad21b6f6150c8e458409fcb4 Fix list projects to return NumericId and FriendlyName (#431)
- 6d8cfcf0eebcc9741f2c513e09bc9ed1c9ba2b1f Import newest discovery document from Google (#424)
- dec85d4768a8cea910a3a94fff791993d48dfa7f Limit Dependabot to security updates and refresh dependencies (#464)
- 92f5ee7f4b9a9daf557e4770db537fcd00a7a487 Modernize the release pipeline and fix multi-arch image publishing (#465)
- d21b248b0fa5d9828cfad8f479c78fa431087249 Refresh README for the googlesqlite backend and add a feature matrix (#461)
- db5cfcc4b5b6d32e00eb188e88aed87457352003 Reject backtick/backslash in SQL identifiers to close injection vector (#463)
- 1bffdb5af5d628fc546a349527aba27dfdc634dd Setup multi-arch builds for Docker. (#401)
- cc2e43183cf68451732f853b8ba4530e2eaa44d1 Switch the SQL backend to googlesqlite and harden BigQuery compatibility (#448)
Security Fixes
- Reject backtick/backslash in SQL identifiers — closes injection vector (#463)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About BigQuery Emulator
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]