timescaledb

v2.27.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 15d Relational Databases

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

analytics database financial-analysis iot postgresql sql

+5 more

tigerdata time-series time-series-database timescaledb tsdb

Affected surfaces

auth rbac

Summary

AI summary

Updates https://github.com/timescale/timescaledb/pull/9795, https://github.com/timescale/timescaledb/pull/9799, and https://github.com/timescale/timescaledb/pull/9800 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Bugfix
Bugfix	Medium	Delete orphaned compression_settings before migrating catalog table Delete orphaned compression_settings before migrating catalog table Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Fix job_errors view leaking failed jobs to non-owners Fix job_errors view leaking failed jobs to non-owners Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Check hypertable ownership before recompression Check hypertable ownership before recompression Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Fix information leak in policy_reorder_remove Fix information leak in policy_reorder_remove Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Adding migration scripts for composite bloom filters Adding migration scripts for composite bloom filters Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Skip columnar index scan when grouping by an expression Skip columnar index scan when grouping by an expression Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Skip ColumnarIndexScan for GROUPING SETS / ROLLUP / CUBE Skip ColumnarIndexScan for GROUPING SETS / ROLLUP / CUBE Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—

Full changelog

TimescaleDB Changelog

Please note: When updating your database, you should connect using
psql with the -X flag to prevent any .psqlrc commands from
accidentally triggering the load of a previous DB version.

This release contains performance improvements and bug fixes since the 2.27.0 release. We recommend that you upgrade at the next available opportunity.

Bugfixes

#9795 Delete orphaned compression_settings before migrating catalog table
#9799 Fix job_errors view leaking failed jobs to non-owners
#9800 Check hypertable ownership before recompression
#9801 Fix information leak in policy_reorder_remove
#9824 Adding migration scripts for composite bloom filters
#9828 Skip columnar index scan when grouping by an expression
#9830 Skip ColumnarIndexScan for GROUPING SETS / ROLLUP / CUBE

Thanks

@homanp for reporting an information leak with the job_errors view

Security Fixes

#9799 Fix `job_errors` view leaking failed jobs to non-owners — prevents unauthorized access to job failure details

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track timescaledb

Get notified when new releases ship.

About timescaledb

A time-series database for high-performance real-time analytics packaged as a Postgres extension

All releases →

Related context

Related tools

Earlier breaking changes

v2.27.0 Bloom filter sparse indexes on compressed int2 columns may miss matching rows; upgrade requires manual index dropping