How to find the list of security threats fixed in TiDB?

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: 如何查找tidb修复的安全威胁列表?

| username: ShawnYan

In the official TiDB documentation, there are sporadic mentions of CVEs. Where can I find a complete list of CVEs that have been fixed in TiDB?

Fixed an issue where arbitrary files could be read through data source name injection (CVE-2022-3023) #38541 @lance6716

MariaDB publishes fixed CVEs in their Release notes, for example:

How does TiDB publish this information?

| username: onlyacat | Original post link

This one?

| username: ShawnYan | Original post link

Pretty much, the information disclosure is indeed very limited and hasn’t been updated for a long time.

| username: ShawnYan | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.