[release-23.0] Release of v23.0.3 (#19505)

Signed-off-by: Matt Lord <mattalord@gmail.com>

Author: mattlord

.github/workflows/code_freeze.yml

@@ -11,4 +11,4 @@ jobs:
     steps:
     - name: Fail if Code Freeze is enabled
       run: |
-        exit 1
+        exit 0

changelog/23.0/23.0.3/changelog.md

@@ -0,0 +1,45 @@
+# Changelog of Vitess v23.0.3
+
+### Bug fixes 
+#### Docker
+ * [release-23.0] docker: install mysql-shell from Oracle repo and fix shellcheck warnings (#19456) [#19464](https://github.com/vitessio/vitess/pull/19464) 
+#### Online DDL
+ * [release-23.0] vreplication: fix infinite retry loop when terminal error message contains binary data (#19423) [#19438](https://github.com/vitessio/vitess/pull/19438) 
+#### VDiff
+ * [release-23.0] Address a few VDiff concerns (#19413) [#19448](https://github.com/vitessio/vitess/pull/19448) 
+#### VReplication
+ * [release-23.0] Bug fix: Add missing db_name filters to vreplication and vdiff queries #19378 [#19429](https://github.com/vitessio/vitess/pull/19429)
+ * [release-23.0] Normalize the --on-ddl param for MoveTables (#19445) [#19452](https://github.com/vitessio/vitess/pull/19452) 
+#### VTGate
+ * [release-23.0] vtgate: Add bounds check in `visitUnion` for mismatched column counts (#19476) [#19483](https://github.com/vitessio/vitess/pull/19483) 
+#### VTOrc
+ * [release-23.0] vtorc: Add a timeout to `DemotePrimary` RPC (#19432) [#19450](https://github.com/vitessio/vitess/pull/19450) 
+#### schema management
+ * [release-23.0] sidecardb: make ALTER TABLE algorithm version-aware (#19358) [#19404](https://github.com/vitessio/vitess/pull/19404)
+### CI/Build 
+#### Build/CI
+ * Backport to v23: Support Go 1.26 and later with Swiss maps always enabled (#19088) [#19367](https://github.com/vitessio/vitess/pull/19367)
+ * [release-23.0] try to fix setup mysql (#19371) [#19376](https://github.com/vitessio/vitess/pull/19376)
+ * [release-23.0] CI: Fix workflows that install xtrabackup (#19383) [#19385](https://github.com/vitessio/vitess/pull/19385)
+### Compatibility Bug 
+#### Query Serving
+ * [release-23.0] fix streaming binary row corruption in prepared statements (#19381) [#19415](https://github.com/vitessio/vitess/pull/19415)
+### Release 
+#### Documentation
+ * Add summary for 23.0.3 patch release [#19503](https://github.com/vitessio/vitess/pull/19503) 
+#### General
+ * [release-23.0] Code Freeze for `v23.0.3` [#19504](https://github.com/vitessio/vitess/pull/19504)
+### Security 
+#### Backup and Restore
+ * [release-23.0] Restore: make loading compressor commands from `MANIFEST` opt-in (#19460) [#19474](https://github.com/vitessio/vitess/pull/19474)
+ * [release-23.0] `backupengine`: disallow path traversals via backup `MANIFEST` on restore (#19470) [#19478](https://github.com/vitessio/vitess/pull/19478)
+ * [release-23.0] `mysqlshellbackupengine`: use `fileutil.SafePathJoin(...)` to build path (#19484) [#19491](https://github.com/vitessio/vitess/pull/19491) 
+#### VTTablet
+ * [release-23.0] `filebackupstorage`: use `fileutil.SafePathJoin` for all path building (#19479) [#19481](https://github.com/vitessio/vitess/pull/19481)
+ * [release-23.0] `vttablet`: harden `ExecuteHook` RPC and backup engine flag inputs (#19486) [#19501](https://github.com/vitessio/vitess/pull/19501)
+### Testing 
+#### Build/CI
+ * [release-23.0] CI: Deflake Code Coverage workflow (#19388) [#19394](https://github.com/vitessio/vitess/pull/19394)
+ * [release-23.0] CI: Deflake two flaky tests (#19364) [#19412](https://github.com/vitessio/vitess/pull/19412)
+ * [release-23.0] CI: Use larger runners for vreplication workflows (#19433) [#19435](https://github.com/vitessio/vitess/pull/19435)
+

changelog/23.0/23.0.3/release_notes.md

@@ -0,0 +1,37 @@
+# Release of Vitess v23.0.3
+
+## Summary
+
+This is a security focused release. It contains fixes for two recently reported CVEs along with a number of other security related fixes.
+
+### External Decompressor No Longer Read from Backup MANIFEST by Default
+
+This is a fix for the following security advisory and associated CVE
+
+- Advisory: <https://github.com/vitessio/vitess/security/advisories/GHSA-8g8j-r87h-p36x>
+- CVE: <https://www.cve.org/CVERecord?id=CVE-2026-27965>
+
+The external decompressor command stored in a backup's `MANIFEST` file is no longer used at restore time by default. Previously, when no `--external-decompressor` flag was provided, VTTablet would fall back to the command specified in the `MANIFEST`. This posed a security risk: an attacker with write access to backup storage could modify the `MANIFEST` to execute arbitrary commands on the tablet.
+
+*Please note that this is a breaking change.* Starting in v23.0.3, the `MANIFEST`-based decompressor is ignored unless you explicitly opt in with the new `--external-decompressor-use-manifest` flag. If you rely on this behavior, add the flag to your VTTablet configuration, but be aware of the security implications.
+
+See [#19460](https://github.com/vitessio/vitess/pull/19460) for details.
+
+### Prevent Path Traversals Via Backup MANIFEST Files On restore
+
+This is a fix for the following security advisory and associated CVE
+
+- Advisory: <https://github.com/vitessio/vitess/security/advisories/GHSA-r492-hjgh-c9gw>
+- CVE: <https://www.cve.org/CVERecord?id=CVE-2026-27969>
+
+We now prevent a common [Path Traversal attack](https://owasp.org/www-community/attacks/Path_Traversal) that someone with write access to backup storage could use to escape the target restore directory and write files to arbitrary filesystem paths via modifications to the `MANIFEST`.
+
+See [#19470](https://github.com/vitessio/vitess/pull/19470) for details.
+
+------------
+The entire changelog for this release can be found [here](https://github.com/vitessio/vitess/blob/main/changelog/23.0/23.0.3/changelog.md).
+
+The release includes 22 merged Pull Requests.
+
+Thanks to all our contributors: @app/vitess-bot, @bcremer, @mattlord
+

changelog/23.0/README.md

@@ -1,4 +1,8 @@
 ## v23.0
+* **[23.0.3](23.0.3)**
+	* [Changelog](23.0.3/changelog.md)
+	* [Release Notes](23.0.3/release_notes.md)
+
 * **[23.0.2](23.0.2)**
 	* [Changelog](23.0.2/changelog.md)
 	* [Release Notes](23.0.2/release_notes.md)

examples/compose/docker-compose.beginners.yml

@@ -58,7 +58,7 @@ services:
       - "3306"
 
   vtctld:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
       - "15000:$WEB_PORT"
       - "$GRPC_PORT"
@@ -84,7 +84,7 @@ services:
         condition: service_healthy
 
   vtgate:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
       - "15099:$WEB_PORT"
       - "$GRPC_PORT"
@@ -115,7 +115,7 @@ services:
         condition: service_healthy
 
   schemaload:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     command:
     - sh
     - -c
@@ -148,12 +148,12 @@ services:
     environment:
       - KEYSPACES=$KEYSPACE
       - GRPC_PORT=15999
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     volumes:
       - .:/script
 
   vttablet100:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
       - "15100:$WEB_PORT"
       - "$GRPC_PORT"
@@ -185,7 +185,7 @@ services:
       retries: 15
 
   vttablet101:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
       - "15101:$WEB_PORT"
       - "$GRPC_PORT"
@@ -217,7 +217,7 @@ services:
       retries: 15
 
   vttablet102:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
       - "15102:$WEB_PORT"
       - "$GRPC_PORT"
@@ -249,7 +249,7 @@ services:
       retries: 15
 
   vttablet103:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
       - "15103:$WEB_PORT"
       - "$GRPC_PORT"
@@ -281,7 +281,7 @@ services:
       retries: 15
 
   vtorc:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     command: ["sh", "-c", "/script/vtorc-up.sh"]
     depends_on:
       - vtctld
@@ -311,7 +311,7 @@ services:
       retries: 15
 
   vreplication:
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     volumes:
       - ".:/script"
     environment:

examples/compose/docker-compose.yml

@@ -75,7 +75,7 @@ services:
     - SCHEMA_FILES=lookup_keyspace_schema_file.sql
     - POST_LOAD_FILE=
     - EXTERNAL_DB=0
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     volumes:
     - .:/script
   schemaload_test_keyspace:
@@ -101,7 +101,7 @@ services:
     - SCHEMA_FILES=test_keyspace_schema_file.sql
     - POST_LOAD_FILE=
     - EXTERNAL_DB=0
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     volumes:
     - .:/script
   set_keyspace_durability_policy:
@@ -115,7 +115,7 @@ services:
     environment:
       - KEYSPACES=test_keyspace lookup_keyspace
       - GRPC_PORT=15999
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     volumes:
       - .:/script
   vreplication:
@@ -129,7 +129,7 @@ services:
     - TOPOLOGY_FLAGS=--topo-implementation consul --topo-global-server-address consul1:8500
       --topo-global-root vitess/global
     - EXTERNAL_DB=0
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     volumes:
     - .:/script
   vtctld:
@@ -143,7 +143,7 @@ services:
     depends_on:
       external_db_host:
         condition: service_healthy
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 15000:8080
     - "15999"
@@ -160,7 +160,7 @@ services:
       --normalize-queries=true '
     depends_on:
     - vtctld
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 15099:8080
     - "15999"
@@ -182,7 +182,7 @@ services:
     - EXTERNAL_DB=0
     - DB_USER=
     - DB_PASS=
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 13000:8080
     volumes:
@@ -217,7 +217,7 @@ services:
       - CMD-SHELL
       - curl -s --fail --show-error localhost:8080/debug/health
       timeout: 10s
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 15101:8080
     - "15999"
@@ -254,7 +254,7 @@ services:
       - CMD-SHELL
       - curl -s --fail --show-error localhost:8080/debug/health
       timeout: 10s
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 15102:8080
     - "15999"
@@ -291,7 +291,7 @@ services:
       - CMD-SHELL
       - curl -s --fail --show-error localhost:8080/debug/health
       timeout: 10s
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 15201:8080
     - "15999"
@@ -328,7 +328,7 @@ services:
       - CMD-SHELL
       - curl -s --fail --show-error localhost:8080/debug/health
       timeout: 10s
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 15202:8080
     - "15999"
@@ -365,7 +365,7 @@ services:
       - CMD-SHELL
       - curl -s --fail --show-error localhost:8080/debug/health
       timeout: 10s
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 15301:8080
     - "15999"
@@ -402,7 +402,7 @@ services:
       - CMD-SHELL
       - curl -s --fail --show-error localhost:8080/debug/health
       timeout: 10s
-    image: vitess/lite:v23.0.2
+    image: vitess/lite:v23.0.3
     ports:
     - 15302:8080
     - "15999"