Biblioteca

HQbird2024R Update 11 Detailed What is New
HQbird 2024 R2 — Update 11 Release NotesRelease focus: Security patches for Firebird 2.5, new encryption plugin capabilities, FBDataGuard improvements, and general stability fixes.
Table of ContentsSecurity Alerts

	Firebird 2.5 — Critical Vulnerabilities Fixed
Firebird 3.0 / 4.0 / 5.0 — Use Latest Versions

	
Firebird 5 — Important Bug Fix
Encryption Plugin Improvements
Silent Mode Installation (Windows)
HQbird FBDataGuard Changes
	Improvements
Access Rights Separation
Bug Fixes

	
Security AlertsFirebird 2.5 — Critical Vulnerabilities Fixed⚠️ Action required for all Firebird 2.5 users.
Firebird 2.5 vanilla reached end-of-life in 2019 and no longer receives upstream security updates. IBSurgeon supports changes for corporate users of Firebird 2.5 in HQbird. This release of HQbird Firebird 2.5 backports fixes for several serious vulnerabilities recently discovered and already patched in Firebird 3.0, 4.0, and 5.0.

	
			CVE
			Status in HQbird 2.5
		

	
			CVE-2026-28212
			✅ Fixed in HQbird Firebird 2.5.27192
		

			CVE-2025-54989
			✅ Fixed in HQbird Firebird 2.5.27192
		

			CVE-2026-33337
			✅ Fixed in HQbird Firebird 2.5.27192
		

			CVE-2026-35215
			✅ Fixed in HQbird Firebird 2.5.27192
		

			CVE-2025-65104
			ℹ️ Not applicable (client-only issue: fbclient.dll connecting to Firebird 4+)
		

			CVE-2026-40342
			ℹ️ Not applicable — does not exist in Firebird 2.5
		

Recommendation: Upgrade all existing Firebird 2.5 installations to the latest HQbird Firebird 2.5 immediately.
Do not hesitate to contact us to discuss special conditions for old HQbird users and corporate users with large park of 2.5 installations: [email protected].
Firebird 3.0 / 4.0 / 5.0 — Use Latest VersionsThe vulnerabilities listed above also affect Firebird 3.0, 4.0, and 5.0. They have been addressed in the following upstream vanilla releases:
Firebird 3.0.14
Firebird 4.0.7
Firebird 5.0.4
For HQbird users, the recommended versions included in this release (2024 R2 Update 11) are:

	
			Firebird Version
			Recommended HQbird Build
		

	
			5.0
			5.0.5.xxx
		

			4.0
			4.0.8.xxx
		

			3.0
			3.0.15.xxx
		

Firebird 5 — Important Bug FixThe QA team identified a significant, long-standing bug affecting the optimization of complex queries with many LEFT JOIN clauses. This has been fixed in the Firebird 5 build included in this HQbird release.
🔗 View the fix on GitHub
Encryption Plugin ImprovementsKeyHolderStdin support added for Firebird 4.
This capability was previously available only in Firebird 5 (Firebird 3 uses a different mechanism). With this update, Firebird 4 users can now pass encryption passwords via stdin, enabling secure use of command-line tools without saving passwords to disk:
Tools covered: gfix, gbak, nbackup
No longer necessary to use KeyHolder.conf password storage, even during development and debugging
InstallationVanilla HQbird users: An updated installation script (downloads and installs the encryption plugin on Windows) is available at: 🔗 FirebirdEncryptionPluginInstall on GitHub
HQbird licensed users: Included directly in the HQbird installer.
Silent Mode Installation (Windows)Several improvements have been made to the Windows silent installation process to provide a more flexible and configurable installation experience.
HQbird FBDataGuard ChangesImprovementsReinitialization defaults: Adjusted default additional parameters for reinitialization.
Replication configuration generation:
	Removed all configuration keys with empty values.
Removed elements irrelevant to the node's role (parameters that were retained in settings after switching master/replica roles, or after version upgrades from 2/3 → 4/5).

	
Database connections: Enforced UTF-8 encoding (restores previously existing behavior).
Jaybird: Upgraded to version 5.12.
Connection strings: Fixed generation when working with a custom list of authorization plugins.
Database registration: Added a uniqueness check and a requirement for the registration name entered for databases.
Access Rights SeparationA new access rights separation mechanism has been implemented for admin and guest users.
Default Guest Credentials (changed)
	
			Setting
			Value
		

	
			access.guest-login
			viewer
		

			access.guest-password
			password4viewer
		

Guest User RestrictionsThe guest user is now restricted from:
Running on-demand tasks (shows an "Access denied" dialog)
Performing reinitialization
Managing trace sessions, speed tests, and password changes
Additional NotesPasswords can only be changed by manually editing \HQBirdData\config\access.properties.
If access.guest-password is left empty, login via the guest account is blocked entirely.
Uniqueness of admin and guest usernames is not validated.
Bug FixesFixed several issues in error handling for insufficient filesystem permissions.
Added additional logging and error notifications in the VSS request handler.
Adjusted default configurations to match the new default passwords for file transfer tasks (port: 8722 / user: socketuser / strong password).
Fixed an occasional false-critical notification for databases in the state "all tasks temporarily disabled".
HQbird is developed and maintained by IBSurgeon. For support and documentation, visit ibsurgeon.com.
       
Setting	Value
`access.guest-login`	`viewer`
`access.guest-password`	`password4viewer`
CVE	Status in HQbird 2.5
CVE-2026-28212	✅ Fixed in HQbird Firebird 2.5.27192
CVE-2025-54989	✅ Fixed in HQbird Firebird 2.5.27192
CVE-2026-33337	✅ Fixed in HQbird Firebird 2.5.27192
CVE-2026-35215	✅ Fixed in HQbird Firebird 2.5.27192
CVE-2025-65104	ℹ️ Not applicable (client-only issue: `fbclient.dll` connecting to Firebird 4+)
CVE-2026-40342	ℹ️ Not applicable — does not exist in Firebird 2.5