News

HQbird 2024R Update 12

IBSurgeon releases HQbird 2024R Update 12: download here.

Web Interface and Access Control

  • Implemented a privilege separation mechanism for administrator and guest access. The guest account now has updated default credentials:
    • access.guest-login = viewer
    • access.guest-password = password 4 viewer
  • Added validation and uniqueness requirement for database registration names.
  • Several error messages have been corrected.
  • Implemented a logout mechanism for web interface users (digest authentication mode).
  • Local storage cleanup is now combined with logout.
  • Added the ability to reset and set the "replica" flag in the database file (additional icons in widgets). Tested on Firebird 5 only.
  • The Windows installer now generates a versions.json file with a detailed description of what is installed and where.
  • Minor syntax fixes.

Bug Fixes

  • Backup-restore-replace task: added a check for the existence of the target directory when verifying available disk space, with automatic creation if the directory is missing.
  • Segment sending task: corrected the data source displayed in the widget; improved forced status reset (clears potential error state after a long pause between iterations or when the task is disabled).
  • Fixed false case-sensitivity when checking uniqueness of database identifiers and names.
  • Fixed display of client library version tables for Firebird 3 when rdb$config tables are absent.

Firebird Engine Updates

Bundled Firebird builds updated to: 5.0.5.1837, 4.0.8.3286, and 3.0.15.33868.

Firebird 5.0.5.1837

Key changes:

Security

  • Fixed a heap buffer overflow in the REPLACE() function (CVE/GHSA-vfr2-ff6c-7mxw).
  • Fixed vulnerability GHSA-jprr-w4f8-43q3: profiler data is now restricted to the owning user or users holding the PROFILE_ANY_ATTACHMENT privilege.
  • Prevented directory traversal during UDR module loading.
  • Added missing privilege checks for the COMMENT ON PARAMETER command on functions in packages (#8806).

Bug Fixes

  • Fixed incorrect results for DISTINCT combined with IN/EXISTS converted into a semi-join (#9063).
  • Fixed a spurious foreign key violation for [var]binary types when PK and FK indexes have opposite directions (#9059).
  • Fixed stale inline-blob content returned on same-transaction re-read after blob id reuse (#9060).
  • Fixed SIMILAR TO with wildcards combined with the OR operator (#9040).
  • Fixed client-side memory leaks during connect/disconnect cycles in fbclient (#9014).
  • Fixed integer overflow in UDF backward compatibility layer (#9025).

Other

  • The include_table_modify trace filter now takes the "Locks" and "Conflicts" counters into account.
  • Switched to Windows-2022 runner pending proper VS 2026 support.

Firebird 4.0.8.3286

  • Fixed a heap buffer overflow in the REPLACE() function (CVE/GHSA-vfr2-ff6c-7mxw).
  • Added missing privilege checks for the COMMENT ON PARAMETER command on functions in packages (#8806).
  • Fixed a spurious foreign key violation for [var]binary types when PK and FK indexes have opposite directions (#9059).
  • Fixed client-side memory leaks during connect/disconnect cycles in fbclient (#9014).
  • Fixed MAKE_DBKEY malfunction after backup/restore (#8168).

Firebird 3.0.15.33868

  • Fixed a heap buffer overflow in the REPLACE() function (CVE/GHSA-vfr2-ff6c-7mxw).
  • Added missing privilege checks for the COMMENT ON PARAMETER command on functions in packages (#8806).
  • Fixed a spurious foreign key violation for [var]binary types when PK and FK indexes have opposite directions (#9059).
  • Fixed client-side memory leaks during connect/disconnect cycles in fbclient (#9014).
  • Fixed missing OS error text in certain I/O error reporting cases.

Download

Download from https://ib-aid.com/en/download-hqbird