Technical Advisory 10009

Date and Version

Version: 2.53.0

Date: 2024-05-28

Description

There were rare cases where Cockroachdb got blocked during runtime of ZITADEL and returned WRITE_TOO_OLD-errors to ZITADEL. The root cause of the problem is described in this github issue of the database. The workaround provided by the database is enabling the enable_durable_locking_for_serializable-flag as described here.

Because enabling flags requires admin privileges the statement must be executed manually or by executing zitadel init command.

Statement

Ensure lock distribution for FOR UPDATE-statements on Cockroachdb.

Mitigation

Cockroachdb version >= 23.2.

Impact

Adding additional raft queries to FOR UPDATE-statements can impact performance slightly but ensures availability of the system.

Date and Version​

Description​

Statement​

Mitigation​

Impact​

Date and Version

Description

Statement

Mitigation

Impact