HQbird: Advanced FirebirdSQL for Big Databases

HQbird 2024R Update 12

IBSurgeon releases HQbird 2024R Update 12: download here.

Web Interface and Access Control

• Implemented a privilege separation mechanism for administrator and guest access. The guest account now has updated default credentials:
  • access.guest-login = viewer
  • access.guest-password = password 4 viewer
• Added validation and uniqueness requirement for database registration names.
• Several error messages have been corrected.
• Implemented a logout mechanism for web interface users (digest authentication mode).
• Local storage cleanup is now combined with logout.
• Added the ability to reset and set the "replica" flag in the database file (additional icons in widgets). Tested on Firebird 5 only.
• The Windows installer now generates a versions.json file with a detailed description of what is installed and where.
• Minor syntax fixes.

Bug Fixes

• Backup-restore-replace task: added a check for the existence of the target directory when verifying available disk space, with automatic creation if the directory is missing.
• Segment sending task: corrected the data source displayed in the widget; improved forced status reset (clears potential error state after a long pause between iterations or when the task is disabled).
• Fixed false case-sensitivity when checking uniqueness of database identifiers and names.
• Fixed display of client library version tables for Firebird 3 when rdb$config tables are absent.

Firebird Engine Updates

Bundled Firebird builds updated to: 5.0.5.1837, 4.0.8.3286, and 3.0.15.33868.

Firebird 5.0.5.1837

Key changes:

Security

• Fixed a heap buffer overflow in the REPLACE() function (CVE/GHSA-vfr2-ff6c-7mxw).
• Fixed vulnerability GHSA-jprr-w4f8-43q3: profiler data is now restricted to the owning user or users holding the PROFILE_ANY_ATTACHMENT privilege.
• Prevented directory traversal during UDR module loading.
• Added missing privilege checks for the COMMENT ON PARAMETER command on functions in packages (#8806).

Bug Fixes

• Fixed incorrect results for DISTINCT combined with IN/EXISTS converted into a semi-join (#9063).
• Fixed a spurious foreign key violation for [var]binary types when PK and FK indexes have opposite directions (#9059).
• Fixed stale inline-blob content returned on same-transaction re-read after blob id reuse (#9060).
• Fixed SIMILAR TO with wildcards combined with the OR operator (#9040).
• Fixed client-side memory leaks during connect/disconnect cycles in fbclient (#9014).
• Fixed integer overflow in UDF backward compatibility layer (#9025).

Other

• The include_table_modify trace filter now takes the "Locks" and "Conflicts" counters into account.
• Switched to Windows-2022 runner pending proper VS 2026 support.

Firebird 4.0.8.3286

• Fixed a heap buffer overflow in the REPLACE() function (CVE/GHSA-vfr2-ff6c-7mxw).
• Added missing privilege checks for the COMMENT ON PARAMETER command on functions in packages (#8806).
• Fixed a spurious foreign key violation for [var]binary types when PK and FK indexes have opposite directions (#9059).
• Fixed client-side memory leaks during connect/disconnect cycles in fbclient (#9014).
• Fixed MAKE_DBKEY malfunction after backup/restore (#8168).

Firebird 3.0.15.33868

• Fixed a heap buffer overflow in the REPLACE() function (CVE/GHSA-vfr2-ff6c-7mxw).
• Added missing privilege checks for the COMMENT ON PARAMETER command on functions in packages (#8806).
• Fixed a spurious foreign key violation for [var]binary types when PK and FK indexes have opposite directions (#9059).
• Fixed client-side memory leaks during connect/disconnect cycles in fbclient (#9014).
• Fixed missing OS error text in certain I/O error reporting cases.

Download