2022-03-15: 7 vulnerabulities in ClickHouse were published.
Those vulnerabilities were fixed by 2 PRs:
All releases starting from v126.96.36.199 have that problem fixed.
Also, the fix was backported to 21.3 and 21.8 branches - versions v188.8.131.52-lts and v184.108.40.206-lts accordingly have the problem fixed (and all newer releases in those branches).
The latest Altinity stable releases also contain the bugfix.
If you use some older version we recommend upgrading.
Before the upgrade - please ensure that ports 9000 and 8123 are not exposed to the internet, so external clients who can try to exploit those vulnerabilities can not access your clickhouse node.