2022-03-15: 7 vulnerabulities in ClickHouse were published.
Those vulnerabilities were fixed by 2 PRs:
All releases starting from v184.108.40.206 have that problem fixed.
Also, the fix was backported to 21.3 and 21.8 branches - versions v220.127.116.11-lts and v18.104.22.168-lts accordingly have the problem fixed (and all newer releases in those branches).
The latest Altinity stable releases also contain the bugfix.
If you use some older version we recommend upgrading.
Before the upgrade - please ensure that ports 9000 and 8123 are not exposed to the internet, so external clients who can try to exploit those vulnerabilities can not access your clickhouse node.