Reporting bugs in CockroachDB

I found a bug in CockroachDB! What should I do?

If you believe your finding is security-related: please head to this page and follow instructions.

If you can reproduce the problem reliably, and can explain us how to do this, please file an issue directly on GitHub: https://github.com/cockroachdb/cockroach/issues/new/choose . Be sure to include:

  • Exact version number + environment details.

  • What you did exactly.

  • What you expected, and how that’s different from what you saw.

  • The other details requested in the issue template.

Otherwise, come and talk about your finding on the Community Slack, so we can decide together what to do about it.

What reward do I get for reporting bugs in CockroachDB?

For security reports, refer to our security disclosure policy.

For other reports:

  • GitHub will automatically mention your issue in your own GitHub profile. This way, you can brag about filing an accepted issue in the CockroachDB repository.

  • We will try to acknowledge you in the PR description that fixes the bug, if/when we fix it directly as a result of your report. (We might not acknowledge you if the issue was already known for a long time, or if we came to it ourselves due to another project.)

  • If you also send a PR containing a fix, that adheres to our PR guidelines, and we accept it, you will be acknowledged in the next CockroachDB release notes.

Generally, Cockroach Labs does not provide monetary or in-kind rewards ('bounties') for reporting issues. Exceptions are extremely rare and limited to issues with an extremely high impact on Cockroach Labs' business.