DuckDBThe R client for DuckDB 1.1.0 is out on CRAN. Run install.packages("duckdb") to upgrade.
Zeki Çatav 🤔 ☕ 🕯️🎶@catavz The latest stable version is 1.1.1, but it can take a few days to get it through the publication process. As an in-process database, DuckDB is less prone to vulnerabilities than client-server databases. That is not to say that they never occur (see the operations manual for DuckDB at https://duckdb.org/docs/operations_manual/securing_duckdb/overview) but we did not receive any CVE reports for v1.1.0.
Securing DuckDB
DuckDB is quite powerful, which can be problematic, especially if untrusted SQL queries are run, e.g., from public-facing user inputs. This page lists some options to restrict the potential fallout from malicious SQL queries. The approach to securing DuckDB varies depending on your use case, environment, and potential attack models. Therefore, consider the security-related configuration options carefully, especially when working with confidential data sets. If you plan to embed DuckDB in your application, please consult the “Embedding DuckDB” page. Reporting Vulnerabilities If you discover a potential vulnerability, please report it confidentially via GitHub. Disabling File Access DuckDB can list directories…