<b>6.0.0.1959</b>
GitHub Action 2026.05.19 21:18:03 <span class="t_gh_bot">increment build number</span>
-------------------------------------------------
Closest previous non-bot:
<b>6.0.0.1958</b>
ChudaykinAlex 2026.05.19 11:09:56
Merge commit from fork
* Fix heap buffer overflow in REPLACE() (CVE/GHSA-vfr2-ff6c-7mxw)
evlReplace() allocated a buffer capped at MAX_STR_SIZE (65535 bytes) but
the memcpy writing each replacement string had no bounds check, allowing
an authenticated user to overflow the heap by up to ~30 KB with a single
SQL query and crash the server.
Add two guards matching the pattern used by OVERLAY and LPAD/RPAD:
- pre-check: reject worst-case result size exceeding MAX_STR_SIZE before
buffer allocation
- runtime check: verify remaining buffer space before each memcpy in the
replacement loop
* Drop over-conservative pre-check, add static_cast to bounds check

Changed paths:
  M src/jrd/SysFunction.cpp