List:Announcements« Previous MessageNext Message »
From:Joerg Bruehe Date:June 8 2006 8:41am
Subject:MySQL 5.1.11-beta has been released
View as plain text  
Hi,


MySQL 5.1.11-beta, a new version of the popular Open Source Database
Management System, has been released. The Community Edition is now
available in source and binary form for a number of platforms from our
download pages at
       http://dev.mysql.com/downloads/    and mirror sites.

Note that not all mirror sites may be up to date at this point in time -
if you can't find this version on some mirror, please try again later or
choose another download site.
There were some problems with the primary mirror sites when we sent the 
packages to get distributed, it seems that in Asia just the mirror 
servers in Taiwan have them available, and none in the Middle East.

This is a new Beta development release, fixing recently discovered
bugs.

This section documents all changes and bug fixes that have been
applied since the last official MySQL release. If you would like
to receive more fine-grained and personalized update alerts about
fixes that are relevant to the version and features you use,
please consider subscribing to MySQL Network (a commercial MySQL
offering). For more details please see
http://www.mysql.com/network/advisors.html.

Functionality added or changed:
   * Incompatible change: The Event Scheduler can now be in one of
     three states (on, off, or the new suspended state). In
     addition, due to the fact that SET GLOBAL event_scheduler; now
     acts in a synchronous rather than asynchronous manner, the
     Event Scheduler thread can be no longer be activated or
     deactivated at run time.
     (Bug#17619: http://bugs.mysql.com/17619)
     For more information regarding these changes, see Section
     22.1, "Event Scheduler Overview."
   * Previously, to build MySQL from source with SSL support
     enabled, you would invoke configure with either the
     --with-openssl or --with-yassl option. Those options both have
     been replaced by the --with-ssl option. By default, --with-ssl
     causes the bundled yaSSL library to be used. To select OpenSSL
     instead, give the option as --with-ssl=path, where path is the
     directory where the OpenSSL header files and libraries are
     located.
   * Added the --ssl-verify-server-cert option to MySQL client
     programs. This option causes the server's Common Name value in
     its certificate to be verified against the hostname used when
     connecting to the server, and the connection is rejected if
     there is a mismatch. Added MYSQL_OPT_SSL_VERIFY_SERVER_CERT
     option for the mysql_options() C API function to enable this
     verification. This feature can be used to prevent
     man-in-the-middle attacks. Verification is disabled by
     default. (Bug#17208: http://bugs.mysql.com/17208)
   * Added the ssl_ca, ssl_capath, ssl_cert, ssl_cipher, and
     ssl_key system variables, which display the values given via
     the corresponding command options. See Section 5.9.7.3, "SSL
     Command Options." (Bug#19606: http://bugs.mysql.com/19606)
   * NDB Cluster: The limit of 2048 ordered indexes per cluster has
     been lifted. There is now no upper limit on the number of
     ordered indexes (including AUTO_INCREMENT columns) that may be
     used. (Bug#14509: http://bugs.mysql.com/14509)
   * Added the log_queries_not_using_indexes system variable.
     (Bug#19616: http://bugs.mysql.com/19616)
   * Added the --angel-pid-file option to mysqlmanager for
     specifying the file in which the angel process records its
     process ID when mysqlmanager runs in daemon mode.
     (Bug#14106: http://bugs.mysql.com/14106)
   * To prevent inadvertant loss of data, ALTER TABLE can no longer
     be used to change the storage engine of a table to MERGE or
     BLACKHOLE. (Bug#10952: http://bugs.mysql.com/10952)
   * The ENABLE KEYS and DISABLE KEYS clauses for the ALTER TABLE
     statement are now supported for partitioned tables.
     (Bug#19502: http://bugs.mysql.com/19502)
   * It is now possible to use NEW.var_name values within triggers
     as INOUT parameters to stored procedures.
     (Bug#14635: http://bugs.mysql.com/14635)

Bugs fixed:
   * Security fix: An SQL-injection security hole has been found in
     multi-byte encoding processing. The bug was in the server,
     incorrectly parsing the string escaped with the
     mysql_real_escape_string() C API function.
     (Bug#8378: http://bugs.mysql.com/8378)
     This vulnerability was discovered and reported by Josh Berkus
     <josh@stripped> and Tom Lane <tgl@stripped> as part
     of the inter-project security collaboration of the OSDB
     consortium. For more information about SQL injection, please
     see the text at the end of this announcement.
   * File size specifications for InnoDB data files were case
     sensitive. (Bug#19609: http://bugs.mysql.com/19609)
   * InnoDB did not increment the handler_read_prev counter.
     (Bug#19542: http://bugs.mysql.com/19542)
   * A CREATE TABLE statement that created a table from a
     materialized view did not inherit default values from the
     underlying table. (Bug#19089: http://bugs.mysql.com/19089)
   * NDB Cluster: mysqld processes did not always detect cluster
     shutdown, leading to issues with CLuster replication and
     schema distribution. (Bug#19395: http://bugs.mysql.com/19395)
   * NDB Cluster: SELECT MIN(unique_column) from a Cluster table
     with user-defined partitioning crashed the server.
     (Bug#18730: http://bugs.mysql.com/18730)
   * If there is a global read lock, CREATE DATABASE, RENAME
     DATABASE, and DROP DATABASE could deadlock.
     (Bug#19815: http://bugs.mysql.com/19815)
   * Premature optimization of nested subqueries in the FROM clause
     that refer to aggregate functions could lead to incorrect
     results. (Bug#19077: http://bugs.mysql.com/19077)
   * For dates with 4-digit year parts less than 200, an implicit
     conversion to add a century was applied for date arithmetic
     performed with DATE_ADD(), DATE_SUB(), + INTERVAL, and -
     INTERVAL. (For example, DATE_ADD('0050-01-01 00:00:00',
     INTERVAL 0 SECOND) became '2050-01-01 00:00:00'.) Now these
     operations return NULL rather than an incorrect non-NULL
     value. (Bug#18997: http://bugs.mysql.com/18997)
   * BLOB or TEXT arguments to or values returned from stored
     functions were not copied properly if too long and could
     become garbled. (Bug#18587: http://bugs.mysql.com/18587)
   * Simultaneous scheduled events whose actions conflicted with
     one another could crash the server.
     (Bug#16428: http://bugs.mysql.com/16428)
   * In was not possible to invoke a stored routine containing
     dynamic SQL from a scheduled event.
     (Bug#19264: http://bugs.mysql.com/19264)
   * NDB Cluster: Running ALL START in the NDB management client or
     restarting multiple nodes simultaneously could under some
     circumstances cause the cluster to crash.
     (Bug#19930: http://bugs.mysql.com/19930)
   * The result from CONV() is a string, but was not always treated
     the same way as a string when converted to a real value for an
     arithmetic operation. (Bug#13975: http://bugs.mysql.com/13975)
   * CREATE TABLE ... SELECT ... statements that used a stored
     function explicitly or implicitly (through a view) resulted in
     a Table not locked error.
     (Bug#12472: http://bugs.mysql.com/12472,
     Bug#15137: http://bugs.mysql.com/15137)
   * Within a trigger, SET used the SQL mode of the invoking
     statement, not the mode in effect at trigger creation time.
     (Bug#6951: http://bugs.mysql.com/6951)
   * The server no longer uses a signal handler for signal 0
     because it could cause a crash on some platforms.
     (Bug#15869: http://bugs.mysql.com/15869)
   * The embedded server crashed with row-based replication
     enabled. (Bug#18518: http://bugs.mysql.com/18518)
   * Display better error message for ALTER TABLE operations that
     will result in duplicate keys due to AUTO_INCREMENT
     resequencing. (Bug#14573: http://bugs.mysql.com/14573)
   * The Data_free column in the output of SHOW TABLE STATUS always
     displayed 0 for partitioned tables.
     (Bug#19501: http://bugs.mysql.com/19501)
   * Adding an index to a table created using partitioning by KEY
     and the MEMORY storage engine caused the server to crash.
     (Bug#19140: http://bugs.mysql.com/19140)
   * When creating a table using CREATE TABLE ... PARTITION BY ...
     SELECT ..., the partitioning clause was ignored.
     (Bug#19062: http://bugs.mysql.com/19062)
   * ALTER TABLE ENGINE=... failed when used to change a MySQL
     Cluster table having no explicit primary key to use a
     different storage engine.
     (Bug#19010: http://bugs.mysql.com/19010)
     Note: As a consequence of this fix, SHOW CREATE TABLE no
     longer displays auto-partitioning informaiton for NDBCluster
     tables.
   * NDB Cluster (NDBAPI): On big-endian platforms,
     NdbOperation::write_attr() did not update 32-bit fields
     correctly. (Bug#19537: http://bugs.mysql.com/19537)
   * NDB Cluster: Using "stale" mysqld .FRM files could cause a
     newly-restored cluster to fail. This situation could arise
     when restarting a MySQL Cluster using the --intial option
     while leaving connected mysqld processes running.
     (Bug#16875: http://bugs.mysql.com/16875)
   * NDB Cluster (Replication): Memory was not freed after some
     ALTER TABLE operations, which could cause mysqld processes to
     crash. (Bug#19885: http://bugs.mysql.com/19885)
   * NDB Cluster (NDBAPI): The Ndb::dropEventOperation() method
     failed to clean up all objects used, which could cause memory
     leaks to occur. (Bug#17610: http://bugs.mysql.com/17610)
   * NDB Cluster: Data node failures could cause excessive CPU
     usage by ndb_mgmd. (Bug#13987: http://bugs.mysql.com/13987)
   * NDB Cluster: TRUNCATE failed on tables having BLOB or TEXT
     columns with the error Lock wait timeout exceeded. This
     affected both in-memory and Disk Data tables.
     (Bug#19201: http://bugs.mysql.com/19201)
   * Revised memory allocation for local objects within stored
     functions and triggers to avoid memory leak for repeated
     function or trigger invocation.
     (Bug#17260: http://bugs.mysql.com/17260)
   * EXPLAIN ... SELECT INTO caused the client to hang.
     (Bug#15463: http://bugs.mysql.com/15463)
   * Symlinking .mysql_history to /dev/null to suppress statement
     history saving by mysql did not work. (mysql deleted the
     symlink and recreated .mysql_history as a regular file, and
     then wrote history to it.)
     (Bug#16803: http://bugs.mysql.com/16803)
   * The basedir and tmpdir system variables could not be accessed
     via @@var_name syntax. (Bug#1039: http://bugs.mysql.com/1039)
   * Corrected several problems with the treatment of the
     --log-error option by mysqld_safe. These problems were
     manifest as differences from mysqld in error log handling.
        + If a filename was given for --log-error, mysqld_safe
          ignored it and did not pass it to mysqld, which then
          wrote error information to stderr and resulted in
          incorrect log rotation when FLUSH LOGS was used.
        + mysql_safe now adds .err to the end of the filename if no
          extension is present (the same as mysqld).
        + mysqld_safe treated a relative pathname as relative to
          its own current working directory. Now it treats a
          relative pathname as relative to the data directory (the
          same as mysqld).
     In addition, some argument quoting problems were corrected.
     (Bug#6061: http://bugs.mysql.com/6061)
   * Returning the value of a system variable from a stored
     function caused a server crash.
     (Bug#18037: http://bugs.mysql.com/18037)
   * Use of uninitialized user variables in a subquery in the FROM
     clause resulted in bad entries in the binary log.
     (Bug#19136: http://bugs.mysql.com/19136)
   * IS_USED_LOCK() could return an incorrect connection
     identifier. (Bug#16501: http://bugs.mysql.com/16501)
   * Concurrent reading and writing of privilege structures could
     crash the server. (Bug#16372: http://bugs.mysql.com/16372)


Enjoy!
Joerg


Additional information on "SQL injection":

Discussion: An SQL-injection security hole has been found in
     multi-byte encoding processing. An SQL-injection security hole
     can include a situation whereby when a user supplied data to
     be inserted into a database, the user might inject SQL
     statements into the data that the server will execute. With
     regards to this vulnerability, when character set
     unaware-escaping is used (for example, addslashes() in PHP),
     it is possible to bypass the escaping in some multi-byte
     character sets (for example, SJIS, BIG5 and GBK). As a result,
     a function such as addslashes() is not able to prevent
     SQL-injection attacks. It is impossible to fix this on the
     server side. The best solution is for applications to use
     character set-aware escaping offered by a function such
     mysql_real_escape_string().
     However, a bug was detected in how the MySQL server parses the
     output of mysql_real_escape_string(). As a result, even when
     the character set-aware function mysql_real_escape_string()
     was used, SQL injection was possible. This bug has been fixed.

Workarounds: If you are unable to upgrade MySQL to a version
     that includes the fix for the bug in
     mysql_real_escape_string() parsing, but run MySQL 5.0.1 or
     higher, you can use the NO_BACKSLASH_ESCAPES SQL mode as a
     workaround. (This mode was introduced in MySQL 5.0.1.)
     NO_BACKSLASH_ESCAPES enables an SQL standard compatibility
     mode, where backslash is not considered a special character.
     The result will be that queries will fail.
     To set this mode for the current connection, enter the
     following SQL statement:
        SET sql_mode='NO_BACKSLASH_ESCAPES';
     You can also set the mode globally for all clients:
        SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';
     This SQL mode also can be enabled automatically when the
     server starts by using the command-line option
     --sql-mode=NO_BACKSLASH_ESCAPES or by setting
     sql-mode=NO_BACKSLASH_ESCAPES in the server option file (for
     example, my.cnf or my.ini, depending on your system).


-- 
Joerg Bruehe, Senior Production Engineer
MySQL AB, www.mysql.com

Thread
MySQL 5.1.11-beta has been releasedJoerg Bruehe8 Jun