List:Announcements« Previous MessageNext Message »
From:Joerg Bruehe Date:June 8 2006 10:02am
Subject:Clarification: MySQL 3.23 and 4.0 are NOT affected by the recent
multibyte SQL injection problem
View as plain text  
Hi,


this is in reply to various questions that have reached us after the 
recent security fix, contained in MySQL 4.1.20, 4.0.22, and 5.1.11-beta:


The problem was a possible "SQL injection" risk, if the application sent 
data using some multi-byte character sets, due to an incorrect parsing 
in the server of strings generated by mysql_real_escape_string().

It had been introduced in 4.1 only, it does NOT affect any earlier 
version (4.0 or 3.23).

As 3.23 and 4.0 never had this security risk, there is nothing to fix in 
these releases.


We are sorry if anybody got the impression we were neglecting any such 
security risk in older releases.


Enjoy!
Joerg

-- 
Joerg Bruehe, Senior Production Engineer
MySQL AB, www.mysql.com

Thread
Clarification: MySQL 3.23 and 4.0 are NOT affected by the recentmultibyte SQL injection problemJoerg Bruehe8 Jun