-----BEGIN PGP SIGNED MESSAGE-----
MySQL 4.0.6, a new version of the world's most popular Open Source
Database, has been released. It is now available in source and binary
form for a number of platforms from our download pages at
http://www.mysql.com/downloads/ and mirror sites.
This is a bugfix release for the current development tree. Please note,
that with MySQL 4.0.6 the code status has changed from "beta" to "gamma".
The MySQL developers have done this to indicate, that the MySQL 4.0 code
base has now been in beta testing for quite while and the focus is on
fixing the remaining bugs now before it will be declared as "stable".
Apart from fixing several bugs, this release also resolves multiple
security vulnerabilities that have been found and reported to us by Stefan
Esser from e-matters GmbH, Germany. You can read the full text of Stefans
We are very grateful for his help in spotting and reporting these problems
As these vulnerabilities can be exploited from a remote attacker to crash
the MySQL server or to execute arbitrary code with the privileges of the
user running the MySQL server, we strongly advise all users of MySQL 4.0
to upgrade to this version.
MySQL 3.23 is also affected by this problem and we have provided updated
packages for this version as well. We strongly encourage users of MySQL
3.23 (or older) to update to MySQL 3.23.54 soon.
>From the 4.0.6 ChangeLog:
Functionality added or changed:
* Added syntax support for `CHARACTER SET xxx' and `CHARSET=xxx'
table options (to be able to read table dumps from 4.1).
* Fixed replication bug that caused the slave to loose its position
in some cases when the replication log was rotated.
* Fixed that a slave will restart from the start of a transaction if
it's killed in the middle of one.
* Moved the manual pages from `man' to `man/man1' in the binary
* The default type returned by `IFNULL(A,B)' is now set to be the
more 'general' of the types of `A' and `B'. (The order is
`STRING', `REAL' or `INTEGER').
* Moved the `mysql.server' startup script in the RPM packages from
`/etc/rc.d/init.d/mysql' to `/etc/init.d/mysql' (which almost all
current Linux distributions support for LSB compliance).
* Added `Qcache_lowmem_prunes' status variable (number of queries
that were deleted from cache because of low memory).
* Fixed `mysqlcheck' so it can deal with table names containing
* Bulk insert optimisation (*note `bulk_insert_buffer_size': SHOW
VARIABLES.) is no longer used when inserting small (less than
100) number of rows.
* Optimisation added for queries like `SELECT ... FROM merge_table
* Added functions `LOCALTIME' and `LOCALTIMESTAMP' as synonyms for
* `CEIL' is now an alias for `CEILING'.
* The `CURRENT_USER()' function can be used to get a `user@host'
value as it was matched in the `GRANT' system. *Note
`CURRENT_USER()': Miscellaneous functions.
* Fixed `CHECK' constraints to be compatible with ANSI SQL. This made
`CHECK' a reserved word. (Checking of `CHECK' constraints is still
* Added `CAST(... as CHAR)'.
* Added PostgreSQL compatible `LIMIT' syntax: `SELECT ... LIMIT #
* `mysql_change_user()' will now reset the connection to the state
of a fresh connect (Ie, `ROLLBACK' any active transaction, close
all temporary tables, reset all user variables etc..)
* Fixed number of found rows returned in `multi table updates'
* Make `--lower-case-table-names' default on MacOSX as the file
system is case sensitive.
* Transactions in `AUTOCOMMIT=0' mode didn't rotate binary log.
* A fix for the bug in a `SELECT' with joined tables with `ORDER BY'
and `LIMIT' clause when filesort had to be used. In that case
`LIMIT' was applied to filesort of one of the tables, although it
could not be. This fix solved problems with `LEFT JOIN' too.
* `mysql_server_init()' now makes a copy of all arguments. This fixes
a problem when using the embedded server in C# program.
* Fixed buffer overrun in `libmysqlclient' library that allowed a
malicious `MySQL' server to crash the client application.
* Fixed security-related bug in `mysql_change_user()' handling. All
users are strongly recommended to upgrade to version 4.0.6.
* Fixed bug that prevented `--chroot' command-line option of
`mysqld' from working.
* Fixed bug in phrase operator `"..."' in boolean full-text search.
* Fixed bug that caused `OPTIMIZE TABLE' to corrupt the table under
some rare circumstances.
* Part rewrite of multi-table-update to optimise it, make it safer
and more bug free.
* `LOCK TABLES' now works together with multi-table-update and
* `--replicate-do=xxx' didn't work for `UPDATE' commands. (Bug
introduced in 4.0.0)
* Fixed shutdown problem on Mac OS X.
* Due to a hardware failure, we are currently unable to provide
Solaris 2.7 binaries - we apologize for any inconveniences that
may cause you. Some users reported, that the Solaris 2.8 package
worked for them on Solaris 2.7, too - so you might want to give
that a try.
* The "Max" binaries currently fail the "distinct" test of the test
suite (the new compile option "-DBIGFILE" being used for MySQL-Max
changes the way MySQL optimizes queries in files with few rows) -
this will be resolved for the next release.
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer <lenz@stripped>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
|• MySQL 4.0.6 is released||Lenz Grimmer||20 Dec|