Hi,
this is in reply to various questions that have reached us after the
recent security fix, contained in MySQL 4.1.20, 4.0.22, and 5.1.11-beta:
The problem was a possible "SQL injection" risk, if the application sent
data using some multi-byte character sets, due to an incorrect parsing
in the server of strings generated by mysql_real_escape_string().
It had been introduced in 4.1 only, it does NOT affect any earlier
version (4.0 or 3.23).
As 3.23 and 4.0 never had this security risk, there is nothing to fix in
these releases.
We are sorry if anybody got the impression we were neglecting any such
security risk in older releases.
Enjoy!
Joerg
--
Joerg Bruehe, Senior Production Engineer
MySQL AB, www.mysql.com
| Thread |
|---|
| • Clarification: MySQL 3.23 and 4.0 are NOT affected by the recentmultibyte SQL injection problem | Joerg Bruehe | 8 Jun |
