OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jonas Eriksson (jeSEKURE.NET)
Date: Tue Mar 27 2001 - 13:45:18 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ---------- Forwarded message ----------
    Date: Tue, 27 Mar 2001 19:31:26 +0300 (EEST)
    From: Michael Widenius <montymysql.com>
    To: announcelists.mysql.com, mysqllists.mysql.com
    Subject: MySQL 3.23.36 is relased

    Hi!

    This release should fix the final bugs we accidently got into 3.23.34
    and a long security bug that has been in MySQL a long time!

    The main fixed bugs are that UPDATE didn't always use keys when
    updating on something not based on a primary key and that 'affected
    rows' wasn't returned to the client if the mysqld server wasn't
    compiled with support for transactions.

    Somehow the above bugs slipped through our ever growing test-suit :(

    The security bug was that where one could do bad things by using
    database names that starts with '..'. Now we don't anymore accept
    database names that contains ','.

    As noted in the manual: To be reasonable safe from security bugs, one
    should never run the mysqld server as root!

    We mainly recommend people running 3.23.34 or above to upgrade to this
    version. 3.23.33 should be good enough for most usage (except if you
    want to test out BDB or Innobase).

    The other things fixed are only many minor things.

    We have in this release also done a couple of minor changes to make
    it possible to include the Gemini table handler without affecting any
    of the main MySQL code. This is just to make it possible for
    people to soon start play with Gemini without having to start
    using the 4.0 repository.

    Changes in release 3.23.36
    --------------------------

       * Fixed that one can't use database names with `.'. This fixes a
         serious security issue when `mysqld' is run as root.

       * Fixed bug when thread creation failed (could happen when doing a
         LOT of connections in a short time).

       * Don't free the key cache on `FLUSH TABLES' as this will cause
         problems with temporary tables.

       * Fixed problem in Innobase with with other character sets than
         latin1 and another problem when using many columns.

       * Fixed a core-dump bug when using very complex query involving
         `DISTINCT' and summary functions.

       * Added `SET TRANSACTION ISOLATION LEVEL ...'

       * Added `SELECT ... FOR UPDATE'.

       * Fixed bug where affected rows where not returned when `MySQL' was
         compiled without transaction support.

       * Fixed a bug in `UPDATE' where keys weren't always used to find the
         rows to be updated.

       * Fixed a bug in `CONCAT_WS()' where it returned wrong results.

       * Changed `CREATE ... INSERT' and `INSERT ... SELECT' to not allow
         concurrent inserts as this could make the binary log hard to
         repeat. (Concurrent inserts are enabled if you are not using the
         binary or update log).

       * Changed some macros to be able to use fast mutex with glibc 2.2.

    As always; Please don't mail us if you can't find the release on the
    download page right away; It will take a short time until our mirrors
    are up to date!

    Regards,
    Monty

    ---------------------------------------------------------------------
    To request this thread, e-mail announce-thread91lists.mysql.com
    To unsubscribe, e-mail the address shown in the
    List-Unsubscribe header of this message.
    For additional commands, e-mail: announce-helplists.mysql.com