Dear MySQL users,
MySQL Server 5.0.92, a new version of the popular Open Source Database
Management System, has been released. Please note that the active
maintenance of 5.0 has ended, and these builds are only provided
because of the fixes to security bugs as described below.
The release is now available in source and binary form for a number of
platforms from our archive download page at
http://dev.mysql.com/downloads/
Mirror service for MySQL Server 5.0 has ended. Also, support for some
platforms with very low demand has ended. Please bear in mind that
MySQL 5.0 now receives extended support only, and that all active
development is happening on MySQL 5.1, 5.5, and beyond. You will find
the MySQL Lifecycle policy here:
http://www.mysql.de/about/legal/lifecycle/
For your own best interest, we strongly recommend all current users of
MySQL 5.0 to upgrade to MySQL 5.1.
We welcome and appreciate your feedback, bug reports, bug fixes,
patches etc:
http://forge.mysql.com/wiki/Contributing
This section documents all changes and bugfixes that have been applied
since the last MySQL Server release (5.0.91).
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
If you would like to receive more fine-grained and personalized update
alerts about fixes that are relevant to the version and features you
use, please consider subscribing to MySQL Enterprise (a commercial
MySQL offering). For more details please see
http://www.mysql.com/products/enterprise/advisors.html
Changes in MySQL 5.0.92 (7 February, 2011)
Thanks,
Sunanda Menon
Release Engineer, MySQL, Oracle.
MySQL Server 5.0.92, a new version of the popular Open Source Database
Management System, has been released. Please note that the active
maintenance of 5.0 has ended, and these builds are only provided
because of the fixes to security bugs as described below.
The release is now available in source and binary form for a number of
platforms from our archive download page at
http://dev.mysql.com/downloads/
Mirror service for MySQL Server 5.0 has ended. Also, support for some
platforms with very low demand has ended. Please bear in mind that
MySQL 5.0 now receives extended support only, and that all active
development is happening on MySQL 5.1, 5.5, and beyond. You will find
the MySQL Lifecycle policy here:
http://www.mysql.de/about/legal/lifecycle/
For your own best interest, we strongly recommend all current users of
MySQL 5.0 to upgrade to MySQL 5.1.
We welcome and appreciate your feedback, bug reports, bug fixes,
patches etc:
http://forge.mysql.com/wiki/Contributing
This section documents all changes and bugfixes that have been applied
since the last MySQL Server release (5.0.91).
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
If you would like to receive more fine-grained and personalized update
alerts about fixes that are relevant to the version and features you
use, please consider subscribing to MySQL Enterprise (a commercial
MySQL offering). For more details please see
http://www.mysql.com/products/enterprise/advisors.html
Changes in MySQL 5.0.92 (7 February, 2011)
Functionality added or changed: * The time zone tables available at http://dev.mysql.com/downloads/timezones.html have been updated. These tables can be used on systems such as Windows or HP-UX that do not include zoneinfo files. (Bug#40230:http://bugs.mysql.com/bug.php?id=40230) Bugs fixed: * Security Fix: During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash. (Bug#55826:http://bugs.mysql.com/bug.php?id=55826, CVE-2010-3833 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833) * Security Fix: The server could crash after materializing a derived table that required a temporary table for grouping. (Bug#55568:http://bugs.mysql.com/bug.php?id=55568, CVE-2010-3834 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834) * Security Fix: A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted. (Bug#55564:http://bugs.mysql.com/bug.php?id=55564, CVE-2010-3835 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835) * Security Fix: Joins involving a table with a unique SET column could cause a server crash. (Bug#54575:http://bugs.mysql.com/bug.php?id=54575, CVE-2010-3677 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677) * Security Fix: Pre-evaluation of LIKE predicates during view preparation could cause a server crash. (Bug#54568:http://bugs.mysql.com/bug.php?id=54568, CVE-2010-3836 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836) * Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a server crash. (Bug#54476:http://bugs.mysql.com/bug.php?id=54476, CVE-2010-3837 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837) * Security Fix: Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table. (Bug#54461:http://bugs.mysql.com/bug.php?id=54461, CVE-2010-3838 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838) * Security Fix: Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711:http://bugs.mysql.com/bug.php?id=52711, CVE-2010-3682 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682) * InnoDB Storage Engine: Creating or dropping a table with 1023 transactions active caused an assertion failure. (Bug#49238:http://bugs.mysql.com/bug.php?id=49238) * The make_binary_distribution target to make could fail on some platforms because the lines generated were too long for the shell. (Bug#54590:http://bugs.mysql.com/bug.php?id=54590) * A client could supply data in chunks to a prepared statement parameter other than of type TEXT or BLOB using the mysql_stmt_send_long_data() C API function (or COM_STMT_SEND_LONG_DATA command). This led to a crash because other data types are not valid for long data. (Bug#54041:http://bugs.mysql.com/bug.php?id=54041) * Builds of the embedded mysqld would fail due to a missing element of the struct NET. (Bug#53908:http://bugs.mysql.com/bug.php?id=53908, Bug#53912:http://bugs.mysql.com/bug.php?id=53912) * The definition of the MY_INIT macro in my_sys.h included an extraneous semicolon, which could cause compilation failure. (Bug#53906:http://bugs.mysql.com/bug.php?id=53906) * If the remote server for a FEDERATED table could not be accessed, queries for the INFORMATION_SCHEMA.TABLES table failed. (Bug#35333:http://bugs.mysql.com/bug.php?id=35333) * mysqld could fail during execution when using SSL. (Bug#34236:http://bugs.mysql.com/bug.php?id=34236) * Threads that were calculating the estimated number of records for a range scan did not respond to the KILL statement. That is, if a range join type is possible (even if not selected by the optimizer as a join type of choice and thus not shown by EXPLAIN), the query in the statistics state (shown by the SHOW PROCESSLIST) did not respond to the KILL statement. (Bug#25421:http://bugs.mysql.com/bug.php?id=25421)
Thanks,
Sunanda Menon
Release Engineer, MySQL, Oracle.