Functionality added or changed:
Important Change: Incompatible Change:
The FEDERATED
storage engine is now disabled
by default in the .cnf
files shipped with
MySQL distributions (my-huge.cnf
,
my-medium.cnf
, and so forth). This affects
server behavior only if you install one of these files.
(Bug#37069)
Bugs fixed:
Important Change: Security Fix:
It was possible to circumvent privileges through the creation of
MyISAM
tables employing the DATA
DIRECTORY
and INDEX DIRECTORY
options to overwrite existing table files in the MySQL data
directory. Use of the MySQL data directory in DATA
DIRECTORY
and INDEX DIRECTORY
path
name is now disallowed.
Additional fixes were made in MySQL 5.0.70.
See also Bug#39277.
Security Fix: Three vulnerabilities in yaSSL versions 1.7.5 and earlier were discovered that could lead to a server crash or execution of unauthorized code. The exploit requires a server with yaSSL enabled and TCP/IP connections enabled, but does not require valid MySQL account credentials. The exploit does not apply to OpenSSL.
The proof-of-concept exploit is freely available on the Internet. Everyone with a vulnerable MySQL configuration is advised to upgrade immediately.
Security Fix:
Using RENAME TABLE
against a
table with explicit DATA DIRECTORY
and
INDEX DIRECTORY
options can be used to
overwrite system table information by replacing the symbolic
link points. the file to which the symlink points.
MySQL will now return an error when the file to which the symlink points already exists. (Bug#32111, CVE-2007-5969)
Security Fix:
ALTER VIEW
retained the original
DEFINER
value, even when altered by another
user, which could allow that user to gain the access rights of
the view. Now ALTER VIEW
is
allowed only to the original definer or users with the
SUPER
privilege.
(Bug#29908)
Security Fix:
When using a FEDERATED
table, the local
server could be forced to crash if the remote server returned a
result with fewer columns than expected.
(Bug#29801)
Incompatible Change:
It was possible to use FRAC_SECOND
as a
synonym for MICROSECOND
with
DATE_ADD()
,
DATE_SUB()
, and
INTERVAL
; now, using
FRAC_SECOND
with anything other than
TIMESTAMPADD()
or
TIMESTAMPDIFF()
produces a syntax
error.
It is now possible (and preferable) to use
MICROSECOND
with
TIMESTAMPADD()
and
TIMESTAMPDIFF()
, and
FRAC_SECOND
is now deprecated.
(Bug#33834)
Incompatible Change:
With ONLY_FULL_GROUP_BY
SQL
mode enabled, queries such as SELECT a FROM t1 HAVING
COUNT(*)>2
were not being rejected as they should
have been.
This fix results in the following behavior:
There is a check against mixing group and nongroup columns
only when
ONLY_FULL_GROUP_BY
is
enabled.
This check is done both for the select list and for the
HAVING
clause if there is one.
This behavior differs from previous versions as follows:
Previously, the HAVING
clause was not
checked when
ONLY_FULL_GROUP_BY
was
enabled; now it is checked.
Previously, the select list was checked even when
ONLY_FULL_GROUP_BY
was not
enabled; now it is checked only when
ONLY_FULL_GROUP_BY
is
enabled.
Incompatible Change: The MySQL 5.0.50 patch for this bug was reverted because it changed the behavior of a General Availability MySQL release. (Bug#30234)
See also Bug#27525.
Incompatible Change: It was possible to create a view having a column whose name consisted of an empty string or space characters only.
One result of this bug fix is that aliases for columns in the
view SELECT
statement are checked to ensure
that they are legal column names. In particular, the length must
be within the maximum column length of 64 characters, not the
maximum alias length of 256 characters. This can cause problems
for replication or loading dump files. For additional
information and workarounds, see
Restrictions on Views.
(Bug#27695)
See also Bug#31202.
Incompatible Change:
Several type-preserving functions and operators returned an
incorrect result type that does not match their argument types:
COALESCE()
,
IF()
,
IFNULL()
,
LEAST()
,
GREATEST()
,
CASE
. These now aggregate using the
precise SQL types of their arguments rather than the internal
type. In addition, the result type of the
STR_TO_DATE()
function is now
DATETIME
by default.
(Bug#27216)
Incompatible Change: It was possible for option files to be read twice at program startup, if some of the standard option file locations turned out to be the same directory. Now duplicates are removed from the list of files to be read.
Also, users could not override system-wide settings using
~/.my.cnf
because
was read last. The latter file now is read earlier so that
SYSCONFDIR
/my.cnf~/.my.cnf
can override system-wide
settings.
The fix for this problem had a side effect such that on Unix,
MySQL programs looked for options in
~/my.cnf
rather than the standard location
of ~/.my.cnf
. That problem was addressed as
Bug#38180.
(Bug#20748)