-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
MySQL 4.0.6, a new version of the world's most popular Open Source Database, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://www.mysql.com/downloads/ and mirror sites. This is a bugfix release for the current development tree. Please note, that with MySQL 4.0.6 the code status has changed from "beta" to "gamma". The MySQL developers have done this to indicate, that the MySQL 4.0 code base has now been in beta testing for quite while and the focus is on fixing the remaining bugs now before it will be declared as "stable". Apart from fixing several bugs, this release also resolves multiple security vulnerabilities that have been found and reported to us by Stefan Esser from e-matters GmbH, Germany. You can read the full text of Stefans advisory here: http://security.e-matters.de/advisories/042002.html We are very grateful for his help in spotting and reporting these problems to us. As these vulnerabilities can be exploited from a remote attacker to crash the MySQL server or to execute arbitrary code with the privileges of the user running the MySQL server, we strongly advise all users of MySQL 4.0 to upgrade to this version. MySQL 3.23 is also affected by this problem and we have provided updated packages for this version as well. We strongly encourage users of MySQL 3.23 (or older) to update to MySQL 3.23.54 soon. >From the 4.0.6 ChangeLog: Functionality added or changed: * Added syntax support for `CHARACTER SET xxx' and `CHARSET=xxx' table options (to be able to read table dumps from 4.1). * Fixed replication bug that caused the slave to loose its position in some cases when the replication log was rotated. * Fixed that a slave will restart from the start of a transaction if it's killed in the middle of one. * Moved the manual pages from `man' to `man/man1' in the binary distributions. * The default type returned by `IFNULL(A,B)' is now set to be the more 'general' of the types of `A' and `B'. (The order is `STRING', `REAL' or `INTEGER'). * Moved the `mysql.server' startup script in the RPM packages from `/etc/rc.d/init.d/mysql' to `/etc/init.d/mysql' (which almost all current Linux distributions support for LSB compliance). * Added `Qcache_lowmem_prunes' status variable (number of queries that were deleted from cache because of low memory). * Fixed `mysqlcheck' so it can deal with table names containing dashes. * Bulk insert optimisation (*note `bulk_insert_buffer_size': SHOW VARIABLES.) is no longer used when inserting small (less than 100) number of rows. * Optimisation added for queries like `SELECT ... FROM merge_table WHERE indexed_column=constant_expr'. * Added functions `LOCALTIME' and `LOCALTIMESTAMP' as synonyms for `NOW()'. * `CEIL' is now an alias for `CEILING'. * The `CURRENT_USER()' function can be used to get a `user@host' value as it was matched in the `GRANT' system. *Note `CURRENT_USER()': Miscellaneous functions. * Fixed `CHECK' constraints to be compatible with ANSI SQL. This made `CHECK' a reserved word. (Checking of `CHECK' constraints is still not implemented). * Added `CAST(... as CHAR)'. * Added PostgreSQL compatible `LIMIT' syntax: `SELECT ... LIMIT # OFFSET #' * `mysql_change_user()' will now reset the connection to the state of a fresh connect (Ie, `ROLLBACK' any active transaction, close all temporary tables, reset all user variables etc..) Bugs fixed: * Fixed number of found rows returned in `multi table updates' * Make `--lower-case-table-names' default on MacOSX as the file system is case sensitive. * Transactions in `AUTOCOMMIT=0' mode didn't rotate binary log. * A fix for the bug in a `SELECT' with joined tables with `ORDER BY' and `LIMIT' clause when filesort had to be used. In that case `LIMIT' was applied to filesort of one of the tables, although it could not be. This fix solved problems with `LEFT JOIN' too. * `mysql_server_init()' now makes a copy of all arguments. This fixes a problem when using the embedded server in C# program. * Fixed buffer overrun in `libmysqlclient' library that allowed a malicious `MySQL' server to crash the client application. * Fixed security-related bug in `mysql_change_user()' handling. All users are strongly recommended to upgrade to version 4.0.6. * Fixed bug that prevented `--chroot' command-line option of `mysqld' from working. * Fixed bug in phrase operator `"..."' in boolean full-text search. * Fixed bug that caused `OPTIMIZE TABLE' to corrupt the table under some rare circumstances. * Part rewrite of multi-table-update to optimise it, make it safer and more bug free. * `LOCK TABLES' now works together with multi-table-update and multi-table-delete. * `--replicate-do=xxx' didn't work for `UPDATE' commands. (Bug introduced in 4.0.0) * Fixed shutdown problem on Mac OS X. Additional notes: * Due to a hardware failure, we are currently unable to provide Solaris 2.7 binaries - we apologize for any inconveniences that may cause you. Some users reported, that the Solaris 2.8 package worked for them on Solaris 2.7, too - so you might want to give that a try. * The "Max" binaries currently fail the "distinct" test of the test suite (the new compile option "-DBIGFILE" being used for MySQL-Max changes the way MySQL optimizes queries in files with few rows) - this will be resolved for the next release. Bye, LenZ - -- For technical support contracts, visit https://order.mysql.com/?ref=mlgr __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer <[EMAIL PROTECTED]> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer /_/ /_/\_, /___/\___\_\___/ Hamburg, Germany <___/ www.mysql.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+AvxySVDhKrJykfIRAlN6AJ9xp1aQniiSYqoL7DqzqTn45aQslgCdEoR+ jm9zdi5QMX79JudVgLZsrCg= =bx4X -----END PGP SIGNATURE----- --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
