Security Fix: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.

MySQL will now return an error when the file to which the symlink points already exists. (Bug#32111, CVE-2007-5969)

Security Fix: ALTER VIEW retained the original DEFINER value, even when altered by another user, which could allow that user to gain the access rights of the view. Now ALTER VIEW is allowed only to the original definer or users with the SUPER privilege. (Bug#29908)

Security Fix: When using a FEDERATED table, the local server could be forced to crash if the remote server returned a result with fewer columns than expected. (Bug#29801)

Incompatible Change: With ONLY_FULL_GROUP_BY SQL mode enabled, queries such as SELECT a FROM t1 HAVING COUNT(*)>2 were not being rejected as they should have been.

This fix results in the following behavior:

This behavior differs from previous versions as follows:

(Bug#31794)

Incompatible Change: It was possible to create a view having a column whose name consisted of an empty string or space characters only.

One result of this bug fix is that aliases for columns in the view SELECT statement are checked to ensure that they are legal column names. In particular, the length must be within the maximum column length of 64 characters, not the maximum alias length of 256 characters. This can cause problems for replication or loading dump files. For additional information and workarounds, see Restrictions on Views. (Bug#27695)

See also Bug#31202.

Incompatible Change: Several type-preserving functions and operators returned an incorrect result type that does not match their argument types: COALESCE(), IF(), IFNULL(), LEAST(), GREATEST(), CASE. These now aggregate using the precise SQL types of their arguments rather than the internal type. In addition, the result type of the STR_TO_DATE() function is now DATETIME by default. (Bug#27216)