Security Fix: MySQL clients linked against OpenSSL can be tricked not to check server certificates. (Bug#47320, CVE-2009-4028)

MySQL Cluster: When a data node had written its GCI marker to the first page of a megabyte, and that node was later killed during restart after having processed that page (marker) but before completing a LCP, the data node could fail with filesystem errors. (Bug#44952)

See also Bug#42564, Bug#44291.

Replication: When a session was closed on the master, temporary tables belonging to that session were logged with the wrong database names when either of the following conditions was true:

(Bug#48216)

See also Bug#46861, Bug#48297.

A query containing a view using temporary tables and multiple tables in the FROM clause and PROCEDURE ANALYSE() caused a server crash.

As a result of this bug fix, PROCEDURE ANALYSE() is legal only in a top-level SELECT. (Bug#48293)

See also Bug#46184.

Error handling was missing for SELECT statements containing subqueries in the WHERE clause and that assigned a SELECT result to a user variable. The server could crash as a result. (Bug#48291)

An assertion could fail if the optimizer used a SPATIAL index. (Bug#48258, Bug#47019)

A combination of GROUP BY WITH ROLLUP, DISTINCT and the const join type in a query caused a server crash when the optimizer chose to employ a temporary table to resolve DISTINCT. (Bug#48131)

mysys/mf_keycache.c requires threading, but no test was made for thread support. (Bug#47923)

If the first argument to GeomFromWKB() function was a geometry value, the function just returned its value. However, it failed to preserve the argument's null_value flag, which caused an unexpected NULL value to be returned to the caller, resulting in a server crash. (Bug#47780)

The GPL and commercial license headers had different sizes, so that error log, backtrace, core dump, and cluster trace file line numbers could be off by one if they were not checked against the version of the source used for the build. (For example, checking a GPL build backtrace against commercial sources.) (Bug#46216)

During the build of the Red Hat IA64 MySQL server RPM, the system library link order was incorrect. This made the resulting Red Hat IA64 RPM depend on "libc.so.6.1(GLIBC_PRIVATE)(64bit)", thus preventing installation of the package. (Bug#45706)

Failure to treat BIT values as unsigned could lead to unpredictable results. (Bug#42803)

Some queries with nested outer joins could lead to crashes or incorrect results because an internal data structure was handled improperly. (Bug#42116)

In a replication scenario with innodb_locks_unsafe_for_binlog enabled on the slave, where rows were changed only on the slave (not through replication), in some rare cases, many messages of the following form were written to the slave error log: InnoDB: Error: unlock row could not find a 4 mode lock on the record. (Bug#41756)

A stub of the previously removed mysql_odbc_escape_string() function was restored to fix a ABI breakage. The function was intended to be private and used only by Connector/ODBC, but, unfortunately, it was exported as part of the ABI. Nonetheless, only a stub is restored as the original function is inherently broken and shouldn't be used. (Bug#41728)

See also Bug#29592.

After renaming a user, granting that user privileges could result in the user having additional privileges other than those granted. (Bug#41597)

In some cases, the server did not recognize lettercase differences between GRANT attributes such as table name or user name. For example, a user was able to perform operations on a table with privileges of another user with the same user name but in a different lettercase.

In consequence of this bug fix, the collation for the Routine_name column of the mysql.proc table is changed from utf8_bin to utf8_general_ci. (Bug#41049)

See also Bug#48872.