This is a new Beta development release, fixing recently discovered bugs.
この項目は前回のMySQL公式リリース以降に適用されたすべての変更とバグ修正を説明します。更に頻繁でありご使用のバージョンと機能に合わせた更新情報を希望される場合には、MySQLエンタープライズ(商用版MySQL)への登録をお考えください。詳細は、http://www.mysql.com/products/enterpriseをご覧下さい。
Functionality added or changed:
Incompatible change: The
Event Scheduler can now be in one of three states (on, off, or
the new suspended state). In addition, due to the fact that
SET GLOBAL event_scheduler;
now acts in a
synchronous rather than asynchronous manner, the Event
Scheduler thread can be no longer be activated or deactivated
at run time. (Bug#17619)
For more information regarding these changes, see 項19.1. 「Event Scheduler Overview」.
Previously, to build MySQL from source with SSL support
enabled, you would invoke configure with
either the --with-openssl
or
--with-yassl
option. Those options both have
been replaced by the --with-ssl
option. By
default, --with-ssl
causes the bundled yaSSL
library to be used. To select OpenSSL instead, give the option
as
--with-ssl=
,
where path
path
is the directory where
the OpenSSL header files and libraries are located.
Added the --ssl-verify-server-cert
option to
MySQL client programs. This option causes the server's Common
Name value in its certificate to be verified against the
hostname used when connecting to the server, and the
connection is rejected if there is a mismatch. Added
MYSQL_OPT_SSL_VERIFY_SERVER_CERT
option for
the mysql_options()
C API function to
enable this verification. This feature can be used to prevent
man-in-the-middle attacks. Verification is disabled by
default. (Bug#17208)
Added the ssl_ca
,
ssl_capath
, ssl_cert
,
ssl_cipher
, and ssl_key
system variables, which display the values given via the
corresponding command options. See
項4.8.7.3. 「SSL コマンド オプション」. (Bug#19606)
NDB Cluster
: The limit of 2048 ordered
indexes per cluster has been lifted. There is now no upper
limit on the number of ordered indexes (including
AUTO_INCREMENT
columns) that may be used.
(Bug#14509)
Added the log_queries_not_using_indexes
system variable. (Bug#19616)
Added the --angel-pid-file
option to
mysqlmanager for specifying the file in
which the angel process records its process ID when
mysqlmanager runs in daemon mode. (Bug#14106)
The ENABLE KEYS
and DISABLE
KEYS
clauses for the ALTER TABLE
statement are now supported for partitioned tables. (Bug#19502)
It is now possible to use
NEW.
values within triggers as var_name
INOUT
parameters
to stored procedures. (Bug#14635)
The default for the
innodb_thread_concurrency
system variable
was changed to 8
. (Bug#15868)
mysql_explain_log (a third-party program) is no longer included in MySQL distributions.
Bugs fixed:
Security fix: An
SQL-injection security hole has been found in multi-byte
encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the
mysql_real_escape_string()
C API function.
(CVE-2006-2753, Bug#8378)
This vulnerability was discovered and reported by Josh Berkus
<josh@postgresql.org>
and Tom Lane
<tgl@sss.pgh.pa.us>
as part of the inter-project
security collaboration of the OSDB consortium. For more
information about SQL injection, please see the following
text.
Discussion: An SQL-injection
security hole has been found in multi-byte encoding
processing. An SQL-injection security hole can include a
situation whereby when a user supplied data to be inserted
into a database, the user might inject SQL statements into the
data that the server will execute. With regards to this
vulnerability, when character set unaware-escaping is used
(for example, addslashes()
in PHP), it is
possible to bypass the escaping in some multi-byte character
sets (for example, SJIS, BIG5 and GBK). As a result, a
function such as addslashes()
is not able
to prevent SQL-injection attacks. It is impossible to fix this
on the server side. The best solution is for applications to
use character set-aware escaping offered by a function such
mysql_real_escape_string()
.
However, a bug was detected in how the MySQL server parses the
output of mysql_real_escape_string()
. As a
result, even when the character set-aware function
mysql_real_escape_string()
was used, SQL
injection was possible. This bug has been fixed.
Workarounds: If you are
unable to upgrade MySQL to a version that includes the fix for
the bug in mysql_real_escape_string()
parsing, but run MySQL 5.0.1 or higher, you can use the
NO_BACKSLASH_ESCAPES
SQL mode as a
workaround. (This mode was introduced in MySQL 5.0.1.)
NO_BACKSLASH_ESCAPES
enables an SQL
standard compatibility mode, where backslash is not considered
a special character. The result will be that queries will
fail.
To set this mode for the current connection, enter the following SQL statement:
SET sql_mode='NO_BACKSLASH_ESCAPES';
You can also set the mode globally for all clients:
SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';
This SQL mode also can be enabled automatically when the
server starts by using the command-line option
--sql-mode=NO_BACKSLASH_ESCAPES
or by setting
sql-mode=NO_BACKSLASH_ESCAPES
in the server
option file (for example, my.cnf
or
my.ini
, depending on your system).
The patch for Bug#8303 broke the fix for Bug#8378 and was
undone. (In string literals with an escape character
(\
) followed by a multi-byte character that
has a second byte of (\
), the literal was
not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict
reverse of the mysql_real_escape_string()
function.)
The client libraries had not been compiled for position-indpendent code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202, Bug#18091)
Altering a VARCHAR
column in a
MyISAM
table to make it longer could cause
corruption of the following column. (Bug#19386)
A CREATE TABLE
statement that created a
table from a materialized view did not inherit default values
from the underlying table. (Bug#19089)
NDB Cluster
: A Cluster whose storage nodes
were installed from the
MySQL-ndb-storage-
RPMs could not perform *
CREATE
or
ALTER
operations that made use of
non-default character sets or collations. (Bug#14918)
NDB Cluster
: mysqld processes did not
always detect cluster shutdown, leading to issues with CLuster
replication and schema distribution. (Bug#19395)
NDB Cluster
: SELECT
MIN(
from a
Cluster table with user-defined partitioning crashed the
server. (Bug#18730)
unique_column
)
Premature optimization of nested subqueries in the
FROM
clause that refer to aggregate
functions could lead to incorrect results. (Bug#19077)
For dates with 4-digit year parts less than 200, an implicit
conversion to add a century was applied for date arithmetic
performed with DATE_ADD()
,
DATE_SUB()
, + INTERVAL
,
and - INTERVAL
. (For example,
DATE_ADD('0050-01-01 00:00:00', INTERVAL 0
SECOND)
became '2050-01-01
00:00:00'
.) Now these operations return
NULL
rather than an incorrect
non-NULL
value. (Bug#18997)
BLOB
or TEXT
arguments
to or values returned from stored functions were not copied
properly if too long and could become garbled. (Bug#18587)
Simultaneous scheduled events whose actions conflicted with one another could crash the server. (Bug#16428)
In was not possible to invoke a stored routine containing dynamic SQL from a scheduled event. (Bug#19264)
NDB Cluster
: Running ALL
START
in the NDB
management
client or restarting multiple nodes simultaneously could under
some circumstances cause the cluster to crash. (Bug#19930)
The result from CONV()
is a string, but was
not always treated the same way as a string when converted to
a real value for an arithmetic operation. (Bug#13975)
CREATE TABLE ... SELECT ...
statements that
used a stored function explicitly or implicitly (through a
view) resulted in a Table not locked
error.
(Bug#12472, Bug#15137)
Within a trigger, SET
used the SQL mode of
the invoking statement, not the mode in effect at trigger
creation time. (Bug#6951)
The server no longer uses a signal handler for signal 0 because it could cause a crash on some platforms. (Bug#15869)
The embedded server crashed with row-based replication enabled. (Bug#18518)
Display better error message for ALTER
TABLE
operations that will result in duplicate keys
due to AUTO_INCREMENT
resequencing. (Bug#14573)
The Data_free
column in the output of
SHOW TABLE STATUS
always displayed 0 for
partitioned tables. (Bug#19501)
Adding an index to a table created using partitioning by
KEY
and the MEMORY
storage engine caused the server to crash. (Bug#19140)
When creating a table using CREATE TABLE ...
PARTITION BY ... SELECT ...
, the partitioning clause
was ignored. (Bug#19062)
ALTER TABLE ENGINE=...
failed when used to
change a MySQL Cluster table having no explicit primary key to
use a different storage engine. (Bug#19010)
Note: As a consequence of
this fix, SHOW CREATE TABLE
no longer
displays auto-partitioning information for
NDBCluster
tables.
NDB Cluster
(NDBAPI): On big-endian
platforms, NdbOperation::write_attr()
did
not update 32-bit fields correctly. (Bug#19537)
NDB Cluster
: Using 「stale」
mysqld .FRM
files
could cause a newly-restored cluster to fail. This situation
could arise when restarting a MySQL Cluster using the
--intial
option while leaving connected
mysqld processes running. (Bug#16875)
NDB Cluster
(Replication): Memory was not
freed after some ALTER TABLE
operations,
which could cause mysqld processes to
crash. (Bug#19885)
NDB Cluster
(NDBAPI): The
Ndb::dropEventOperation()
method failed to
clean up all objects used, which could cause memory leaks to
occur. (Bug#17610)
NDB Cluster
: Data node failures could cause
excessive CPU usage by ndb_mgmd. (Bug#13987)
NDB Cluster
: TRUNCATE
failed on tables having BLOB
or
TEXT
columns with the error Lock
wait timeout exceeded. This affected both
in-memory and Disk Data tables. (Bug#19201)
Revised memory allocation for local objects within stored functions and triggers to avoid memory leak for repeated function or trigger invocation. (Bug#17260)
EXPLAIN ... SELECT INTO
caused the client
to hang. (Bug#15463)
Symlinking .mysql_history
to
/dev/null
to suppress statement history
saving by mysql did not work.
(mysql deleted the symlink and recreated
.mysql_history
as a regular file, and
then wrote history to it.) (Bug#16803)
The basedir
and tmpdir
system variables could not be accessed via
@@
syntax. (Bug#1039)
var_name
Corrected several problems with the treatment of the
--log-error
option by
mysqld_safe. These problems were manifest
as differences from mysqld in error log
handling.
If a filename was given for --log-error
,
mysqld_safe ignored it and did not pass
it to mysqld, which then wrote error
information to stderr
and resulted in
incorrect log rotation when FLUSH LOGS
was used.
mysql_safe now adds
.err
to the end of the filename if no
extension is present (the same as
mysqld).
mysqld_safe treated a relative pathname as relative to its own current working directory. Now it treats a relative pathname as relative to the data directory (the same as mysqld).
In addition, some argument quoting problems were corrected. (Bug#6061)
Returning the value of a system variable from a stored function caused a server crash. (Bug#18037)
Use of uninitialized user variables in a subquery in the
FROM
clause resulted in bad entries in the
binary log. (Bug#19136)
IS_USED_LOCK()
could return an incorrect
connection identifier. (Bug#16501)
Concurrent reading and writing of privilege structures could crash the server. (Bug#16372)