MySQL Community Server 5.7.21 has been released
- 1 Messages
- Collapse All
- Expand All
- Subscribe
Jan 15
Hery Ramilison MySQL Community Server 5.7.21 has been released
Jan 15, 2018; 08:56
Hery Ramilison
MySQL Community Server 5.7.21 has been released
Dear MySQL users,
MySQL Server 5.7.21, a new version of the popular Open Source
Database Management System, has been released. MySQL 5.7.21 is
recommended for use on production systems.
For an overview of what's new in MySQL 5.7, please see
http://dev.mysql.com/doc/refman/5.7/en/mysql-nutshell.html
For information on installing MySQL 5.7.21 on new servers, please see
the MySQL installation documentation at
http://dev.mysql.com/doc/refman/5.7/en/installing.html
MySQL Server 5.7.21 is available in source and binary form for a number of
platforms from our download pages at
http://dev.mysql.com/downloads/mysql/
MySQL Server 5.7.21 is also available from our repository for Linux
platforms, go here for details:
http://dev.mysql.com/downloads/repo/
Windows packages are available via the Installer for Windows or .ZIP
(no-install) packages for more advanced needs. The point and click
configuration wizards and all MySQL products are available in the
unified Installer for Windows:
http://dev.mysql.com/downloads/installer/
5.7.21 also comes with a web installer as an alternative to the full
installer.
The web installer doesn't come bundled with any actual products
and instead relies on download-on-demand to fetch only the
products you choose to install. This makes the initial download
much smaller but increases install time as the individual products
will need to be downloaded.
We welcome and appreciate your feedback, bug reports, bug fixes,
patches, etc.:
http://bugs.mysql.com/report.php
The following link lists the changes in the MySQL 5.7 since the
the release of MySQL 5.7.20.
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html
Enjoy!
Changes in MySQL 5.7.21 (2018-01-15, General Availability)
Configuration Notes
* For RHEL, SLES, and Fedora RPMs, the default plugin
directory for debug builds has been changed from
/usr/lib64/mysql/plugin to /usr/lib64/mysql/plugin/debug.
(Bug #27072155, Bug #88363)
* The installation scripts for MySQL Enterprise Audit and
MySQL Enterprise Firewall now create their associated
tables in the mysql system database as InnoDB rather than
MyISAM tables. (Bug #26323351, Bug #26906601)
* The hardcoded memory page size of 8KB for the
memory-mapped transaction coordinator was too small for
platforms such as ARM64 and PowerPC where the page size
is much larger. The server now invokes a system call to
get the page size of the current platform rather than
using a hardcoded value. A consequence for the
--log-tc-size option is that the minimum and default
values are now 6 times the page size. Also, the value
must be a multiple of the page size. Thanks to Alexey
Kopytov for the patch. (Bug #23014086, Bug #80818, Bug
#26931470, Bug #87995)
Performance Schema Notes
* The Performance Schema setup_timers table is now
deprecated, to be removed in MySQL 8.0, as is the TICK
row in the performance_timers table.
Pluggable Authentication
* For the LDAP authentication plugins, handling of the
group search attribute indicated by the
authentication_ldap_sasl_group_search_attr and
authentication_ldap_simple_group_search_attr system
variables is more flexible. If the group search attribute
is isMemberOf, LDAP authentication directly retrieves the
user attribute isMemberOf value and assign it as group
information. If the group search attribute is not
isMemberOf, LDAP authentication searches for all groups
where the user is a member. (The latter is the default
behavior.) This behavior is based on how LDAP group
information can be stored two ways: 1) A group entry can
have an attribute named memberUid or member with a value
that is a user name; 2) A user entry can have an
attribute named isMemberOf with values that are group
names. (Bug #26317645)
* The LDAP authentication plugins now permit the
authentication string that provides user DN information
to begin with a + character. In the absence of this
character, the authentication string value is treated as
is without modification, as it has been previously. If
the authentication string begins with +, the plugin
constructs the full user DN value from the account user
name as the cn attribute value, together with the
authentication string (with the + removed). The
authentication string is stored as given in the
mysql.user system table, with the full user DN
constructed on the fly before authentication.
This account authentication string does not have + at the
beginning, so it is taken as the full user DN:
CREATE USER 'admin'
IDENTIFIED WITH authentication_ldap_simple
BY "cn=admin,ou=People,dc=example,dc=com";
This account authentication string does have + at the
beginning, so it is taken as just part of the full user
DN:
CREATE USER 'accounting'
IDENTIFIED WITH authentication_ldap_simple
BY "+ou=People,dc=example,dc=com";
In this case, the full user DN is constructed using
accounting as the cn attribute together with the
authentication string, to yield
"cn=accounting,ou=People,dc=example,dc=com". (Bug
#26147775)
* For the LDAP authentication plugins, the group search
attribute was fixed and not configurable. Two new system
variables now enable using custom group filters:
authentication_ldap_sasl_group_search_filter and
authentication_ldap_simple_group_search_filter. (Bug
#26091340)
Security Notes
* Incompatible Change: Passwords are now restricted to a
maximum of 256 characters for the sha256_password
authentication plugin, and for the PASSWORD() function
when old_passwords=2. Also, the number of password
hashing rounds is capped to limit CPU time used. (Bug
#27099029, Bug #27194270)
* The linked OpenSSL library for the MySQL Commercial
Server has been updated to version 1.0.2n. Issues fixed
in the new OpenSSL version are described at
http://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL
Community build of MySQL Server, which uses the yaSSL
library instead. (Bug #27212666, Bug #27236394)
Test Suite Notes
* Documentation for the MySQL Test Suite is now maintained
in the MySQL source tree using Doxygen (see
http://dev.mysql.com/doc/dev/mysql-server/latest/PAGE_MYSQL_TEST_RUN.html).
The related Unix man pages that previously were produced from
the old test suite manual are no longer updated and have gone
out of date.
Consequently, they are no longer included in MySQL
distributions. (Bug #27021754)
* The MySQL test suite now includes CRC32() tests. Thanks
to Daniel Black for the patch. (Bug #26495791, Bug
#87136)
Functionality Added or Changed
* InnoDB: The innodb_undo_tablespaces configuration option
is deprecated and will be removed in a future release.
* Replication: Host names can now be specified as part of a
whitelist for group replication connections, using the
group_replication_ip_whitelist system variable. Host
names support CIDR notation. Host names that resolve to
IPv6 addresses are not supported.
For host names, name resolution takes place only when a
connection request is made by another server. A host name
that cannot be resolved is not considered for whitelist
validation, and a warning message is written to the error
log. Forward-confirmed reverse DNS (FCrDNS) verification
is carried out for resolved host names.
Warning
Host names are inherently less secure than IP addresses
in a whitelist. FCrDNS verification provides a good level
of protection, but can be compromised by certain types of
attack. Specify host names in your whitelist only when
strictly necessary, and ensure that all components used
for name resolution, such as DNS servers, are maintained
under your control. You can also implement name
resolution locally using the hosts file, to avoid the use
of external components.
* Replication: The
group_replication_allow_local_disjoint_gtids_join system
variable has been deprecated and is scheduled for removal
in a future version.
* The -DWITH_ASAN_SCOPE CMake option enables the
AddressSanitizer -fsanitize-address-use-after-scope Clang
flag for use-after-scope detection. The default is off.
To use this option, -DWITH_ASAN must also be enabled.
(Bug #27095089)
Bugs Fixed
* Important Change; Partitioning: Checking for tables that
used the generic partitioning handler could cause delays
of several minutes when starting the MySQL Server. To
keep this from happening, the
--disable-partition-engine-check option is now enabled by
default. (Bug #85830, Bug #25846957)
* Performance; JSON: Creating a representation of a JSON
string now optimizes for the most common case---that the
string to be processed contains no special characters
that need to be escaped---scanning for the first special
character in the string, and copying each sequence of
characters which do not require escaping in a single
memcpy() call, rather than checking each character in
turn to determine whether it needed to be escaped,
escaping it if so, and then copying it, one by one, as
was done previously.
This fix also corrects a failure to escape the control
character \u001f, or unit separator character. (Bug
#86898, Bug #26388690, Bug #87722, Bug #26780307)
References: See also: Bug #25977595.
* InnoDB: Multiple updates from different clients on a
partitioned table caused an unexpected lock wait timeout
due to an incorrectly set lock type. (Bug #26731025, Bug
#87619)
* InnoDB: An ALTER TABLE operation caused the server to
halt. (Bug #26492721)
* InnoDB: The innodb_table_stats data dictionary table was
not updated with new partition names when renaming a
partitioned table. (Bug #26390658, Bug #86927)
* InnoDB: A FLUSH TABLES operation failed to drop an
aborted index. While removing the table from the cache,
the clustered index was dropped prior to checking for the
aborted index. (Bug #26256456, Bug #86607)
* InnoDB: An iterative approach to processing foreign
cascade operations resulted in excessive memory use. (Bug
#26191879, Bug #86573)
References: This issue is a regression of: Bug #16244691.
* InnoDB: An INSERT operation on table with spatial index
raised an assertion due to a failure that occurred during
a lock conflict check. (Bug #25729649)
* InnoDB: While innodb_undo_log_truncate was enabled,
warnings that should only appear in a debug version of
MySQL were printed to the error log when the length of
the history list exceeded 2000000. (Bug #24296076, Bug
#82213)
* InnoDB: Attempting to reduce the buffer pool size to less
than the buffer pool chunk size did not report a warning.
(Bug #23590280)
* InnoDB: A "wrong key column" error was added to address
an unsupported index creation scenario. (Bug #22486025)
* InnoDB: Full-text search on indexed columns that use a
binary collation did not return case sensitive matches.
(Bug #21625016, Bug #78048)
* Packaging: When trying to install MySQL Server on Fedora
27 using the MySQL Yum repository, installation failed
due to a conflict with the native
mariadb-connector-c-devel package. With this fix, the
appropriate "obsoletes" have been added for that and
other native packages. (Bug #26963839)
* Replication: All servers that belong to a group must have
unique UUIDs set by server_uuid, but this was not being
enforced by Group Replication and it was possible to add
members with duplicated UUIDs. (Bug #27105803)
* Replication: Group Replication executes internal
operations on the server during start and stop of the
plugin, such as enabling or disabling read only mode,
using an internal session. When this internal session was
opened, if the total number of sessions exceeded the
number of permitted open sessions set by max_connections,
the operation was failing as expected but a thread was
left behind, which later would cause issues. (Bug
#27008102, Bug #27016552)
* Replication: The fix for Bug #26117735 (MySQL Bug 86288)
could cause a debug assertion when running mysqlbinlog
with the --read-from-remote-server option and the
--rewrite-db option, depending on the database names
specified in the rewrite rule. The issue has now been
corrected. (Bug #26878022)
* Replication: With MySQL compiled using yaSSL, and
semisynchronous replication in use, a deadlock could be
caused by incorrect handling of acknowledgement packets.
Multiple acknowledgement packets can be read together by
yaSSL, but the receiver thread for semisynchronous
replication only handled the first acknowledgement packet
seen after polling. Now, the receiver thread handles all
acknowledgement packets that are present in the buffer.
(Bug #26865538)
* Replication: If Group Replication was configured to start
on server boot when the server was being initialized
using --initialize or --initialize-insecure, because the
replication applier infrastructure was not initialized
this resulted in an assertion. Now, Group Replication is
not started when the server is being initialized. (Bug
#26802395)
* Replication: In a group with heavy load, joining members
could need to retrieve a large amount of data to gain
synchrony with the group. If the amount of data retrieved
exceeded the View_change packet size of 4Mb the members
would fail to join the group and enter Error state. Now,
the packet size is taken from slave_max_allowed_packet,
which defaults to 1GB. Depending on the load your group
processes, you might want to increase the packet size
further by configuring slave_max_allowed_packet. (Bug
#26770576)
* Replication: With semisynchronous replication in use, if
RESET MASTER was issued while an active transaction was
waiting for an acknowledgement from the slave, the count
of waiting sessions in the
Rpl_semi_sync_master_wait_sessions server status variable
was incorrect after the wait was completed. (Bug
#26748533)
* Replication: In a group where a joining member
consistently received transactions, the joining member
could sometimes not enter the online state. This was due
to the way the incoming queue of messages was tested.
(Bug #26731317)
References: See also: Bug #27049034.
* Replication: XA ROLLBACK statements that failed because
an incorrect transaction ID was given, could be recorded
in the binary log with the correct transaction ID, and
could therefore be actioned by replication slaves. A
check is now made for the error situation before binary
logging takes place, and failed XA ROLLBACK statements
are not logged. (Bug #26618925, Bug #87393)
* Replication: The receiver thread for semisynchronous
replication was not able to receive acknowledgements from
slaves that used compression of the master/slave protocol
(slave_compressed_protocol = ON). The receiver thread now
handles compressed acknowledgements correctly. (Bug
#26027024, Bug #86230)
* Replication: On replication slaves, in the XA_STATE field
in the Performance Schema table
events_transactions_current, the state of XA transactions
was incorrectly reported as COMMITTED instead of PREPARED
after the XA PREPARE statement was applied on the slave.
(Bug #25940184)
* Replication: In a multi-source replication topology, a
memory leak could occur on the slave when
binlog_rows_query_log_events was enabled on the master,
and a statement already applied from another channel was
skipped on the slave. In this situation, the instance of
the Rows_query log event stored on the slave was not
being deleted. The log event instance is now cleaned up
and the memory is freed. Thanks to Vlad Lesin for his
contribution to the patch. (Bug #25695434, Bug #85371,
Bug #85034)
* Replication: A memory leak was fixed in GTID-based
replication. Memory was not being freed after the
repository tables were updated for skipped or ignored
events. (Bug #25656123, Bug #85251)
* Replication: When a worker thread on a multi-threaded
slave failed to apply a transaction on which a later
transaction depended, the coordinator thread could begin
scheduling the dependent transaction before being
notified of the issue. If a STOP SLAVE request was made
during this situation, it caused an assertion to be
raised in debug builds. (Bug #25585436)
* Replication: When
group_replication_enforce_update_everywhere_checks=ON the
Group Replication plugin checks if there are foreign key
cascades and disallows updates to such tables. However
SET NULL operations were not being checked, which could
cause data inconsistency. Now, when
group_replication_enforce_update_everywhere_checks=ON,
operations on child tables are blocked if the table has a
SET NULL option configured. (Bug #25404162)
* Replication: On Windows, any errors generated by Group
Replication now contain the detailed error message rather
than just the error number. (Bug #24918678)
* Replication: With statement-based replication in use, if
an UPDATE or DELETE statement was used inside an XA
transaction ending with XA COMMIT ONE PHASE, and the
statement did not affect any rows, a replication error
occurred. An XA END statement was not written to the
binary log, so slave servers identified the XA
transaction as still being active at the time of the
commit request. The required XA END statement is now
written even if no rows were affected by the transaction.
(Bug #24812958, Bug #83295)
* Replication: Regardless of the number of virtual IPs
configured on a machine, Group Replication could access
only the first 12 addresses. (Bug #86772, Bug #26324852)
* Microsoft Windows: On Windows, with the myisam_use_mmap
and flush system variables enabled, MyISAM did not always
flush table files properly. (Bug #26880757)
* Microsoft Windows: On Windows, resolution was improved of
a timer used for query performance assessment. (Bug
#22305994, Bug #26734457)
* JSON: When inserting JSON values created from the result
of a GROUP BY query, the inserted values could sometimes
include the concatenation of all the values previously
inserted into that column. (Bug #87854, Bug #26867509)
* In event items in filter rules, the audit_log plugin did
not properly process values specified as a JSON array.
(Bug #27010045)
* VALUES() was not handled correctly in some cases. (Bug
#26881946)
References: See also: Bug #19601973, Bug #17458914.
* In some cases, virtual generated column expressions
containing comparison operators could cause problems with
subsequent statements accessing the same table. (Bug
#26881855)
* For debug builds, validation checks on relevant generated
columns could be missed for UPDATE statements, leading to
a server exit. (Bug #26838771)
* The default value of the
authentication_ldap_sasl_auth_method_name system variable
was incorrectly set to SIMPLE rather than SCRAM-SHA-1,
and the variable could be set to impermissible values.
(Bug #26838525, Bug #26093370)
* Following an INSERT statement with BLOB values in the ON
DUPLICATE KEY UPDATE clause that failed with a constraint
violation, a similar statement with no reason to return
an error could cause a server exit. (Bug #26734162)
* The Performance Schema now stores rewritten rather than
raw SQL statement text when available. (Bug #26732229)
* Incorrect results or a server exit could result when
SHA2() was passed a user-defined variable in some
character sets. (Bug #26704451)
* mysqlpump no longer includes the SQL_NO_CACHE modifier in
statements because that modifier is now deprecated and
results in deprecation warnings. (Bug #26694675)
* Building with the -DWITHOUT_SERVER=ON CMake option failed
due to attempting to link the
authentication_ldap_sasl_client client-side plugin
against the embedded server library. (Bug #26665217)
* Setting authentication_ldap_simple_max_pool_size=0 and
authentication_ldap_simple_init_pool_size=0 at runtime
did not disable the LDAP connection pool for the
authentication_ldap_simple authentication plugin. (Bug
#26646063)
* Accounts that use an LDAP authentication plugin and were
created without any authentication string could be
authenticated by the LDAP server regardless of password
specified at connect time. (Bug #26634245)
* Incorrect results could be returned for queries that used
an outer join and a derived table referenced a const
value from an inner table of the outer join. (Bug
#26627181)
* AFTER UPDATE triggers were not invoked for INSERT ... ON
DUPLICATE KEY UPDATE when the value to be updated and the
new value were the same. (Bug #26626277, Bug #87371)
* Changing the UMASK and UMASK_DIR environment variables
from their default values had no effect on database
directory and table file access. (Bug #26529942)
* Creating a table with excessive index information could
cause a server exit. (Bug #26529369)
* MSI packages for Windows failed to detect when Microsoft
Visual C++ 2010 Redistributable Package was installed.
(Bug #26501092, Bug #87139)
* audit_log plugin THD objects could be created with
incorrect thread ID information, leading to assertion
failure. (Bug #26362452)
* When HASH_SCAN was specified as one of the values for the
slave_rows_search_algorithms system variable, which is
the default from MySQL 8.0.2, and row-based replication
was in effect, updates to a table containing virtual
generated fields could raise an assertion. The issue was
caused by an error when generating string representations
of the virtual generated fields in order to create hashes
for use in searches. To remove the issue, MySQL no longer
creates hashes for virtual generated fields. (Bug
#26280724)
* Attempting a partial backup with mysqlpump on a
GTID-enabled server failed and produced an error message
suggesting incorrectly that this was not possible. (It is
possible using the --set-gtid-purged option.) (Bug
#26199978)
* The Performance Schema could leak memory due to
nondeletion of file instances created for ALTER TABLE
operations that used the table-copy algorithm. (Bug
#26152751, Bug #86482)
* mysqlpump did not properly parse TABLESPACE clauses in
the result from SHOW CREATE TABLE statements it executed
to determine table structure. (Bug #26116415)
* Some statements could cause a buffer overflow in the
digest code. Thanks to Laurynas Biveinis and Roel van de
Paar for the patch. (Bug #26021187)
* Previously, when the Performance Schema failed to
initialize, it wrote a nonspecific init failed warning to
the error log. Now it prints more specific messages about
which memory allocation failed. (Bug #25996291)
* Incorrect results could occur on a table with a unique
index when the optimizer chose a loose index scan even
though the unique index had no index extensions. (Bug
#25989915, Bug #86165, Bug #26532061, Bug #87207)
References: This issue is a regression of: Bug #21749123,
Bug #78244.
* Restarting the LDAP server could cause LDAP
authentication plugins that used a connection pool to
fail to authenticate properly. (Bug #25989788)
* CREATE USER IF NOT EXISTS was not written to the binary
log if the user existed. This could result in
inconsistent replication behavior if the user did not
exist on slave servers. A similar issue occurred for
ALTER USER IF EXISTS. To avoid inconsistencies, these
statements now are written to the binary log. (Bug
#25813089, Bug #85733)
* Incorrect handling of internal memory buffers could cause
a server exit. (Bug #25737271)
* MySQL did not compile with GCC 7. (Bug #25643811, Bug
#26825211)
* Executing a stored procedure containing a statement that
created a table from the contents of certain SELECT
statements could result in a memory leak. (Bug #25586773)
* When an UPDATE required a temporary table having a
primary key larger than 1024 bytes and that table was
created using InnoDB, the server could exit. (Bug
#25153670)
* For geometry calculations, invalid input parameters could
lead to an incorrect result buffer and cause an assertion
to be raised or a server exit. (Bug #25062396)
* Under some conditions, the audit_log plugin could
recursively lock a mutex, resulting in an unresponsive
server. (Bug #24437533)
* In some cases, the optimizer chose a loose index scan
(QUICK_GROUP_MIN_MAX_SELECT) for a GROUP BY query even
when there was a predicate with a disjunction. This is
fixed by not performing a range scan when the condition
in the WHERE clause results in more than one disjoint
range tree. (Bug #24423143)
* Setting the MYSQL_GROUP_SUFFIX environment variable had
no effect. (Bug #23072792)
* Queries with many left joins were slow if join buffering
was used (for example, using the block nested loop
algorithm). (Bug #18898433, Bug #72854)
* A prepared statement containing an ORDER BY list that
referred to a parameter was not always handled correctly.
(Bug #87863, Bug #26867652)
* The server handled triggers and generated columns
incorrectly. (Bug #86637, Bug #26251621)
On Behalf of the MySQL/Oracle Release Engineering Team,
Hery Ramilison
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql
MySQL Server 5.7.21, a new version of the popular Open Source
Database Management System, has been released. MySQL 5.7.21 is
recommended for use on production systems.
For an overview of what's new in MySQL 5.7, please see
http://dev.mysql.com/doc/refman/5.7/en/mysql-nutshell.html
For information on installing MySQL 5.7.21 on new servers, please see
the MySQL installation documentation at
http://dev.mysql.com/doc/refman/5.7/en/installing.html
MySQL Server 5.7.21 is available in source and binary form for a number of
platforms from our download pages at
http://dev.mysql.com/downloads/mysql/
MySQL Server 5.7.21 is also available from our repository for Linux
platforms, go here for details:
http://dev.mysql.com/downloads/repo/
Windows packages are available via the Installer for Windows or .ZIP
(no-install) packages for more advanced needs. The point and click
configuration wizards and all MySQL products are available in the
unified Installer for Windows:
http://dev.mysql.com/downloads/installer/
5.7.21 also comes with a web installer as an alternative to the full
installer.
The web installer doesn't come bundled with any actual products
and instead relies on download-on-demand to fetch only the
products you choose to install. This makes the initial download
much smaller but increases install time as the individual products
will need to be downloaded.
We welcome and appreciate your feedback, bug reports, bug fixes,
patches, etc.:
http://bugs.mysql.com/report.php
The following link lists the changes in the MySQL 5.7 since the
the release of MySQL 5.7.20.
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html
Enjoy!
Changes in MySQL 5.7.21 (2018-01-15, General Availability)
Configuration Notes
* For RHEL, SLES, and Fedora RPMs, the default plugin
directory for debug builds has been changed from
/usr/lib64/mysql/plugin to /usr/lib64/mysql/plugin/debug.
(Bug #27072155, Bug #88363)
* The installation scripts for MySQL Enterprise Audit and
MySQL Enterprise Firewall now create their associated
tables in the mysql system database as InnoDB rather than
MyISAM tables. (Bug #26323351, Bug #26906601)
* The hardcoded memory page size of 8KB for the
memory-mapped transaction coordinator was too small for
platforms such as ARM64 and PowerPC where the page size
is much larger. The server now invokes a system call to
get the page size of the current platform rather than
using a hardcoded value. A consequence for the
--log-tc-size option is that the minimum and default
values are now 6 times the page size. Also, the value
must be a multiple of the page size. Thanks to Alexey
Kopytov for the patch. (Bug #23014086, Bug #80818, Bug
#26931470, Bug #87995)
Performance Schema Notes
* The Performance Schema setup_timers table is now
deprecated, to be removed in MySQL 8.0, as is the TICK
row in the performance_timers table.
Pluggable Authentication
* For the LDAP authentication plugins, handling of the
group search attribute indicated by the
authentication_ldap_sasl_group_search_attr and
authentication_ldap_simple_group_search_attr system
variables is more flexible. If the group search attribute
is isMemberOf, LDAP authentication directly retrieves the
user attribute isMemberOf value and assign it as group
information. If the group search attribute is not
isMemberOf, LDAP authentication searches for all groups
where the user is a member. (The latter is the default
behavior.) This behavior is based on how LDAP group
information can be stored two ways: 1) A group entry can
have an attribute named memberUid or member with a value
that is a user name; 2) A user entry can have an
attribute named isMemberOf with values that are group
names. (Bug #26317645)
* The LDAP authentication plugins now permit the
authentication string that provides user DN information
to begin with a + character. In the absence of this
character, the authentication string value is treated as
is without modification, as it has been previously. If
the authentication string begins with +, the plugin
constructs the full user DN value from the account user
name as the cn attribute value, together with the
authentication string (with the + removed). The
authentication string is stored as given in the
mysql.user system table, with the full user DN
constructed on the fly before authentication.
This account authentication string does not have + at the
beginning, so it is taken as the full user DN:
CREATE USER 'admin'
IDENTIFIED WITH authentication_ldap_simple
BY "cn=admin,ou=People,dc=example,dc=com";
This account authentication string does have + at the
beginning, so it is taken as just part of the full user
DN:
CREATE USER 'accounting'
IDENTIFIED WITH authentication_ldap_simple
BY "+ou=People,dc=example,dc=com";
In this case, the full user DN is constructed using
accounting as the cn attribute together with the
authentication string, to yield
"cn=accounting,ou=People,dc=example,dc=com". (Bug
#26147775)
* For the LDAP authentication plugins, the group search
attribute was fixed and not configurable. Two new system
variables now enable using custom group filters:
authentication_ldap_sasl_group_search_filter and
authentication_ldap_simple_group_search_filter. (Bug
#26091340)
Security Notes
* Incompatible Change: Passwords are now restricted to a
maximum of 256 characters for the sha256_password
authentication plugin, and for the PASSWORD() function
when old_passwords=2. Also, the number of password
hashing rounds is capped to limit CPU time used. (Bug
#27099029, Bug #27194270)
* The linked OpenSSL library for the MySQL Commercial
Server has been updated to version 1.0.2n. Issues fixed
in the new OpenSSL version are described at
http://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL
Community build of MySQL Server, which uses the yaSSL
library instead. (Bug #27212666, Bug #27236394)
Test Suite Notes
* Documentation for the MySQL Test Suite is now maintained
in the MySQL source tree using Doxygen (see
http://dev.mysql.com/doc/dev/mysql-server/latest/PAGE_MYSQL_TEST_RUN.html).
The related Unix man pages that previously were produced from
the old test suite manual are no longer updated and have gone
out of date.
Consequently, they are no longer included in MySQL
distributions. (Bug #27021754)
* The MySQL test suite now includes CRC32() tests. Thanks
to Daniel Black for the patch. (Bug #26495791, Bug
#87136)
Functionality Added or Changed
* InnoDB: The innodb_undo_tablespaces configuration option
is deprecated and will be removed in a future release.
* Replication: Host names can now be specified as part of a
whitelist for group replication connections, using the
group_replication_ip_whitelist system variable. Host
names support CIDR notation. Host names that resolve to
IPv6 addresses are not supported.
For host names, name resolution takes place only when a
connection request is made by another server. A host name
that cannot be resolved is not considered for whitelist
validation, and a warning message is written to the error
log. Forward-confirmed reverse DNS (FCrDNS) verification
is carried out for resolved host names.
Warning
Host names are inherently less secure than IP addresses
in a whitelist. FCrDNS verification provides a good level
of protection, but can be compromised by certain types of
attack. Specify host names in your whitelist only when
strictly necessary, and ensure that all components used
for name resolution, such as DNS servers, are maintained
under your control. You can also implement name
resolution locally using the hosts file, to avoid the use
of external components.
* Replication: The
group_replication_allow_local_disjoint_gtids_join system
variable has been deprecated and is scheduled for removal
in a future version.
* The -DWITH_ASAN_SCOPE CMake option enables the
AddressSanitizer -fsanitize-address-use-after-scope Clang
flag for use-after-scope detection. The default is off.
To use this option, -DWITH_ASAN must also be enabled.
(Bug #27095089)
Bugs Fixed
* Important Change; Partitioning: Checking for tables that
used the generic partitioning handler could cause delays
of several minutes when starting the MySQL Server. To
keep this from happening, the
--disable-partition-engine-check option is now enabled by
default. (Bug #85830, Bug #25846957)
* Performance; JSON: Creating a representation of a JSON
string now optimizes for the most common case---that the
string to be processed contains no special characters
that need to be escaped---scanning for the first special
character in the string, and copying each sequence of
characters which do not require escaping in a single
memcpy() call, rather than checking each character in
turn to determine whether it needed to be escaped,
escaping it if so, and then copying it, one by one, as
was done previously.
This fix also corrects a failure to escape the control
character \u001f, or unit separator character. (Bug
#86898, Bug #26388690, Bug #87722, Bug #26780307)
References: See also: Bug #25977595.
* InnoDB: Multiple updates from different clients on a
partitioned table caused an unexpected lock wait timeout
due to an incorrectly set lock type. (Bug #26731025, Bug
#87619)
* InnoDB: An ALTER TABLE operation caused the server to
halt. (Bug #26492721)
* InnoDB: The innodb_table_stats data dictionary table was
not updated with new partition names when renaming a
partitioned table. (Bug #26390658, Bug #86927)
* InnoDB: A FLUSH TABLES operation failed to drop an
aborted index. While removing the table from the cache,
the clustered index was dropped prior to checking for the
aborted index. (Bug #26256456, Bug #86607)
* InnoDB: An iterative approach to processing foreign
cascade operations resulted in excessive memory use. (Bug
#26191879, Bug #86573)
References: This issue is a regression of: Bug #16244691.
* InnoDB: An INSERT operation on table with spatial index
raised an assertion due to a failure that occurred during
a lock conflict check. (Bug #25729649)
* InnoDB: While innodb_undo_log_truncate was enabled,
warnings that should only appear in a debug version of
MySQL were printed to the error log when the length of
the history list exceeded 2000000. (Bug #24296076, Bug
#82213)
* InnoDB: Attempting to reduce the buffer pool size to less
than the buffer pool chunk size did not report a warning.
(Bug #23590280)
* InnoDB: A "wrong key column" error was added to address
an unsupported index creation scenario. (Bug #22486025)
* InnoDB: Full-text search on indexed columns that use a
binary collation did not return case sensitive matches.
(Bug #21625016, Bug #78048)
* Packaging: When trying to install MySQL Server on Fedora
27 using the MySQL Yum repository, installation failed
due to a conflict with the native
mariadb-connector-c-devel package. With this fix, the
appropriate "obsoletes" have been added for that and
other native packages. (Bug #26963839)
* Replication: All servers that belong to a group must have
unique UUIDs set by server_uuid, but this was not being
enforced by Group Replication and it was possible to add
members with duplicated UUIDs. (Bug #27105803)
* Replication: Group Replication executes internal
operations on the server during start and stop of the
plugin, such as enabling or disabling read only mode,
using an internal session. When this internal session was
opened, if the total number of sessions exceeded the
number of permitted open sessions set by max_connections,
the operation was failing as expected but a thread was
left behind, which later would cause issues. (Bug
#27008102, Bug #27016552)
* Replication: The fix for Bug #26117735 (MySQL Bug 86288)
could cause a debug assertion when running mysqlbinlog
with the --read-from-remote-server option and the
--rewrite-db option, depending on the database names
specified in the rewrite rule. The issue has now been
corrected. (Bug #26878022)
* Replication: With MySQL compiled using yaSSL, and
semisynchronous replication in use, a deadlock could be
caused by incorrect handling of acknowledgement packets.
Multiple acknowledgement packets can be read together by
yaSSL, but the receiver thread for semisynchronous
replication only handled the first acknowledgement packet
seen after polling. Now, the receiver thread handles all
acknowledgement packets that are present in the buffer.
(Bug #26865538)
* Replication: If Group Replication was configured to start
on server boot when the server was being initialized
using --initialize or --initialize-insecure, because the
replication applier infrastructure was not initialized
this resulted in an assertion. Now, Group Replication is
not started when the server is being initialized. (Bug
#26802395)
* Replication: In a group with heavy load, joining members
could need to retrieve a large amount of data to gain
synchrony with the group. If the amount of data retrieved
exceeded the View_change packet size of 4Mb the members
would fail to join the group and enter Error state. Now,
the packet size is taken from slave_max_allowed_packet,
which defaults to 1GB. Depending on the load your group
processes, you might want to increase the packet size
further by configuring slave_max_allowed_packet. (Bug
#26770576)
* Replication: With semisynchronous replication in use, if
RESET MASTER was issued while an active transaction was
waiting for an acknowledgement from the slave, the count
of waiting sessions in the
Rpl_semi_sync_master_wait_sessions server status variable
was incorrect after the wait was completed. (Bug
#26748533)
* Replication: In a group where a joining member
consistently received transactions, the joining member
could sometimes not enter the online state. This was due
to the way the incoming queue of messages was tested.
(Bug #26731317)
References: See also: Bug #27049034.
* Replication: XA ROLLBACK statements that failed because
an incorrect transaction ID was given, could be recorded
in the binary log with the correct transaction ID, and
could therefore be actioned by replication slaves. A
check is now made for the error situation before binary
logging takes place, and failed XA ROLLBACK statements
are not logged. (Bug #26618925, Bug #87393)
* Replication: The receiver thread for semisynchronous
replication was not able to receive acknowledgements from
slaves that used compression of the master/slave protocol
(slave_compressed_protocol = ON). The receiver thread now
handles compressed acknowledgements correctly. (Bug
#26027024, Bug #86230)
* Replication: On replication slaves, in the XA_STATE field
in the Performance Schema table
events_transactions_current, the state of XA transactions
was incorrectly reported as COMMITTED instead of PREPARED
after the XA PREPARE statement was applied on the slave.
(Bug #25940184)
* Replication: In a multi-source replication topology, a
memory leak could occur on the slave when
binlog_rows_query_log_events was enabled on the master,
and a statement already applied from another channel was
skipped on the slave. In this situation, the instance of
the Rows_query log event stored on the slave was not
being deleted. The log event instance is now cleaned up
and the memory is freed. Thanks to Vlad Lesin for his
contribution to the patch. (Bug #25695434, Bug #85371,
Bug #85034)
* Replication: A memory leak was fixed in GTID-based
replication. Memory was not being freed after the
repository tables were updated for skipped or ignored
events. (Bug #25656123, Bug #85251)
* Replication: When a worker thread on a multi-threaded
slave failed to apply a transaction on which a later
transaction depended, the coordinator thread could begin
scheduling the dependent transaction before being
notified of the issue. If a STOP SLAVE request was made
during this situation, it caused an assertion to be
raised in debug builds. (Bug #25585436)
* Replication: When
group_replication_enforce_update_everywhere_checks=ON the
Group Replication plugin checks if there are foreign key
cascades and disallows updates to such tables. However
SET NULL operations were not being checked, which could
cause data inconsistency. Now, when
group_replication_enforce_update_everywhere_checks=ON,
operations on child tables are blocked if the table has a
SET NULL option configured. (Bug #25404162)
* Replication: On Windows, any errors generated by Group
Replication now contain the detailed error message rather
than just the error number. (Bug #24918678)
* Replication: With statement-based replication in use, if
an UPDATE or DELETE statement was used inside an XA
transaction ending with XA COMMIT ONE PHASE, and the
statement did not affect any rows, a replication error
occurred. An XA END statement was not written to the
binary log, so slave servers identified the XA
transaction as still being active at the time of the
commit request. The required XA END statement is now
written even if no rows were affected by the transaction.
(Bug #24812958, Bug #83295)
* Replication: Regardless of the number of virtual IPs
configured on a machine, Group Replication could access
only the first 12 addresses. (Bug #86772, Bug #26324852)
* Microsoft Windows: On Windows, with the myisam_use_mmap
and flush system variables enabled, MyISAM did not always
flush table files properly. (Bug #26880757)
* Microsoft Windows: On Windows, resolution was improved of
a timer used for query performance assessment. (Bug
#22305994, Bug #26734457)
* JSON: When inserting JSON values created from the result
of a GROUP BY query, the inserted values could sometimes
include the concatenation of all the values previously
inserted into that column. (Bug #87854, Bug #26867509)
* In event items in filter rules, the audit_log plugin did
not properly process values specified as a JSON array.
(Bug #27010045)
* VALUES() was not handled correctly in some cases. (Bug
#26881946)
References: See also: Bug #19601973, Bug #17458914.
* In some cases, virtual generated column expressions
containing comparison operators could cause problems with
subsequent statements accessing the same table. (Bug
#26881855)
* For debug builds, validation checks on relevant generated
columns could be missed for UPDATE statements, leading to
a server exit. (Bug #26838771)
* The default value of the
authentication_ldap_sasl_auth_method_name system variable
was incorrectly set to SIMPLE rather than SCRAM-SHA-1,
and the variable could be set to impermissible values.
(Bug #26838525, Bug #26093370)
* Following an INSERT statement with BLOB values in the ON
DUPLICATE KEY UPDATE clause that failed with a constraint
violation, a similar statement with no reason to return
an error could cause a server exit. (Bug #26734162)
* The Performance Schema now stores rewritten rather than
raw SQL statement text when available. (Bug #26732229)
* Incorrect results or a server exit could result when
SHA2() was passed a user-defined variable in some
character sets. (Bug #26704451)
* mysqlpump no longer includes the SQL_NO_CACHE modifier in
statements because that modifier is now deprecated and
results in deprecation warnings. (Bug #26694675)
* Building with the -DWITHOUT_SERVER=ON CMake option failed
due to attempting to link the
authentication_ldap_sasl_client client-side plugin
against the embedded server library. (Bug #26665217)
* Setting authentication_ldap_simple_max_pool_size=0 and
authentication_ldap_simple_init_pool_size=0 at runtime
did not disable the LDAP connection pool for the
authentication_ldap_simple authentication plugin. (Bug
#26646063)
* Accounts that use an LDAP authentication plugin and were
created without any authentication string could be
authenticated by the LDAP server regardless of password
specified at connect time. (Bug #26634245)
* Incorrect results could be returned for queries that used
an outer join and a derived table referenced a const
value from an inner table of the outer join. (Bug
#26627181)
* AFTER UPDATE triggers were not invoked for INSERT ... ON
DUPLICATE KEY UPDATE when the value to be updated and the
new value were the same. (Bug #26626277, Bug #87371)
* Changing the UMASK and UMASK_DIR environment variables
from their default values had no effect on database
directory and table file access. (Bug #26529942)
* Creating a table with excessive index information could
cause a server exit. (Bug #26529369)
* MSI packages for Windows failed to detect when Microsoft
Visual C++ 2010 Redistributable Package was installed.
(Bug #26501092, Bug #87139)
* audit_log plugin THD objects could be created with
incorrect thread ID information, leading to assertion
failure. (Bug #26362452)
* When HASH_SCAN was specified as one of the values for the
slave_rows_search_algorithms system variable, which is
the default from MySQL 8.0.2, and row-based replication
was in effect, updates to a table containing virtual
generated fields could raise an assertion. The issue was
caused by an error when generating string representations
of the virtual generated fields in order to create hashes
for use in searches. To remove the issue, MySQL no longer
creates hashes for virtual generated fields. (Bug
#26280724)
* Attempting a partial backup with mysqlpump on a
GTID-enabled server failed and produced an error message
suggesting incorrectly that this was not possible. (It is
possible using the --set-gtid-purged option.) (Bug
#26199978)
* The Performance Schema could leak memory due to
nondeletion of file instances created for ALTER TABLE
operations that used the table-copy algorithm. (Bug
#26152751, Bug #86482)
* mysqlpump did not properly parse TABLESPACE clauses in
the result from SHOW CREATE TABLE statements it executed
to determine table structure. (Bug #26116415)
* Some statements could cause a buffer overflow in the
digest code. Thanks to Laurynas Biveinis and Roel van de
Paar for the patch. (Bug #26021187)
* Previously, when the Performance Schema failed to
initialize, it wrote a nonspecific init failed warning to
the error log. Now it prints more specific messages about
which memory allocation failed. (Bug #25996291)
* Incorrect results could occur on a table with a unique
index when the optimizer chose a loose index scan even
though the unique index had no index extensions. (Bug
#25989915, Bug #86165, Bug #26532061, Bug #87207)
References: This issue is a regression of: Bug #21749123,
Bug #78244.
* Restarting the LDAP server could cause LDAP
authentication plugins that used a connection pool to
fail to authenticate properly. (Bug #25989788)
* CREATE USER IF NOT EXISTS was not written to the binary
log if the user existed. This could result in
inconsistent replication behavior if the user did not
exist on slave servers. A similar issue occurred for
ALTER USER IF EXISTS. To avoid inconsistencies, these
statements now are written to the binary log. (Bug
#25813089, Bug #85733)
* Incorrect handling of internal memory buffers could cause
a server exit. (Bug #25737271)
* MySQL did not compile with GCC 7. (Bug #25643811, Bug
#26825211)
* Executing a stored procedure containing a statement that
created a table from the contents of certain SELECT
statements could result in a memory leak. (Bug #25586773)
* When an UPDATE required a temporary table having a
primary key larger than 1024 bytes and that table was
created using InnoDB, the server could exit. (Bug
#25153670)
* For geometry calculations, invalid input parameters could
lead to an incorrect result buffer and cause an assertion
to be raised or a server exit. (Bug #25062396)
* Under some conditions, the audit_log plugin could
recursively lock a mutex, resulting in an unresponsive
server. (Bug #24437533)
* In some cases, the optimizer chose a loose index scan
(QUICK_GROUP_MIN_MAX_SELECT) for a GROUP BY query even
when there was a predicate with a disjunction. This is
fixed by not performing a range scan when the condition
in the WHERE clause results in more than one disjoint
range tree. (Bug #24423143)
* Setting the MYSQL_GROUP_SUFFIX environment variable had
no effect. (Bug #23072792)
* Queries with many left joins were slow if join buffering
was used (for example, using the block nested loop
algorithm). (Bug #18898433, Bug #72854)
* A prepared statement containing an ORDER BY list that
referred to a parameter was not always handled correctly.
(Bug #87863, Bug #26867652)
* The server handled triggers and generated columns
incorrectly. (Bug #86637, Bug #26251621)
On Behalf of the MySQL/Oracle Release Engineering Team,
Hery Ramilison
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql
Search
Lasso Programming
This site manages and broadcasts several email lists pertaining to Lasso Programming and technologies related and used by Lasso developers. Sign up today!