The ndbd and ndb_mgmd manpages have been reclassified from volume 1 to volume 8. (Bug#34642)

Important Change: Security Fix: It was possible to circumvent privileges through the creation of MyISAM tables employing the DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory. Use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY is now disallowed. (Bug#32167)

Security Fix: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.

MySQL will now return an error when the file to which the symlink points already exists. (Bug#32111, CVE-2007-5969)

Security Fix: A malformed password packet in the connection protocol could cause the server to crash. Thanks for Dormando for reporting this bug, and for providing details and a proof of concept. (Bug#28984, CVE-2007-3780)

Security Enhancement: It was possible to force an error message of excessive length which could lead to a buffer overflow. This has been made no longer possible as a security precaution. (Bug#32707)

Replication: Connections from one mysqld server to another failed on Mac OS X, affecting replication and FEDERATED tables. (Bug#29083)

See also Bug#26664

An internal buffer in mysql was too short. Overextending it could cause stack problems or segmentation violations on some architectures. (This is not a problem that could be exploited to run arbitrary code.) (Bug#33841)

make_binary_distribution passed the --print-libgcc-file option to the C compiler, but this does not work with the ICC compiler. (Bug#33536)

The server crashed on optimizations involving a join of INT and MEDIUMINT columns and a system variable in the WHERE clause. (Bug#32103)

With lower_case_table_names set, CREATE TABLE LIKE was treated differently by libmysqld than by the non-embedded server. (Bug#32063)

The server could crash during filesort for ORDER BY based on expressions with INET_NTOA() or OCT() if those functions returned NULL. (Bug#31758)

ucs2 does not work as a client character set, but attempts to use it as such were not rejected. Now character_set_client cannot be set to ucs2. This also affects statements such as SET NAMES and SET CHARACTER SET. (Bug#31615)

A buffer used when setting variables was not dimensioned to accommodate the trailing '\0' byte, so a single-byte buffer overrun was possible. (Bug#31588)

For an almost-full MyISAM table, an insert that failed could leave the table in a corrupt state. (Bug#31305)

myisamchk --unpack could corrupt a table that when unpacked has static (fixed-length) row format. (Bug#31277)

WIth small values of myisam_sort_buffer_size, REPAIR TABLE for MyISAM tables could cause a server crash. (Bug#31174)

Full-text searches on ucs2 columns caused a server crash. (FULLTEXT indexes on ucs2 columns cannot be used, but it should be possible to perform IN BOOLEAN MODE searches on ucs2 columns without a crash.) (Bug#31159)

Data in BLOB or GEOMETRY columns could be cropped when performing a UNION query. (Bug#31158)

Internal conversion routines could fail for several multi-byte character sets (big5, cp932, euckr, gb2312, sjis) for empty strings or during evaluation of SOUNDS LIKE. (Bug#31069, Bug#31070)

The GeomFromText() function could cause a server crash if the first argument was NULL or the empty string. (Bug#30955)

For MEMORY tables, DELETE statements that remove rows based on an index read could fail to remove all matching rows. (Bug#30590)

Versions of mysqldump from MySQL 4.1 or higher tried to use START TRANSACTION WITH CONSISTENT SNAPSHOT if the --single-transaction and --master-data options were given, even with servers older than 4.1 that do not support consistent snapshots. (Bug#30444)

Issuing a DELETE statement having both an ORDER BY clause and a LIMIT clause could cause mysqld to crash. (Bug#30385)

Setting certain values on a table using a spatial index could cause the server to crash. (Bug#30286)

Tables with a GEOMETRY column could be marked as corrupt if you added a non-SPATIAL index on a GEOMETRY column. (Bug#30284)

On some 64-bit systems, inserting the largest negative value into a BIGINT column resulted in incorrect data. (Bug#30069)

Adding DISTINCT could cause incorrect rows to appear in a query result. (Bug#29911)

If one thread was performing concurrent inserts, other threads reading from the same table using equality key searches could see the index values for new rows before the data values had been written, leading to reports of table corruption. (Bug#29838)

In some cases, INSERT INTO ... SELECT ... GROUP BY could insert rows even if the SELECT by itself produced an empty result. (Bug#29717)

A field packet with NULL fields caused a libmysqlclient crash. (Bug#29494)

SELECT ... INTO OUTFILE followed by LOAD DATA could result in garbled characters when the FIELDS ENCLOSED BY clause named a delimiter of '0', 'b', 'n', 'r', 't', 'N', or 'Z' due to an interaction of character encoding and doubling for data values containing the enclosed-by character. (Bug#29294)

If an ENUM column contained '' as one of its members (represented with numeric value greater than 0), and the column contained error values (represented as 0 and displayed as ''), using ALTER TABLE to modify the column definition caused the 0 values to be given the numeric value of the non-zero '' member. (Bug#29251)

A network structure was initialized incorrectly, leading to embedded server crashes. (Bug#29117)

Denormalized double-precision numbers cannot be handled properly by old MIPS pocessors. For IRIX, this is now handled by enabling a mode to use a software workaround. (Bug#29085)

The semantics of BIGINT depended on platform-specific characteristics. (Bug#29079)

For InnoDB tables that use the utf8 character set, incorrect results could occur for DML statements such as DELETE or UPDATE that use an index on character-based columns. (Bug#28878)

See also Bug#29449, Bug#30485, Bug#31395

This regression was introduced by Bug#13195

The MySQL preferences pane did not work to start or stop MySQL on Mac OS X 10.5 (Leopard). (Bug#28854)

When one thread attempts to lock two (or more) tables and another thread executes a statement that aborts these locks (such as REPAIR TABLE, OPTIMIZE TABLE, or CHECK TABLE), the thread might get a table object with an incorrect lock type in the table cache. The result is table corruption or a server crash. (Bug#28574)

PURGE MASTER LOGS BEFORE (subquery) caused a server crash. Subqueries are forbidden in the BEFORE clause now. (Bug#28553)

On Mac OS X, shared-library installation pathnames were incorrect. (Bug#28544)

Dropping a user-defined function could cause a server crash if the function was still in use by another thread. (Bug#27564)

Error returns from the time() system call were ignored. (Bug#27198)

On Mac OS X, the StartupItem for MySQL did not work. (Bug#25008)

Format strings in English error messages were insufficiently wide for pathnames printed in those messages by the embedded server. (Bug#16635)

On 64-bit Windows systems, the Config Wizard failed to complete the setup because 64-bit Windows does not resolve dynamic linking of the 64-bit libmysql.dll to a 32-bit application like the Config Wizard. (Bug#14649)

mysql_setpermission tried to grant global-only privileges at the database level. (Bug#14618)

Performing a full text search on a table could cause a crash on a 64-bit platforms with certain characteristics. Searches that were known to cause a crash with certain datasets included numerical values and strings where the match string included data enclosed in single or double quotes. (Bug#11392)

Using up-arrow for command-line recall in mysql could cause a segmentation fault. (Bug#10218)