Connector/C 6.1.5 upgrades the linked OpenSSL library from version 1.0.1g to version 1.0.1h. Versions of OpenSSL prior to 1.0.1g are reported to be vulnerable to CVE-2014-0224.
Functionality Added or Changed
The server can now report session-state changes to client programs. Reportable session state consists of these values:
The default schema (database)
Session-specific values for system variables
The MySQL client/server protocol now includes tracker information so that session state changes can be detected. One use for the tracker mechanism is that it provides a means for MySQL Connectors, Fabric, and client applications to determine whether any session context is available to ensure session migration from one server to another. (To change connections in a load-balanced environment, it is necessary to detect whether there is session state to take into consideration when deciding whether a switch can be made.)
The user interface to control the tracker and retrieve state-change information from it has the following components, which enable implementation of state-change tracking on the client side:
Clients can request notification when there is a change to
any of the session state-related values just listed, in the
form of a flag that is set in the OK packet received from
the server after the change occurs. To control notification,
enable or disable the
system variable. This variable is disabled by default.
Clients can request notification of changed values for certain specific types of session state information:
The default schema name. To control notification, enable
or disable the
system variable. This variable is enabled by default.
The session values of system variables. Notification
occurs for the system variables named by the
system variable. By default, notification is enabled for
(The latter three variables are those affected by
To enable applications to extract the state-change information returned by the server, the MySQL C API includes a pair of functions:
fetches the first state-change information received from
fetches any remaining state-change information received
from the server. Following a successful call to
call this function repeatedly as long as it returns
The mysqltest program has
disable_session_track_info commands to
enable and disable tracking of session state-change
Because there are new API functions
the client library ABI version is now 18.3. Shared library names
now include 18.3 where appropriate.
The C client library could leak memory when client plugins were used. (Bug #17933308)
On Windows, calling
mysql_init() caused the client to
exit. Now it returns a nonzero result because it is an error to
mysql_thread_init() before the client
library is initialized with
There was a difference in certificate handling by yaSSL and
OpenSSL (used for Community and Enterprise, respectively).
OpenSSL expected a blank certificate to be sent when not all of
--ssl-key options were specified, and yaSSL did
not do so. To resolve this, yaSSL has been modified to send a
blank certificate when an option is missing.
(Bug #68788, Bug #16715064)