Connector/C 6.1.5 upgrades the linked OpenSSL library from version 1.0.1g to version 1.0.1h. Versions of OpenSSL prior to 1.0.1g are reported to be vulnerable to CVE-2014-0224.
Because there are new API functions (
mysql_session_track_get_next()), the client library ABI version is now 18.3. Shared library names now include 18.3 where appropriate.
The server can now report session-state changes to client programs. Reportable session state consists of these values:
The default schema (database)
Session-specific values for system variables
The MySQL client/server protocol now includes tracker information so that session state changes can be detected. One use for the tracker mechanism is that it provides a means for MySQL Connectors, Fabric, and client applications to determine whether any session context is available to ensure session migration from one server to another. (To change connections in a load-balanced environment, it is necessary to detect whether there is session state to take into consideration when deciding whether a switch can be made.)
The user interface to control the tracker and retrieve state-change information from it has the following components, which enable implementation of state-change tracking on the client side:
Clients can request notification when there is a change to any of the session state-related values just listed, in the form of a flag that is set in the OK packet received from the server after the change occurs. To control notification, enable or disable the
session_track_state_changesystem variable. This variable is disabled by default.
Clients can request notification of changed values for certain specific types of session state information:
The default schema name. To control notification, enable or disable the
session_track_schemasystem variable. This variable is enabled by default.
The session values of system variables. Notification occurs for the system variables named by the
session_track_system_variablessystem variable. By default, notification is enabled for
character_set_connection. (The latter three variables are those affected by
To enable applications to extract the state-change information returned by the server, the MySQL C API includes a pair of functions:
mysql_session_track_get_first()fetches the first state-change information received from the server.
mysql_session_track_get_next()fetches any remaining state-change information received from the server. Following a successful call to
mysql_session_track_get_first(), call this function repeatedly as long as it returns success.
The mysqltest program has
disable_session_track_infocommands to enable and disable tracking of session state-change information.
On Windows, calling
mysql_init()caused the client to exit. Now it returns a nonzero result because it is an error to call
mysql_thread_init()before the client library is initialized with
mysql_library_init(). (Bug #17514920)
There was a difference in certificate handling by yaSSL and OpenSSL (used for Community and Enterprise, respectively). OpenSSL expected a blank certificate to be sent when not all of the
--ssl-keyoptions were specified, and yaSSL did not do so. To resolve this, yaSSL has been modified to send a blank certificate when an option is missing. (Bug #68788, Bug #16715064)