Documentation Home
MySQL 5.0 Release Notes
Related Documentation Download these Release Notes
PDF (US Ltr) - 2.1Mb
PDF (A4) - 2.1Mb
EPUB - 0.6Mb

MySQL 5.0 Release Notes  /  Changes in MySQL Enterprise 5.0.66sp1 [QSP] (2008-10-23)

Changes in MySQL Enterprise 5.0.66sp1 [QSP] (2008-10-23)

This is a Service Pack release of the MySQL Enterprise Server 5.0.

This section documents all changes and bugfixes that have been applied since the last MySQL Enterprise Server release (5.0.66a).

If you would like to receive more fine-grained and personalized update alerts about fixes that are relevant to the version and features you use, please consider subscribing to MySQL Enterprise (a commercial MySQL offering). For more details please see

Functionality Added or Changed

  • Security Enhancement: To enable stricter control over the location from which user-defined functions can be loaded, the plugin_dir system variable has been backported from MySQL 5.1. If the value is nonempty, user-defined function object files can be loaded only from the directory named by this variable. If the value is empty, the behavior that is used prior to the inclusion of plugin_dir applies: The UDF object files must be located in a directory that is searched by your system's dynamic linker.

    If the plugin directory is writable by the server, it may be possible for a user to write executable code to a file in the directory using SELECT ... INTO DUMPFILE. This can be prevented by making plugin_dir read only to the server or by setting --secure-file-priv to a directory where SELECT writes can be made safely. (Bug #37428)

Bugs Fixed

  • Security Fix; Important Change: It was possible to circumvent privileges through the creation of MyISAM tables employing the DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory. Use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY path name is no longer permitted.

    Additional corrections were made to handle the data directory path name if it contains symlinked directories in its path, and to make the check both at table-creation time and at table-opening time later. (Bug #32167, CVE-2008-2079)

    References: See also Bug #39277.

  • Security Enhancement: The server consumed excess memory while parsing statements with hundreds or thousands of nested boolean conditions (such as OR (OR ... (OR ... ))). This could lead to a server crash or incorrect statement execution, or cause other client statements to fail due to lack of memory. The latter result constitutes a denial of service. (Bug #38296)

Download these Release Notes
PDF (US Ltr) - 2.1Mb
PDF (A4) - 2.1Mb
EPUB - 0.6Mb