Incompatible Change: The shared library version of the client library was increased to 18 to reflect ABI changes, and avoid compatibility problems with the client library in MySQL 5.1. Note that this is an incompatible change between 5.5.10 and earlier 5.5 versions, so client programs that use the 5.5 client library should be recompiled against the 5.5.10 client library. (Bug #60061, Bug #11827366)

MySQL distributions now include auth_socket, a server-side authentication plugin that authenticates clients that connect from the local host through the Unix socket file. The plugin uses the SO_PEERCRED socket option to obtain information about the user running the client program (and thus can be built only on systems that support this option). For a connection to succeed, the plugin requires a match between the login name of the connecting client user and the MySQL user name presented by the client program. For more information, see The Socket Peer-Credential Authentication Plugin. (Bug #59017, Bug #11765993, Bug #9411, Bug #11745104)

MySQL distributions now include mysql_clear_password, a client-side authentication plugin that sends the password to the server without hashing or encryption. Although this is insecure, and thus appropriate precautions should be taken (such as using an SSL connection), the plugin is useful in conjunction with server-side plugins that must have access to the original password in clear text. For more information, see The Cleartext Client-Side Authentication Plugin.

The mysql_upgrade, mysqlbinlog, mysqlcheck, mysqlimport, mysqlshow, and mysqlslap clients now have --default-auth and --plugin-dir options for specifying which authentication plugin and plugin directory to use. (Bug #58139)

Boolean system variables can be enabled at run time by setting them to the value ON or OFF, but previously this did not work at server startup. Now at startup such variables can be enabled by setting them to ON or TRUE, or disabled by setting them to OFF or FALSE. Any other nonnumeric value is invalid. (Bug #46393)

References: See also Bug #11754743, Bug #51631.

Previously, for queries that were aborted due to a sort problem, the server wrote the message Sort aborted to the error log. Now the server writes more information to provide a more specific message, such as:

Sort aborted: Out of memory (Needed 24 bytes)
Out of sort memory, consider increasing server sort buffer size
Sort aborted: Out of sort memory, consider increasing server sort
  buffer size
Sort aborted: Incorrect number of arguments for FUNCTION test.f1;
  expected 0, got 1

In addition, if the server was started with --log-warnings=2, the server writes information about the host, user, and query. (Bug #36022, Bug #11748358)

mysqldump --xml now displays comments from column definitions. (Bug #13618, Bug #11745324)

Security Fix: A security bug was fixed. (Bug #36544)

Important Change; InnoDB: The libaio library, which has been used on Linux systems since MySQL 5.5.4, is now linked into mysqld dynamically rather than statically. If the library is not already on your Linux system, install it using the appropriate package manager for your distribution. The libaio-dev library is not sufficient; you must have the libaio library. (Bug #11893055, Bug #60544)

InnoDB: Raised the number of I/O requests that each AIO helper thread could process, from 32 to 256. The new limit applies to Linux and Unix platforms; the limit on Windows remains 32. (Bug #59472)

InnoDB: InnoDB returned values for “rows examined” in the query plan that were higher than expected. NULL values were treated in an inconsistent way. The inaccurate statistics could trigger “false positives” in combination with the max_join_size setting, because the queries did not really examine as many rows as reported.

A new configuration option innodb_stats_method lets you specify how NULL values are treated when calculating index statistics. Allowed values are nulls_equal (the default), nulls_unequal and null_ignored. The meanings of these values are similar to those of the myisam_stats_method option. (Bug #30423)

Replication: When using the statement-based logging format, INSERT ON DUPLICATE KEY UPDATE and INSERT IGNORE statements affecting transactional tables that did not fail were not written to the binary log if they did not insert any rows. (With statement-based logging, all successful statements should be logged, whether they do or do not cause any rows to be changed.) (Bug #59338, Bug #11766266)

Replication: Formerly, STOP SLAVE stopped the slave I/O thread first and then stopped the slave SQL thread; thus, it was possible for the I/O thread to stop after replicating only part of a transaction which the SQL thread was executing, in which case—if the transaction could not be rolled back safely—the SQL thread could hang.

Now, STOP SLAVE stops the slave SQL thread first and then stops the I/O thread; this guarantees that the I/O thread can fetch any remaining events in the transaction that the SQL thread is executing, so that the SQL thread can finish the transaction if it cannot be rolled back safely. (Bug #58546, Bug #11765563)

An OUTER JOIN query using WHERE col_name IS NULL could return an incorrect result. (Bug #58490, Bug #11765513)

When using ExtractValue() or UpdateXML(), if the XML to be read contained an incomplete XML comment, MySQL read beyond the end of the XML string when processing, leading to a crash of the server. (Bug #44332, Bug #11752979)

--autocommit=ON did not work (it set the global autocommit value to 0, not 1). (Bug #59432, Bug #11766339)

The fix for Bug #25192 caused load_defaults() to add an argument separator to distinguish options loaded from option files from those provided on the command line, whether or not the application needed it. (Bug #57953, Bug #11765041)

References: See also Bug #11746296.

The DEFAULT_CHARSET and DEFAULT_COLLATION CMake options did not work. (Bug #58991, Bug #11765967)

When mysqladmin was run with the --sleep and --count options, it went into an infinite loop executing the specified command. (Bug #58221, Bug #11765270)

DELETE or UPDATE statements could fail if they used DATE or DATETIME values with a year, month, or day part of zero. (Bug #59173)

In debug builds, SUBSTRING_INDEX(FORMAT(...), FORMAT(...)) could cause a server crash. (Bug #58371, Bug #11765406)

Outer joins on a unique key could return incorrect results. (Bug #57034, Bug #11764219)

The ESCAPE clause for the LIKE operator permits only expressions that evaluate to a constant at execution time, but aggregate functions were not being rejected. (Bug #59149, Bug #11766110)

Outer joins with an empty table could produce incorrect results. (Bug #58422, Bug #11765451)

The server and client did not always properly negotiate authentication plugin names. (Bug #59453, Bug #11766356)

SHOW PRIVILEGES did not display a row for the PROXY privilege. (Bug #59275, Bug #11766216)

The mysql client went into an infinite loop if the standard input was a directory. (Bug #57450, Bug #11764598)

The expression const1 BETWEEN const2 AND field was optimized incorrectly and produced incorrect results. (Bug #57030, Bug #11764215)

A query of the following form returned an incorrect result, where the values for col_name in the result set were entirely replaced with NULL values:

SELECT DISTINCT col_name ... ORDER BY col_name DESC;

(Bug #59308, Bug #11766241)

Sorting using ORDER BY AVG(DISTINCT decimal_col) caused a server crash or incorrect results. (Bug #52123, Bug #11759784)

SHOW PROFILE could truncate source file names or fail to show function names. (Bug #59273, Bug #11766214)

Memory leaks detected by Valgrind, some of which could cause incorrect query results, were corrected. (Bug #59110, Bug #11766075)

Some string-manipulating SQL functions use a shared string object intended to contain an immutable empty string. This object was used by the SQL function SUBSTRING_INDEX() to return an empty string when one argument was of the wrong data type. If the string object was then modified by the SQL function INSERT(), undefined behavior ensued. (Bug #58165, Bug #11765225)

Some RPM installation scripts used a hardcoded value for the data directory, which could result in a failed installation for users who have a nonstandard data directory location. The same was true for other configuration values such as the PID file name. (Bug #56581, Bug #11763817)

DES_DECRYPT() could crash if the argument was not produced by DES_ENCRYPT(). (Bug #59632, Bug #11766505)

On FreeBSD and OpenBSD, the server incorrectly checked the range of the system date, causing legal values to be rejected. (Bug #55755, Bug #11763089)

Parsing nested regular expressions could lead to recursion resulting in a stack overflow crash. (Bug #58026, Bug #11765099)

Starting the server with the --defaults-file=file_name option, where the file name had no extension, caused a server crash. (Bug #58455, Bug #11765482)

There was an erroneous restriction on file attributes for LOAD DATA INFILE. (Bug #59085, Bug #11766052)

Setting the optimizer_switch system variable to an invalid value caused a server crash. (Bug #59894, Bug #11766719)

DATE_ADD() and DATE_SUB() return a string if the first argument is a string, but incorrectly returned a binary string. Now they return a character string with a collation of connection_collation. (Bug #31384, Bug #11747221)