MySQL 5.7 Release Notes  /  Changes in MySQL 5.7.16 (2016-10-12, General Availability)

Changes in MySQL 5.7.16 (2016-10-12, General Availability)

Security Notes

  • Incompatible Change: For STANDALONE and WIN builds, the default secure_file_priv value has changed from the empty string to NULL. This is a secure-by-default setting because it disables import and export operations. To permit those operations, set secure_file_priv to the path name of the directory to use for those operations. (Bug #24679907, Bug #24695274, Bug #24707666)

  • The linked OpenSSL library for the MySQL Commercial Server has been updated to version 1.0.1u. For a description of issues fixed in this version, see http://www.openssl.org/news/vulnerabilities.html.

    This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead. (Bug #24753389)

X Plugin Notes

  • Boost classes with corresponding functionality in C++ 11 were moved or wrapped. (Bug #24680856)

  • X Plugin generated an incorrect query when a duplicate field name existed in an Update statement. (Bug #24510083)

Functionality Added or Changed

  • yaSSL was upgraded to version 2.4.2. This upgrade corrects issues with: Potential AES side channel leaks; DSA padding for unusual sizes; the SSL_CTX_load_verify_locations() OpenSSL compatibility function failing to handle long path directory names. (Bug #24512715, Bug #24740291)