MySQL Connector/C Release Notes  /  Changes in MySQL Connector/C 6.1  /  Changes in MySQL Connector/C 6.1.4 (2014-04-15, General Availability)

Changes in MySQL Connector/C 6.1.4 (2014-04-15, General Availability)

Security Notes

  • Connector/C 6.1 Commercial has been updated to use OpenSSL version 1.0.1g, which has been publicly reported as not vulnerable to CVE-2014-0160. Please see Oracle Note #1645479.1 for further details.

    Since the only change in Connector/C 6.1.4 is the inclusion of OpenSSL libraries publicly reported as unaffected by CVE-2014-0160, and since Oracle-produced MySQL Community builds use YaSSL libraries which have been reported as not affected by CVE-2014-0160, Oracle will not produce builds for Connector/C Community for version 6.1.4. This means the Community edition of Connector/C will skip version 6.1.4. (Bug #18533200)

Bugs Fixed

  • There was a difference in certificate handling by yaSSL and OpenSSL (used for Community and Enterprise, respectively). OpenSSL expected a blank certificate to be sent when not all of the --ssl-ca, --ssl-cert, and --ssl-key options were specified, and yaSSL did not do so. To resolve this, yaSSL has been modified to send a blank certificate when an option is missing. (Bug #68788, Bug #16715064)