The linked OpenSSL library for Connector/Python Commercial has been updated to version 1.0.1q. Issues fixed in the new OpenSSL version are described at http://www.openssl.org/news/vulnerabilities.html.
This change does not affect Oracle-produced MySQL Community builds of Connector/Python, which use the yaSSL library instead. The change also does not affect connections made using any pure-Python implementation of Connector/Python, for which the version of OpenSSL used is whatever is installed on the system.
Connector/Python failed to establish connections using the cleartext client-side authentication plugin for accounts using the PAM server-side authentication plugin. Thanks to Daniël van Eeden for the patch. (Bug #22873551, Bug #80609)
A potential SQL injection vector was eliminated. (Bug #22529828, Bug #24816150, Bug #19487642, Bug #73611)
Connections made using the C Extension failed when the
ssl_caparameter was given without
ssl_key. (Bug #21879914, Bug #79835, Bug #22494320)
For connections made with
consume_resultswas reset to
callproc()execution failure. (Bug #21879859)
References: This issue is a regression of: Bug #21492815.
In connections for which
LOAD DATA LOCALstatements produced “Packets out of error” errors. (Bug #21449996)