EMS logo

Products Navigation

choose your database tool

Our Partnership Status

Microsoft Certified Partner
Oracle Certified Partner
Embarcadero Technology Partner

SQL Industry News

MySQL News

03/11/2005
MySQL 4.1.10a released.

MySQL 4.1.10a, a new version of the popular Open Source/Free Software Database Management System, has been released. It is now available in source and binary form for a number of platforms from download pages and mirror sites.

Note that not all mirror sites may be up to date at this point in time - if you can't find this version on some mirror, please try again later or choose another download site.

This MySQL 4.1.10a release just includes the additional patches for recently reported potential security vulnerabilites in the creation of temporary table file names and the handling of User Defined Functions (UDFs).

Please note that these changes affect the way in which User Defined Functions (UDF) are loaded. Please refer to the section "User-defined Function Security Precautions" in the manual.

Functionality added or changed relative to 4.1.10:

  • Security improvement: The server creates `.frm', `.MYD', `.MYI', `.MRG', `.ISD', and `.ISM' table files only if a file with the same name does not already exist.
  • Security improvement: User-defined functions should have at least one symbol defined in addition to the `xxx' symbol that corresponds to the main `xxx()' function. These auxiliary symbols correspond to the `xxx_init()', `xxx_deinit()', `xxx_reset()', `xxx_clear()', and `xxx_add()' functions. `mysqld' by default no longer loads UDFs unless they have at least one auxiliary symbol defined in addition to the main symbol.
    The '--allow-suspicious-udfs' option controls whether UDFs that have only an `xxx' symbol can be loaded. By default, the option is off. `mysqld' also checks UDF filenames when it reads them from the `mysql.func' table and rejects those that contain directory pathname separator characters. (It already checked names as given in `CREATE FUNCTION' statements.)
    See the section in the manual on writing UDFs.

Source: dev.mysql.com

twitterfacebook