MySQL 5.0.67がリリースされました。










   Important Functionality added or changed:

     * Security Enhancement: To enable stricter control over the
       location from which user-defined functions can be loaded, the
       plugin_dir system variable has been backported from MySQL 5.1.
       If the value is non-empty, user-defined function object files
       can be loaded only from the directory named by this variable.
       If the value is empty, the behavior that is used before 5.0.67
       applies: The UDF object files must be located in a directory
       that is searched by your system's dynamic linker.

     * Important Change: Incompatible Change: The FEDERATED storage
       engine is now disabled by default in the .cnf files shipped
       with MySQL distributions (my-huge.cnf, my-medium.cnf, and so
       forth).  This affects server behavior only if you install one
       of these files. (Bug#37069:http://bugs.mysql.com/37069)

     * Cluster API: Important Change: Because
       NDB_LE_MemoryUsage.page_size_kb shows memory page sizes in
       bytes rather than kilobytes, it has been renamed to
       page_size_bytes.  The name page_size_kb is now deprecated and
       thus subject to removal in a future release, although it
       currently remains supported for reasons of backward
       compatibility.  See The Ndb_logevent_type Type
       for more information about NDB_LE_MemoryUsage.

     * Important Change: Some changes were made to CHECK TABLE ...
       FOR UPGRADE and REPAIR TABLE with respect to detection and
       handling of tables with incompatible .frm files (files created
       with a different version of the MySQL server).  These changes
       also affect mysqlcheck because that program uses CHECK TABLE
       and REPAIR table, and thus also mysql_upgrade because that
       program invokes mysqlcheck.
          + If your table was created by a different version of the
            MySQL server than the one you are currently running,
            CHECK TABLE ... FOR UPGRADE indicates that the table has
            an .frm file with an incompatible version.  In this case,
            the result set returned by CHECK TABLE contains a line
            with a Msg_type value of error and a Msg_text value of
            Table upgrade required.  Please do "REPAIR TABLE
            `tbl_name`" to fix it!
          + REPAIR TABLE without USE_FRM upgrades the .frm file to
            the current version.
          + If you use REPAIR TABLE ...USE_FRM and your table was
            created by a different version of the MySQL server than
            the one you are currently running, REPAIR TABLE will not
            attempt to repair the table.  In this case, the result set
            returned by REPAIR TABLE contains a line with a Msg_type
            value of error and a Msg_text value of Failed repairing
            incompatible .FRM file.
            Previously, use of REPAIR TABLE ...USE_FRM with a table
            created by a different version of the MySQL server risked
            the loss of all rows in the table.

   Important bugs fixed:

     * Important Change: Security Fix: It was possible to circumvent
       privileges through the creation of MyISAM tables employing the
       DATA DIRECTORY and INDEX DIRECTORY options to overwrite
       existing table files in the MySQL data directory.  Use of the
       MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY
       pathname is now disallowed.
       (Bug#32167:http://bugs.mysql.com/32167, CVE-2008-2079

     * Security Fix: Three vulnerabilities in yaSSL versions 1.7.5
       and earlier were discovered that could lead to a server crash
       or execution of unauthorized code.  The exploit requires a
       server with yaSSL enabled and TCP/IP connections enabled, but
       does not require valid MySQL account credentials.  The exploit
       does not apply to OpenSSL.

       The proof-of-concept exploit is freely available on the
       Internet.  Everyone with a vulnerable MySQL configuration is
       advised to upgrade immediately.
       (Bug#33814: http://bugs.mysql.com/33814, CVE-2008-0226

     * Security Fix: Using RENAME TABLE against a table with explicit
       DATA DIRECTORY and INDEX DIRECTORY options can be used to
       overwrite system table information by replacing the symbolic
       link points. the file to which the symlink points.
       MySQL will now return an error when the file to which the
       symlink points already exists.
       (Bug#32111:http://bugs.mysql.com/32111, CVE-2007-5969

     * Security Fix: ALTER VIEW retained the original DEFINER value,
       even when altered by another user, which could allow that user
       to gain the access rights of the view.  Now ALTER VIEW is
       allowed only to the original definer or users with the SUPER
       privilege. (Bug#29908:http://bugs.mysql.com/29908)

     * Security Fix: When using a FEDERATED table, the local server
       could be forced to crash if the remote server returned a
       result with fewer columns than expected.

     * Security Enhancement: It was possible to force an error
       message of excessive length which could lead to a buffer
       overflow.  This has been made no longer possible as a security
       precaution. (Bug#32707:http://bugs.mysql.com/32707)

     * Incompatible Change: With ONLY_FULL_GROUP_BY SQL mode enabled,
       queries such as SELECT a FROM t1 HAVING COUNT(*)>2 were not
       being rejected as they should have been.
       This fix results in the following behavior:
          + There is a check against mixing group and non-group
            columns only when ONLY_FULL_GROUP_BY is enabled.
          + This check is done both for the select list and for the
            HAVING clause if there is one.
       This behavior differs from previous versions as follows:
          + Previously, the HAVING clause was not checked when
            ONLY_FULL_GROUP_BY was enabled; now it is checked.
          + Previously, the select list was checked even when
            ONLY_FULL_GROUP_BY was not enabled; now it is checked
            only when ONLY_FULL_GROUP_BY is enabled.

     * Incompatible Change: The MySQL 5.0.50 patch for this bug was
       reverted because it changed the behavior of a General
       Availability MySQL release.
       See also Bug#27525:http://bugs.mysql.com/27525

     * Incompatible Change: Several type-preserving functions and
       operators returned an incorrect result type that does not
       match their argument types: COALESCE(), IF(), IFNULL(),
       LEAST(), GREATEST(), CASE.  These now aggregate using the
       precise SQL types of their arguments rather than the internal
       type.  In addition, the result type of the STR_TO_DATE()
       function is now DATETIME by default.

     * Incompatible Change: It was possible for option files to be
       read twice at program startup, if some of the standard option
       file locations turned out to be the same directory.  Now
       duplicates are removed from the list of files to be read.
       Also, users could not override system-wide settings using
       ~/.my.cnf because SYSCONFDIR/my.cnf was read last.  The latter
       file now is read earlier so that ~/.my.cnf can override
       system-wide settings.
       The fix for this problem had a side effect such that on Unix,
       MySQL programs looked for options in ~/my.cnf rather than the
       standard location of ~/.my.cnf.  That problem was addressed as

     * Important Change: MySQL Cluster: AUTO_INCREMENT columns had
       the following problems when used in NDB tables:
          + The AUTO_INCREMENT counter was not updated correctly when
            such a column was updated.
          + AUTO_INCREMENT values were not prefetched beyond
            statement boundaries.
          + AUTO_INCREMENT values were not handled correctly with
            INSERT IGNORE statements.
          + After being set, ndb_autoincrement_prefetch_sz showed a
            value of 1, regardless of the value it had actually been
            set to.
       As part of this fix, the behavior of
       ndb_autoincrement_prefetch_sz has changed.  Setting this to
       less than 32 no longer has any effect on prefetching within
       statements (where IDs are now always obtained in batches of 32
       or more), but only between statements.  The default value for
       this variable has also changed, and is now 1.

     * Important Change: Replication: When the master crashed during
       an update on a transactional table while in AUTOCOMMIT mode,
       the slave failed.  This fix causes every transaction (including
       AUTOCOMMIT transactions) to be recorded in the binlog as
       starting with a BEGIN and ending with a COMMIT or ROLLBACK.

     * Important Change: It was possible to use FRAC_SECOND as a
       synonym for MICROSECOND with DATE_ADD(), DATE_SUB(), and
       INTERVAL; now, using FRAC_SECOND with anything other than
       TIMESTAMPADD() or TIMESTAMPDIFF() produces a syntax error.
       It is now possible (and preferable) to use MICROSECOND with
       deprecated. (Bug#33834:http://bugs.mysql.com/33834)

     * Important Change: The server no longer issues warnings for
       truncation of excess spaces for values inserted into CHAR
       columns.  This reverts a change in the previous release that
       caused warnings to be issued.

     * Replication: Important Note: Network timeouts between the
       master and the slave could result in corruption of the relay
       log.  This fix rectifies a long-standing replication issue when
       using unreliable networks, including replication over wide
       area networks such as the Internet.  If you experience
       reliability issues and see many You have an error in your SQL
       syntax errors on replication slaves, we strongly recommend
       that you upgrade to a MySQL version which includes this fix.