Functionality added or changed:
Important Change: Partitioning: Security Fix:
It was possible, by creating a partitioned table using the
DATA DIRECTORY and
DIRECTORY options to gain privileges on other tables
having the same name as the partitioned table. As a result of
this fix, any table-level
DATA DIRECTORY or
INDEX DIRECTORY options are now ignored for
In MySQL 5.1.6, when log tables were implemented, the default
log destination for the general query and slow query log was
TABLE. This default has been changed to
FILE, which is compatible with MySQL 5.0, but
incompatible with earlier releases of MySQL 5.1 from 5.1.6 to
5.1.20. If you are upgrading from MySQL 5.0 to 5.1.21 or higher,
no logging option changes should be necessary. However, if you
are upgrading from 5.1.6 through 5.1.20 to 5.1.21 or higher and
TABLE logging, use the
explicitly to preserve your server's table-logging behavior.
The MySQL 5.1.23 fix is in addition to a fix in 5.1.21 because it turned out that the default was set in two places, only one of which was fixed the first time. (Bug#29993)
The parser accepted statements that contained
*/ that were not properly closed with
*/, such as
SELECT 1 /* +
2. Statements that contain unclosed
/*-comments now are rejected with a syntax
This fix has the potential to cause incompatibilities. Because
of Bug#26302, which caused the trailing
be truncated from comments in views, stored routines, triggers,
and events, it is possible that objects of those types may have
been stored with definitions that now will be rejected as
syntactically invalid. Such objects should be dropped and
re-created so that their definitions do not contain truncated
Security Fix: Replication:
It was possible for any connected user to issue a
BINLOG statement, which could be
used to escalate privileges.
Security Fix: Three vulnerabilities in yaSSL versions 1.7.5 and earlier were discovered that could lead to a server crash or execution of unauthorized code. The exploit requires a server with yaSSL enabled and TCP/IP connections enabled, but does not require valid MySQL account credentials. The exploit does not apply to OpenSSL.
The proof-of-concept exploit is freely available on the Internet. Everyone with a vulnerable MySQL configuration is advised to upgrade immediately.
RENAME TABLE against a
table with explicit
DATA DIRECTORY and
INDEX DIRECTORY options can be used to
overwrite system table information by replacing the symbolic
link points. the file to which the symlink points.
ALTER VIEW retained the original
DEFINER value, even when altered by another
user, which could allow that user to gain the access rights of
the view. Now
ALTER VIEW is
allowed only to the original definer or users with the
When using a
FEDERATED table, the local
server could be forced to crash if the remote server returned a
result with fewer columns than expected.
It is no longer possible to create
NULL columns. However, for backwards
compatibility, you can continue to use such tables that were
created in previous MySQL releases.
mode enabled, queries such as
SELECT a FROM t1 HAVING
COUNT(*)>2 were not being rejected as they should
This fix results in the following behavior:
There is a check against mixing group and nongroup columns
This check is done both for the select list and for the
HAVING clause if there is one.
This behavior differs from previous versions as follows:
HAVING clause was not
enabled; now it is checked.
Previously, the select list was checked even when
ONLY_FULL_GROUP_BY was not
enabled; now it is checked only when
Inserting a row with a
NULL value for a
DATETIME column results in a
CSV file that the storage engine cannot read.
SET PASSWORD statements now cause
an implicit commit, and thus are prohibited within stored
functions and triggers.
mysql_install_db script could fail to
locate some components (including resolveip)
during execution if the
--basedir option was
specified on the command-line or within the
my.cnf file. This was due to a conflict
when comparing the compiled-in values and the supplied values.
--source-install command-line option to the
script has been removed and replaced with the
mysql_install_db now locates components
either using the compiled-in options, the
--basedir option or
containing ambiguous aliases could have unintended side effects
such as deleting rows from the wrong table. Example:
DELETE FROM t1 AS a2 USING t1 AS a1 INNER JOIN t2 AS a2;
Now alias declarations can be declared only in the
table_references part. Elsewhere in
the statement, alias references are allowed but not alias
declarations. Statements containing aliases that are no longer
allowed must be rewritten.
See also Bug#27525.
Within a stored routine, it is no longer allowable to declare a
cursor for a
DESCRIBE statement. This happened
to work in some instances, but is no longer supported. In many
cases, a workaround for this change is to use the cursor with a
SELECT query to read from an
INFORMATION_SCHEMA table that produces the
same information as the
Incompatible Change: It was possible to create a view having a column whose name consisted of an empty string or space characters only.
One result of this bug fix is that aliases for columns in the
SELECT statement are checked to ensure
that they are legal column names. In particular, the length must
be within the maximum column length of 64 characters, not the
maximum alias length of 256 characters. This can cause problems
for replication or loading dump files. For additional
information and workarounds, see
Restrictions on Views.
See also Bug#31202.
Several type-preserving functions and operators returned an
incorrect result type that does not match their argument types:
CASE. These now aggregate using the
precise SQL types of their arguments rather than the internal
type. In addition, the result type of the
STR_TO_DATE() function is now
DATETIME by default.
Incompatible Change: It was possible for option files to be read twice at program startup, if some of the standard option file locations turned out to be the same directory. Now duplicates are removed from the list of files to be read.
Also, users could not override system-wide settings using
was read last. The latter file now is read earlier so that
~/.my.cnf can override system-wide
The fix for this problem had a side effect such that on Unix,
MySQL programs looked for options in
~/my.cnf rather than the standard location
~/.my.cnf. That problem was addressed as
A number of problems existed in the implementation of
MERGE tables that could cause problems. The
problems are summarized below:
Bug#26379 - Combination of
REPAIR TABLE corrupts a
MERGE table. This was caused in a number
A thread trying to lock a
performs busy waiting while
TABLE or a similar table administration task
is ongoing on one or more of its
A thread trying to lock a
performs busy waiting until all threads that did
REPAIR TABLE or similar
table administration tasks on one or more of its
MyISAM tables in
LOCK TABLES segments do
TABLES. The difference against problem #1 is
that the busy waiting takes place after the
administration task. It is terminated by
TABLES within a
TABLES segment can invalidate the lock. This
does not require a
MERGE table. The
TABLES can be replaced by any statement that
requires other threads to reopen the table. In 5.0 and
5.1 a single
TABLES can provoke the problem.
Bug#26867 - Simultaneously executing
LOCK TABLES and
REPAIR TABLE on a
MERGE table would result in memory/cpu
Trying DML on a
MERGE table, which has a
child locked and repaired by another thread, made an
infinite loop in the server.
Bug#26377 - Deadlock with
MERGE table and its children in
parent-child order and flushing the child deadlocked the
Bug#25038 - Waiting
MERGE child, while the
MERGE table was in use, let the truncate
fail instead of waiting for the table to become free.
MERGE base tables get
ANALYZE TABLE, or
Repairing a child of an open
corrupted the child. It was necessary to
FLUSH the child first.
TABLES causes server to crash.
Flushing and optimizing locked
children crashed the server.
Bug#19627 - temporary merge table locking
Use of a temporary
MERGE table with
nontemporary children could corrupt the children.
Temporary tables are never locked. Creation of tables with
nontemporary children of a temporary
MERGE table is now prohibited.
MERGE table possible
It was possible to create a
MERGE tables: Can't lock file
This was a Windows-only bug. Table administration statements sometimes failed with "Can't lock file (errno: 155)".
The fix introduces the following changes in behavior:
This patch changes the behavior of temporary
MERGE tables. Temporary
MERGE must have temporary children. The
old behavior was wrong. A temporary table is not locked.
Hence even nontemporary children were not locked. See Bug#19627.
You cannot change the union list of a nontemporary
MERGE table when
LOCK TABLES is in effect. The
following does not work:
CREATE TABLE m1 ... ENGINE=MRG_MYISAM ...; LOCK TABLES t1 WRITE, t2 WRITE, m1 WRITE; ALTER TABLE m1 ... UNION=(t1,t2) ...;
However, you can do this with a temporary
You cannot create a
MERGE table with
CREATE ... SELECT, neither as a temporary
MERGE table, nor as a nontemporary
MERGE table. For example,
TABLE m1 ... ENGINE=MRG_MYISAM ... SELECT ...;
causes the error message: table is not BASE