Monthly Archives: January 2013
I’m getting more and more concerned about the current Oracle approach to MySQL security. And the fact that I was solely responsible for the security@mysql.com for about ten years, doesn’t make it easier, on the contrary, it only emphasizes changes in the attitude.
Starting from the obvious — somewhat slower response to critical bug fixes, which can be expected, Oracle is a big company, right? Very little information about security vulnerabilities is disclosed, CPUs are carefully stripped from anything that might help to understand the problem, it takes hours to map them to code changes. Heck, even test cases are kept private now. …
The MariaDB project is pleased to announce the immediate availability of the following new stable (GA) MariaDB versions:
- MariaDB 5.5.29 — Release Notes, Changelog, Downloads
- MariaDB 5.3.12 — Release Notes, Changelog, Downloads
- MariaDB 5.2.14 — Release Notes, Changelog, Downloads
- MariaDB 5.1.67 — Release Notes, Changelog, Downloads
Security Updates
These releases are “bug fix” releases and they include, among other things, fixes for the following security vulnerabilities:
- A buffer overflow that can cause a server crash or arbitrary code execution (a variant of CVE-2012-5611)
- CVE-2012-5627/MDEV-3915 fast password brute-forcing using the “change user” command
- CVE-2012-5615/MDEV-3909 information leakage about existing user accounts via the protocol handshake
- fixes for DoS attacks – crashes and server lockups
- These releases of MariaDB also include all applicable upstream security fixes from MySQL, such as fix for a CVE-2012-5612/MDEV-3908 and other crashes.
…
Continue reading “MariaDB 5.5.29, 5.3.12, 5.2.14, 5.1.67 now available”
We released the release candidate for MariaDB Galera Cluster on 21st December 2012, not traditionally the best time to make a release. We want to make this a GA release soon and we also want to ensure its well tested. Download it. Read the release notes. Give us feedback/report bugs. Blog about it too!
…
Continue reading “Please test the MariaDB Galera Cluster Release Candidate”
The MariaDB Java Client 1.1.0 has been released. You can download it here.
This version focused on fixing all known database metadata bugs and ConnnectorJ incompatibilities. Specific fixes include:
- Consistent, compatible with ConnectorJ handling of JDBC catalogs vs schemas vs databases
- Implementation of several missing methods in DatabaseMetaData
- Better handling of statement timeouts
- OSGi-specific entries have been added to MANIFEST.MF so it can be used in OSGi environments
- Added support for dumpQueriesOnException=true in the JDBC URL
- Added support for IPv6 addresses in the connector
- Added SSL support
- and more…
…
In May of last year I blogged about MariaDB 10.0 for the first time. We received some feedback, digested it, and I further explained MariaDB 10.0. Now, with the first Alpha of MariaDB 10.0 out and a new year just beginning, now is a good time to explain a little bit more, especially about MariaDB 10.0 and MySQL 5.6 as I and others in the MariaDB project get asked a lot about the differences between them.
First, here are some details as to why we didn’t just take MySQL 5.6 as a base and create something that would have been called MariaDB 5.6. …
The SkySQL and MariaDB Roadshow Comes to Germany:
Stuttgart 25 January 2013, 9.00-16.00, Sodexo STEP / Engineering Park
Hamburg 1 February 2013, 9.00-16.00, Quality Ambassador Hotel
SkySQL and Monty Program are on the road with our first joint – free – roadshows in Stuttgart and Hamburg, where Monty Widenius will unveil his vision of the future of the MySQL database via MariaDB (the talk will be in English).
In addition, speakers from Codership / Galera expected, as well SkySQL experts and customer speakers.
The latest trends around the MySQL and MariaDB databases will be discussed, in cloud and high availability scenarios. …