Thoughts on MariaDB Server 10.3 from MariaDB Developers Meeting in Amsterdam, part 1

I had the honor of leading a session on Saturday, during the MariaDB Developers Meeting in Amsterdam, brainstorming around MariaDB Server 10.3. It’s definitely time to do that since MariaDB Server 10.2 has entered beta stage. In case you have missed that, I’ve wrapped up what’s included in 10.2 so far in a blog post on my employer’s site. In addition to the features mentioned in that blog post there are a couple of features still coming in 10.2 of which the most notable is that the MyRocks engine will be included. More about this later in another article. …

MariaDB Server versions and the Remote Root Code Execution Vulnerability CVE-2016-6662

During the recent days there has been quite a lot of questions and discussion around a vulnerability referred to as MySQL Remote Root Code Execution / Privilege Escalation 0day with CVE code CVE-2016-6662. It’s a serious vulnerability and we encourage every MariaDB Server user to read the below update on the vulnerability from a MariaDB point of view.

The vulnerability can be exploited by both local and remote users. Both an authenticated connection to or SQL injection in an affected version of MariaDB Server can be used to exploit the vulnerability. If successful, a library file could be loaded and executed with root privileges. …

MariaDB meetup in Helsinki on March 17th

If you are in Helsinki on Thursday next week March 17th, join us for the MariaDB meetup at Solinor. MariaDB team members will present the latest on MariaDB 10.1, MaxScale and MariaDB’s future roadmap.

On stage Rasmus Johansson VP Engineering, MariaDB Corporation and Johan Wikman & Markus Mäkelä, developers of MaxScale.

See the meetup page for the agenda and registration:
http://www.meetup.com/Helsinki-MySQL-User-Group/events/229338790/

Eating our own dog food – Running JIRA on MariaDB

A couple of weeks ago we announced that we were moving from a hosted instance of JIRA to our self hosted instance. The main reason was that we hit 2000 active users in the hosted instance of JIRA and that is the upper limit that it  supports. We obviously wanted to allow more people to be active in reporting and commenting on bugs and features for MariaDB. That’s why we set up our own instance, which now is up and running at jira.mariadb.org.

Thank you Atlassian, the company behind JIRA, for providing the hosted instance of JIRA for the MariaDB project over the last three years! …

MariaDB itself is NOT affected by the DROWN vulnerability

Recently a serious vulnerability called DROWN was found. The vulnerability exists in systems that support SSLv2. There is flaw in SSLv2 that could be used to decrypt information over newer SSL protocols such as TLS. More information about the DROWN vulnerability with CVE number CVE-2016-0800 can be found here:

Last December Sergei Golubchik wrote a blog post about The State of SSL in MariaDB, which explains what versions of SSL cryptography is used in which MariaDB version and what is inherited from MySQL. …

MariaDB JIRA is moving

The MariaDB JIRA instance that currently is in use for project and issue tracking will change. The current instance is hosted in Atlassian’s cloud and it has worked well, but we have hit the maximum user limit of 2000 users. It’s fantastic to see how many of you actually report bugs and other issues in the MariaDB project!

To hit that limit also means that we have to migrate over to a self-hosted instance of JIRA. Below are important details about that change.

When will the switch happen: 
Sat 27th of Feb

What is the impact for me as a user of MariaDB’s JIRA:
1.

MariaDB Connector/J failover support – case Amazon Aurora

MariaDB Connector/J has evolved a lot during the year. In this post I will talk about the failover capabilities in the connector and give some guidance on how to use them in some certain cases. One other important new feature that I’ll cover in a later article is the fact that MariaDB Connector/J can do load balancing over several servers now as well.

To start off with we’ll need the connector itself. Do either of the following to get version 1.2.3 of MariaDB Connector/J which is the newest stable version as of writing:

Developer meeting & community meetup summary

MariaDB 10.1 shipped a few days ago, so it’s now a good time to focus on another important event. Last week we had a three day MariaDB developers meeting. It took place in Amsterdam (Oct 13-15). Meetings like this tend to have a great impact on the roadmap of the product. Booking.com was very kind to offer their facilities for the developer meeting.

Thank you Booking.com!

The day before the developer meeting there was a MySQL meetup arranged at eBay’s office in Amsterdam since, naturally, a lot of MariaDB developers were already in town for the developers meeting.