I’m getting more and more concerned about the current Oracle approach to MySQL security. And the fact that I was solely responsible for the security@mysql.com for about ten years, doesn’t make it easier, on the contrary, it only emphasizes changes in the attitude.
Starting from the obvious — somewhat slower response to critical bug fixes, which can be expected, Oracle is a big company, right? Very little information about security vulnerabilities is disclosed, CPUs are carefully stripped from anything that might help to understand the problem, it takes hours to map them to code changes. Heck, even test cases are kept private now. …
The MariaDB project is pleased to announce the immediate availability of the following new stable (GA) MariaDB versions:
- MariaDB 5.5.29 — Release Notes, Changelog, Downloads
- MariaDB 5.3.12 — Release Notes, Changelog, Downloads
- MariaDB 5.2.14 — Release Notes, Changelog, Downloads
- MariaDB 5.1.67 — Release Notes, Changelog, Downloads
Security Updates
These releases are “bug fix” releases and they include, among other things, fixes for the following security vulnerabilities:
- A buffer overflow that can cause a server crash or arbitrary code execution (a variant of CVE-2012-5611)
- CVE-2012-5627/MDEV-3915 fast password brute-forcing using the “change user” command
- CVE-2012-5615/MDEV-3909 information leakage about existing user accounts via the protocol handshake
- fixes for DoS attacks – crashes and server lockups
- These releases of MariaDB also include all applicable upstream security fixes from MySQL, such as fix for a CVE-2012-5612/MDEV-3908 and other crashes.
…
Continue reading “MariaDB 5.5.29, 5.3.12, 5.2.14, 5.1.67 now available”
We released the release candidate for MariaDB Galera Cluster on 21st December 2012, not traditionally the best time to make a release. We want to make this a GA release soon and we also want to ensure its well tested. Download it. Read the release notes. Give us feedback/report bugs. Blog about it too!
…
Continue reading “Please test the MariaDB Galera Cluster Release Candidate”
The MariaDB Java Client 1.1.0 has been released. You can download it here.
This version focused on fixing all known database metadata bugs and ConnnectorJ incompatibilities. Specific fixes include:
- Consistent, compatible with ConnectorJ handling of JDBC catalogs vs schemas vs databases
- Implementation of several missing methods in DatabaseMetaData
- Better handling of statement timeouts
- OSGi-specific entries have been added to MANIFEST.MF so it can be used in OSGi environments
- Added support for dumpQueriesOnException=true in the JDBC URL
- Added support for IPv6 addresses in the connector
- Added SSL support
- and more…
…
In May of last year I blogged about MariaDB 10.0 for the first time. We received some feedback, digested it, and I further explained MariaDB 10.0. Now, with the first Alpha of MariaDB 10.0 out and a new year just beginning, now is a good time to explain a little bit more, especially about MariaDB 10.0 and MySQL 5.6 as I and others in the MariaDB project get asked a lot about the differences between them.
First, here are some details as to why we didn’t just take MySQL 5.6 as a base and create something that would have been called MariaDB 5.6. …
The SkySQL and MariaDB Roadshow Comes to Germany:
Stuttgart 25 January 2013, 9.00-16.00, Sodexo STEP / Engineering Park
Hamburg 1 February 2013, 9.00-16.00, Quality Ambassador Hotel
SkySQL and Monty Program are on the road with our first joint – free – roadshows in Stuttgart and Hamburg, where Monty Widenius will unveil his vision of the future of the MySQL database via MariaDB (the talk will be in English).
In addition, speakers from Codership / Galera expected, as well SkySQL experts and customer speakers.
The latest trends around the MySQL and MariaDB databases will be discussed, in cloud and high availability scenarios. …
- Michael ‘Monty’ Widenius, David Axmark, and Allan Larsson announce MariaDB Foundation
- Leading organizations pledge EUR1M to launch not-for-profit organization
- Further sponsors sought; Board elections to be held February 2013
Percona Live Conference, London – December 4, 2012 –The founders of the most popular databases on the web, Michael Widenius, David Axmark, and Allan Larsson today announced the formation of the MariaDB Foundation. “MariaDB continues the project started 18 years ago when we founded MySQL, with code maintained by the same dedicated core team. The time is right for an independent organisation to to safeguard the interests of MariaDB users and developers as we head towards MariaDB 10” said David Axmark. …
Continue reading “MariaDB Foundation to Safeguard Leading Open Source Database”
Connectors now available to the MySQL® community as part of the MariaDB open source project
Helsinki – November 29, 2012 – Monty Program, the home of MariaDB, owned by MySQL®-database-creator Monty Widenius and its employees, and SkySQL, the trusted provider of open source database solutions, today announced the immediate availability of their connectors, ‘MariaDB Client Library for C and MariaDB Client Library for Java Applications’, to the wider MySQL® database community in the permissive LGPL licence.
With this announcement, the connectors become part of the wider MariaDB open source project, to which users will be able to contribute via relevant online resources. …