Supporting continuity and open collaboration

Posts tagged security

Extended maintenance period for MariaDB 5.5

As the maintenance policy of the MariaDB Foundation states, we are committed to maintaining each release for 5 years. As MariaDB 5.5 was announced for General Availability in 2012, the five year mark will soon be passed. However, since MariaDB 5.5 is widely used in many major Linux distributions in production use at the moment, […]

READ MORE

Who are you? The history of MySQL and MariaDB authentication protocols from 1997 to 2017

MySQL 3.20 to 4.0 In the good old days, when 32MB of RAM justified the name my-huge.cnf, when nobody knew Google and Facebook didn’t even exist, security was… how do I put it… kind of cute. Computer viruses didn’t steal millions and didn’t disrupt elections — they played Yankee Doodle or told you not to […]

READ MORE

MariaDB Server versions and the Remote Root Code Execution Vulnerability CVE-2016-6662

During the recent days there has been quite a lot of questions and discussion around a vulnerability referred to as MySQL Remote Root Code Execution / Privilege Escalation 0day with CVE code CVE-2016-6662. It’s a serious vulnerability and we encourage every MariaDB Server user to read the below update on the vulnerability from a MariaDB […]

READ MORE

The State of SSL in MariaDB

Usually when one says “SSL” or “TLS” it means not a specific protocol but a family of protocols. Wikipedia article has the details, but in short — SSL 2.0 and SSL 3.0 are deprecated and should not be used anymore (the well-known POODLE vulnerability exploits the flaw in SSL 3.0). TLS 1.0 is sixteen years […]

READ MORE

Information on the SSL connection vulnerability of MySQL and MariaDB

Last  week, a SSL connection security vulnerability was reported for MySQL and MariaDB. The vulnerability states that since MariaDB and MySQL do not enforce SSL when SSL support is enabled, it’s possible to launch Man In The Middle attacks (MITM). MITM attacks can capture the secure connection and turn it into an insecure one, revealing […]

READ MORE

Platinum Sponsors

MariaDB Foundation Platinum sponsors

Gold Sponsors

MariaDB Foundation Gold sponsors

Tweets by @mariadbfdn

Code statistics