# MySQL Enterprise Notes
- Enterprise Encryption for MySQL Enterprise Edition now enables server administrators to impose limits on maximum key length by setting environment variables. These can be used to prevent clients from using excessive CPU resources by passing very long key lengths to key-generation operations. For more information, see Enterprise Encryption Usage and Examples.
# Security Notes
* Incompatible Change: These changes were made to mysqld_safe:
- Unsafe use of rm and chown in mysqld_safe could result in privilege escalation. chown now can be used only when the target directory is /var/log. An incompatible change is that if the directory for the Unix socket file is missing, it is no longer created; instead, an error occurs. Due to these changes, /bin/bash is required to run mysqld_safe on Solaris. /bin/sh is still used on other Unix/Linux platforms.
- The --ledir option now is accepted only on the command line, not in option files.
- mysqld_safe ignores the current working directory.
# Other related changes:
- Initialization scripts that invoke mysqld_safe pass --basedir explicitly.
- Initialization scripts create the error log file only if the base directory is /var/log or /var/lib.
- Unused systemd files for SLES were removed.
- MySQL Server now includes a plugin library that enables administrators to introduce an increasing delay in server response to clients after a certain number of consecutive failed connection attempts. This capability provides a deterrent that slows down brute force attacks that attempt to access MySQL user accounts. For more information, see The Connection-Control Plugin.
- OpenSSL is ending support for version 1.0.1 in December 2016; Consequently, MySQL Commercial Server builds now use version 1.0.2 rather than version 1.0.1, and the linked OpenSSL library for the MySQL Commercial Server has been updated from version 1.0.1 to version 1.0.2j. For a description of issues fixed in this version, This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead.
# Functionality Added or Changed
- InnoDB: By default, InnoDB reads uncommitted data when calculating statistics. In the case of an uncommitted transaction that deletes rows from a table, InnoDB excludes records that are delete-marked when calculating row estimates and index statistics, which can lead to non-optimal execution plans for other transactions that are operating on the table concurrently using a transaction isolation level other than READ UNCOMMITTED. To avoid this scenario, a new configuration option, innodb_stats_include_delete_marked, can be enabled to ensure that InnoDB includes delete-marked records when calculating persistent optimizer statistics.
- Unit testing now uses Google Mock 1.8.
# Bugs Fixed
- Incompatible Change: A change made in MySQL 5.6.32 for handling of multibyte character sets by LOAD DATA was reverted due to the replication incompatibility
- InnoDB: The GCC mach_parse_compressed function should load one to five bytes depending on the value of the first byte. Due to a GCC bug, GCC 5 and 6 emit code to load four bytes before the first byte value is checked . A workaround prevents this behavior.
- InnoDB: Due to a glibc bug, short-lived detached threads could exit before the caller had returned from pthread_create(), causing a server exit.
- InnoDB: An error during a table-rebuilding operation on a table with only a generated clustered index (GEN_CLUST_INDEX) raised and assertion due to an error called with an invalid key name.
- InnoDB: On a table without an explicitly defined primary key, InnoDB did not replace the implicit clustered index (GEN_CLUST_INDEX) when a unique key was defined on a NOT NULL column.
- InnoDB: InnoDB failed to free memory used by the full-text optimizer thread.
- InnoDB: SHOW ENGINE INNODB STATUS output showed a “cleaning up” state for an idle thread. Thread state information was not reset after statement execution.
- InnoDB: After a server restart, concurrent INSERT operations a table with an auto-increment primary key resulted in a duplicate entry error. The current auto-increment value was not changed after auto_increment_increment and auto_increment_offset settings were modified.
- Replication: Tables with special DEFAULT columns, such as DEFAULT CURRENT_TIMESTAMP, that existed only on a slave were not being updated when using row-based replication (binlog_format=ROW).
- Replication: Enabling semisynchronous replication when a server was during the commit stage could cause the master to stop unexpectedly.
- Replication: The fix for Bug #81657 was correctly merged into MySQL 5.6.
- Some Linux startup scripts did not process the datadir setting correctly.
- CREATE TABLE with a DATA DIRECTORY clause could be used to gain extra privileges.
- OEL RPM packages now better detect which platforms have multilib support (for which 32-bit and 64-bit libraries can be installed). Thanks to Alexey Kopytov for the patch.
- Compiling MySQL using Microsoft Visual Studio 2015 Version 14.0.25420.1 in relwithdebinfo mode failed with linking errors.
- Warnings occurring during CREATE TABLE ... SELECT could cause a server exit.
- For segmentation faults on FreeBSD, the server did not generate a stack trace.
- The .mylogin.cnf option file is intended for use by client programs, but the server was reading it as well. The server no longer reads it.
- If mysqladmin shutdown encountered an error determining the server process ID file, it displayed an error message that did not clearly indicate the error was nonfatal. It now indicates that execution continues.
- The data structure used for ZEROFILL columns could experience memory corruption, leading eventually to a server exit.
- Use of very long subpartition names could result in a server exit. Now partition or subpartition names larger than 64 characters produce an ER_TOO_LONG_IDENT error.
- On Solaris, gettimeofday() could return an invalid value and cause a server shutdown.
- A union query resulting in tuples larger than max_join_size could result in a server exit.
- The optimizer could choose ref access on a secondary index rather than range access on the primary key, even when the cost was higher.
- For some deeply nested expressions, the optimizer failed to detect stack overflow, resulting in a server exit.
- When taking the server offline, a race condition within the Performance Schema could lead to a server exit.
- The Performance Schema events_statements_summary_by_digest table could contain multiple rows for the same statement digest and schema combination, rather than the expected single (unique) row.
- For debug builds: Adding a unique index to a POINT NOT NULL column triggered a warning and the key was not promoted to a primary key. Creating a unique index on a different non-NULL column in the same table then raised an assertion.
- Compiling using Clang 3.5 or higher with AddressSanitizer (ASAN) enabled caused the gen_lex_hash utility to abort on Clang LeakSanitizer memory leak check failures.
- Miscalculation of memory requirements for qsort operations could result in stack overflow errors in situations with a large number of concurrent server connections.