Thread stack size was increased from 192KB to 256KB on Linux/IA-64 (too small stack size was causing server crashes on some queries). (Bug#8391)

Setting the connection collation to a value different from the server collation followed by a CREATE TABLE statement that included a quoted default value resulted in a server crash. (Bug#8235)

The server now issues a warning when lower_case_table_names = 2 and the data directory is on a case-sensitive file system, just as when lower_case_table_names = 0 on a case-insensitive file system. (Bug#7887)

The server now issues a warning to the error log when it encounters older tables that contain character columns that might be interpreted by newer servers to have a different column length. See Section 2.11.1.1, “Upgrading from MySQL 4.0 to 4.1”, for a discussion of this problem and what to do about it. (Bug#6913)

Added mysql_library_init() and mysql_library_end() as synonyms for the mysql_server_init() and mysql_server_end() C API functions. mysql_library_init() and mysql_library_end() are #define symbols, but the names more clearly indicate that they should be called when beginning and ending use of a MySQL C API library no matter whether the application uses libmysqlclient or libmysqld. (Bug#6149)

InnoDB: Relaxed locking in INSERT ... SELECT, single table UPDATE ... (SELECT) and single table DELETE ... (SELECT) clauses when innodb_locks_unsafe_for_binlog is used and isolation level of the transaction is not SERIALIZABLE. InnoDB uses consistent read in these cases for a selected table.

From the Windows distribution, predefined accounts without passwords for remote users ('root'@'%', ''@'%') were removed (other distributions never had them).

InnoDB: When MySQL/InnoDB is compiled on Mac OS X 10.2 or earlier, detect the operating system version at run time and use the fcntl() file flush method on Mac OS X versions 10.3 and later. In Mac OS X, fsync() does not flush the write cache in the disk drive, but the special fcntl() does; however, the flush request is ignored by some external devices. Failure to flush the buffers may cause severe database corruption at power outages.

Security improvement: User-defined functions should have at least one symbol defined in addition to the xxx symbol that corresponds to the main xxx() function. These auxiliary symbols correspond to the xxx_init(), xxx_deinit(), xxx_reset(), xxx_clear(), and xxx_add() functions. mysqld by default no longer loads UDFs unless they have at least one auxiliary symbol defined in addition to the main symbol. The --allow-suspicious-udfs option controls whether UDFs that have only an xxx symbol can be loaded. By default, the option is off. mysqld also checks UDF file names when it reads them from the mysql.func table and rejects those that contain directory path name separator characters. (It already checked names as given in CREATE FUNCTION statements.) See Section 18.2.2.1, “UDF Calling Sequences for Simple Functions”, Section 18.2.2.2, “UDF Calling Sequences for Aggregate Functions”, and Section 18.2.2.6, “User-Defined Function Security Precautions”. Thanks to Stefano Di Paola <stefano.dipaola@wisec.it> for finding and informing us about this issue. (CVE-2005-0709, CVE-2005-0710)

Added back faster subquery execution from 4.1.8. This adds also back a bug from 4.1.8 in comparing NULL to the value of a subquery. See Section A.5.8.4, “Open Issues in MySQL”.

Security improvement: The server creates .frm, .MYD, .MYI, .MRG, .ISD, and .ISM table files only if a file with the same name does not already exist. Thanks to Stefano Di Paola <stefano.dipaola@wisec.it> for finding and informing us about this issue. (CVE-2005-0711)

InnoDB: A shared record lock (LOCK_REC_NOT_GAP) is now taken for a matching record in the foreign key check because inserts can be allowed into gaps.

Replication: Multiple-table updates did not replicate properly to slave servers where --replicate-*-table options had been specified. (Bug#7011)

LOAD INDEX statement now loads the index into memory. (Bug#8452)

DELETE FROM tbl_name ... WHERE ... ORDER BY tbl_name.col_name when the ORDER BY column was qualified with the table name caused the server to crash. (Bug#8392)

Cardinality estimates for HASH indexes of TEMPORARY tables created using MEMORY storage engine were inaccurate. As a result, queries that were using this index (as shown by EXPLAIN) could returned incorrect results. (Bug#8371)

If multiple prepared statements were executed without retrieving their results, executing one of them again would cause the client program to crash. (Bug#8330)

Certain joins used with boolean full-text search could cause the server to crash. (Bug#8234)

Add description of debug command to mysqladmin help output. (Bug#8207)

Removed a dependence of boolean full-text search on --default-character-set option. (Bug#8159)

Modify SET statements produced by mysqldump to write quoted strings using single quotes rather than double quotes. This avoids problems if the dump file is reloaded while the ANSI_QUOTES SQL mode is in effect. (Bug#8148)

Strings that began with CHAR(31) were considered equal to the empty string. (Bug#8134)

Re-execution of prepared statements containing subqueries caused the server to crash. (Bug#8125)

Certain correlated subqueries with forward references (referring to an alias defined later in the outer query) could crash the server. (Bug#8025)

Corrected a problem with references to DUAL where statements such as SELECT 1 AS a FROM DUAL would succeed but statements such as SELECT 1 AS a FROM DUAL LIMIT 1 would fail. (Bug#8023)

Comparing a nested row expression (such as ROW(1,(2,3))) with a subquery caused the server to crash. (Bug#8022)

InnoDB: Fixed a bug introduced in 4.1.9, where, if you used innodb_file_per_table with the Windows version of MySQL, mysqld stopped with Windows error 87. (See the Bugs database or the MySQL 4.1.9 changelog for information about a workaround for the issue in 4.1.9). (Bug#8021)

The number of columns in a row comparison against a subquery was calculated incorrectly. (Bug#8020)

mysqld had problems finding its language files if the --basedir value was specified as a very long path name. (Bug#8015)

mysql_stmt_close() C API function was not clearing an error indicator when a previous prepare call failed, causing subsequent invocations of error-retrieving calls to indicate spurious error values. (Bug#7990)

Executing a multi-statement query more than once with the query cache active could yield incorrect result sets. (Bug#7966)

A slave running MySQL 3.23.51 or newer hung while trying to connect to a master running MySQL 3.23.50 or older. (The reason for this was a bug in the old masters — SELECT @@unknown_var caused the server to hang — which was fixed in MySQL 3.23.50.) (Bug#7965)

Erroneous output resulted from SELECT DISTINCT combined with a subquery and GROUP BY. (Bug#7946)

FOUND_ROWS() returned an incorrect value after a SELECT SQL_CALC_FOUND_ROWS DISTINCT statement that selected constants and included GROUP BY and LIMIT clauses. (Bug#7945)

SHOW INDEX reported Sub_part values in bytes rather than characters for columns with a multi-byte character set. (Bug#7943)

Changed mysql client so that including \p as part of a prompt command uses the name of the shared memory connection when the connection is using shared memory. (Bug#7922)

If one used CONVERT_TZ() function in SELECT, which in its turn was used in CREATE TABLE statements, then system time zone tables were added to list of tables joined in SELECT and thus erroneous result was produced. (Bug#7899)

Comparing the result of a subquery to a nonexistent column caused the server to crash. This issue affected MySQL on Windows platforms only. (Bug#7885)

ALTER TABLE improperly accepted an index on a TIMESTAMP column that CREATE TABLE would reject. (Bug#7884)

MySQL allowed concurrent updates (including inserts and deletes) to a table if binary logging was enabled. Now, all updates are executed in a serialized fashion, because they are executed serialized when the binary log is replayed. (Bug#7879)

Ensured that mysqldump --single-transaction sets its transaction isolation level to REPEATABLE READ before proceeding (otherwise if the MySQL server was configured to run with a default isolation level lower than REPEATABLE READ it could give an inconsistent dump). (Bug#7850)

InnoDB: ALTER TABLE ... ADD CONSTRAINT PRIMARY KEY ... complained about bad foreign key definition. (Bug#7831)

mysqlbinlog forgot to add backquotes around the collation of user variables (causing later parsing problems as BINARY is a reserved word). (Bug#7793)

A Table is full error occurred when the table was still smaller than max_heap_table_size. (Bug#7791)

Multiple-table UPDATE statements could cause spurious Table '#sql_....' is full errors if the number of rows to update was sufficiently large. (Bug#7788)

Conversion of floating-point values to character values was not performed correctly when the absolute value of the float was less than 1 (including negative values). (Bug#7774)

Use of GROUP_CONCAT() with HAVING caused the server to crash. (Bug#7769)

The CONV() function returned an unsigned BIGINT number, which does not fit in 32 bits. (Bug#7751)

The IN() operator did not return correct results if all values in the list were constants and some of them used substring functions such as LEFT(), RIGHT(), or MID(). (Bug#7716)

The CONVERT_TZ() function, when its second or third argument was from a const table, caused the server to crash. (See Section 12.7.2, “EXPLAIN Syntax”.) (Bug#7705)

The TIMEDIFF() function returned incorrect results if one of its arguments had a nonzero microsecond part. (Bug#7586)

TIMESTAMP columns with their display width so specified were not treated as identical to DATETIME columns when the server was run in MAXDB mode. (Bug#7418)

perror.exe was always returning “Unknown error” on Windows. See Section 4.8.1, “perror — Explain Error Codes”. (Bug#7390)

SHOW INDEX on a MERGE table could cause debug versions of the server to crash. (Bug#7377)

Handling of trailing spaces was incorrect for the ucs2 character set. (Bug#7350)

Adding an ORDER BY clause for an indexed column caused a SELECT to return an empty result. (Bug#7331)

ALTER TABLE on a TEMPORARY table with a mixed-lettercase name could cause the table to disappear when lower_case_table_names was set to 2. (Bug#7261)

For indexes, SHOW CREATE TABLE now displays the index type even if it is the default, for storage engines that support multiple index types. (Bug#7235)

Updates were being written to the binary log when there were binlog-do-db or binlog-ignore-db options even when there was no current database, contrary to Section 14.9.1, “Evaluation of Database-Level Replication and Binary Logging Options”. (Bug#6749)

CREATE TABLE ... LIKE failed on Windows when the source or destination table was located in a symlinked database directory. (Bug#6607)

Column headers in query results retrieved from the query cache could be corrupted when a non-4.1 client was served a result originally generated for a 4.1 client. The query cache was not keeping track of which client/server protocol was being used. (Bug#6511)

Correct a problem with mysql_config, which was failing to produce proper zlib option for linking under some circumstances. (Bug#6273)

Nonnumeric values inserted into a YEAR column were being stored as 2000 rather than as 0000. (Bug#6067)

mysql_stmt_prepare() was very slow when used in client programs on Windows. (Bug#5787)

A HAVING clause that referred to RAND() or a user-defined function in the SELECT part of a query through an alias could cause MySQL to crash or to return an incorrect value. (Bug#5185)

Key cache statistics were reported incorrectly by the server after receipt of a SIGHUP signal. (Bug#4285)

A problem with UNION statements resulted in the wrong number of examined rows being reported in the slow query log.

A symlink vulnerability in the mysqlaccess script was reported by Javier Fernandez-Sanguino Pena and Debian Security Audit Team. (CVE-2005-0004)

InnoDB: Use native tmpfile() function on Netware. All InnoDB temporary files are created under sys:\tmp. Previously, InnoDB temporary files were never deleted on Netware.

The combination of -not and trunc* operators in a full-text search did not work correctly. Using more than one truncated negative search term caused the result to be empty.

InnoDB: A rare race condition could cause an assertion in DROP TABLE or in ALTER TABLE.