The security improvements related to creation of table files
and to user-defined functions were made after MySQL 4.1.10 was
released and are present in MySQL 4.1.10a. We would like to
thank Stefano Di Paola
for making us aware of these.
End of Product Lifecycle. Active development and support for MySQL Database Server versions 3.23, 4.0, and 4.1 has ended. For details, see http://www.mysql.com/about/legal/lifecycle/#calendar. Please consider upgrading to a recent version. Further updates to the content of this manual will be minimal. All formats of this manual will continue to be available until 31 Dec 2010.
Functionality added or changed:
Thread stack size was increased from 192KB to 256KB on Linux/IA-64 (too small stack size was causing server crashes on some queries). (Bug#8391)
The server now issues a warning when
lower_case_table_names = 2 and
the data directory is on a case-sensitive file system, just as
lower_case_table_names = 0
on a case-insensitive file system.
The server now issues a warning to the error log when it encounters older tables that contain character columns that might be interpreted by newer servers to have a different column length. See Section 184.108.40.206, “Upgrading from MySQL 4.0 to 4.1”, for a discussion of this problem and what to do about it. (Bug#6913)
mysql_library_end() as synonyms
mysql_server_end() C API
#define symbols, but the names more clearly
indicate that they should be called when beginning and ending
use of a MySQL C API library no matter whether the application
InnoDB: Relaxed locking in
SELECT, single table
(SELECT) and single table
(SELECT) clauses when
is used and isolation level of the transaction is not
InnoDB uses consistent read in these cases
for a selected table.
From the Windows distribution, predefined accounts without
passwords for remote users (
''@'%') were removed (other distributions
never had them).
InnoDB: When MySQL/InnoDB is compiled on Mac
OS X 10.2 or earlier, detect the operating system version at run
time and use the
fcntl() file flush method on
Mac OS X versions 10.3 and later. In Mac OS X,
fsync() does not flush the write cache in the
disk drive, but the special
however, the flush request is ignored by some external devices.
Failure to flush the buffers may cause severe database
corruption at power outages.
Security improvement: User-defined functions should have at
least one symbol defined in addition to the
xxx symbol that corresponds to the main
xxx() function. These auxiliary symbols
correspond to the
functions. mysqld by default no longer loads
UDFs unless they have at least one auxiliary symbol defined in
addition to the main symbol. The
controls whether UDFs that have only an
symbol can be loaded. By default, the option is off.
mysqld also checks UDF file names when it
reads them from the
mysql.func table and
rejects those that contain directory path name separator
characters. (It already checked names as given in
CREATE FUNCTION statements.) See
Section 220.127.116.11, “UDF Calling Sequences for Simple Functions”,
Section 18.104.22.168, “UDF Calling Sequences for Aggregate Functions”, and
Section 22.214.171.124, “User-Defined Function Security Precautions”. Thanks to Stefano Di Paola
<firstname.lastname@example.org> for finding and
informing us about this issue.
Added back faster subquery execution from 4.1.8. This adds also
back a bug from 4.1.8 in comparing
the value of a subquery. See Section A.5.8.4, “Open Issues in MySQL”.
Security improvement: The server creates
files only if a file with the same name does not already exist.
Thanks to Stefano Di Paola
<email@example.com> for finding and
informing us about this issue.
InnoDB: A shared record lock
LOCK_REC_NOT_GAP) is now taken for a
matching record in the foreign key check because inserts can be
allowed into gaps.
Multiple-table updates did not replicate properly to slave
--replicate-*-table options had
DELETE FROM when the
WHERE ... ORDER BY
ORDER BY column was
qualified with the table name caused the server to crash.
Cardinality estimates for
HASH indexes of
TEMPORARY tables created using
MEMORY storage engine were inaccurate. As a
result, queries that were using this index (as shown by
EXPLAIN) could returned incorrect
If multiple prepared statements were executed without retrieving their results, executing one of them again would cause the client program to crash. (Bug#8330)
Certain joins used with boolean full-text search could cause the server to crash. (Bug#8234)
Removed a dependence of boolean full-text search on
SET statements produced by
mysqldump to write quoted strings using
single quotes rather than double quotes. This avoids problems if
the dump file is reloaded while the
ANSI_QUOTES SQL mode is in
Strings that began with
considered equal to the empty string.
Re-execution of prepared statements containing subqueries caused the server to crash. (Bug#8125)
Certain correlated subqueries with forward references (referring to an alias defined later in the outer query) could crash the server. (Bug#8025)
Corrected a problem with references to
where statements such as
SELECT 1 AS a FROM
DUAL would succeed but statements such as
SELECT 1 AS a FROM DUAL LIMIT 1 would fail.
Comparing a nested row expression (such as
ROW(1,(2,3))) with a subquery caused the
server to crash.
InnoDB: Fixed a bug introduced in 4.1.9,
where, if you used
innodb_file_per_table with the
Windows version of MySQL, mysqld stopped with
Windows error 87. (See the Bugs database or the MySQL 4.1.9
changelog for information about a workaround for the issue in
The number of columns in a row comparison against a subquery was calculated incorrectly. (Bug#8020)
mysql_stmt_close() C API
function was not clearing an error indicator when a previous
prepare call failed, causing subsequent invocations of
error-retrieving calls to indicate spurious error values.
Executing a multi-statement query more than once with the query cache active could yield incorrect result sets. (Bug#7966)
A slave running MySQL 3.23.51 or newer hung while trying to
connect to a master running MySQL 3.23.50 or older. (The reason
for this was a bug in the old masters —
@@ caused the
server to hang — which was fixed in MySQL 3.23.50.)
If one used
SELECT, which in its turn was
CREATE TABLE statements,
then system time zone tables were added to list of tables joined
in SELECT and thus erroneous result was produced.
Comparing the result of a subquery to a nonexistent column caused the server to crash. This issue affected MySQL on Windows platforms only. (Bug#7885)
MySQL allowed concurrent updates (including inserts and deletes) to a table if binary logging was enabled. Now, all updates are executed in a serialized fashion, because they are executed serialized when the binary log is replayed. (Bug#7879)
Ensured that mysqldump --single-transaction
sets its transaction isolation level to
REPEATABLE READ before
proceeding (otherwise if the MySQL server was configured to run
with a default isolation level lower than
REPEATABLE READ it could give
an inconsistent dump).
ALTER TABLE ... ADD
CONSTRAINT PRIMARY KEY ... complained about bad
foreign key definition.
Conversion of floating-point values to character values was not performed correctly when the absolute value of the float was less than 1 (including negative values). (Bug#7774)
Handling of trailing spaces was incorrect for the
ucs2 character set.
Updates were being written to the binary log when there were
binlog-ignore-db options even when there was
no current database, contrary to
Section 14.9.1, “Evaluation of Database-Level Replication and Binary Logging Options”.
CREATE TABLE ... LIKE failed on Windows when
the source or destination table was located in a symlinked
Column headers in query results retrieved from the query cache could be corrupted when a non-4.1 client was served a result originally generated for a 4.1 client. The query cache was not keeping track of which client/server protocol was being used. (Bug#6511)
Key cache statistics were reported incorrectly by the server
after receipt of a
A problem with
resulted in the wrong number of examined rows being reported in
the slow query log.
InnoDB: Use native
tmpfile() function on Netware. All
InnoDB temporary files are created under
InnoDB temporary files were never deleted on
The combination of
trunc* operators in a full-text search did
not work correctly. Using more than one truncated negative
search term caused the result to be empty.