New corrective maintenance releases for MariaDB Enterprise Server 11.8.6-4, 11.4.10-8, and 10.6.25-22 are now available.
Notable Release Updates
- A parameter-injection gap existed in wsrep_sst_rsync because it failed to validate the joiner-supplied WSREP_SST_OPT_REMOTE_USER and WSREP_SST_OPT_REMOTE_PSWD values before interpolating them into the donor-written stunnel.conf and the rsync magic file
- An appropriately privileged user (with SUPER privileges) could execute shell commands as the uid of the mariadbd process because the values of the system variables wsrep_sst_donor and wsrep_sst_receive_address, which can be modified at runtime, were not properly sanitized when used to construct a shell command
- The wsrep_notify_cmd functionality was susceptible to a parameter-injection vulnerability, as it failed to validate the peer-supplied wsrep_node_name and wsrep_node_incoming_address values before interpolating them into the notification command line
Release Notes
- MariaDB Enterprise Server 11.8.6-4 Release Notes
- MariaDB Enterprise Server 11.4.10-8 Release Notes
- MariaDB Enterprise Server 10.6.25-22 Release Notes
Why MariaDB Enterprise Server
MariaDB Enterprise Server is an enhanced, hardened and secured version of MariaDB Community Server that delivers enterprise reliability, stability and long-term support as well as greater operational efficiency when it comes to managing large database deployments for business and mission critical applications. MariaDB Enterprise Server offers additional features needed for production workloads that are not available in the community edition, such as Enterprise Audit and Enterprise Backup, and also backports certain enterprise features to older versions so customers can take advantage of critical fixes and features immediately instead of having to upgrade to the newest version.
Being able to backport features from newer release series to older versions is a key advantage of MariaDB Enterprise Server. Quality assurance and internal processes do not always allow customers to upgrade production environments to the newest and greatest release series, although some of the new features would be of value. MariaDB Enterprise Server can help in this case, as we can backport highly requested features to existing versions in cases where we can assure that a backported feature does not decrease the stability of that release series of MariaDB Enterprise Server.
Download MariaDB Enterprise Server
MariaDB customers can download MariaDB Enterprise Server versions at mariadb.com/downloads/enterprise.