Release Notes for MariaDB Enterprise Server 10.2.36-10

Overview

This tenth release of MariaDB Enterprise Server 10.2 is a maintenance release. This release includes security fixes.

MariaDB Enterprise Server 10.2.36-10 was released on 2020-12-14.

Fixed Security Vulnerabilities

CVE (with cve.org link)

CVSS base score

CVE-2020-14765

6.5

CVE-2020-14812

4.9

CVE-2020-14789

4.9

CVE-2020-14776

4.9

CVE-2020-28912

N/A (Critical)#1

#1:

MariaDB CVEs are assigned a word rating instead of a CVSS base score. See the MariaDB Engineering Policy for details.

Notable Changes

  • Galera wsrep library updated to 25.3.31 in MariaDB Enterprise Cluster.

  • In alignment with the MariaDB Engineering Policy, this release does not include CentOS 6.x and RHEL 6.x packages.

  • The audit plugin (not MariaDB Enterprise Audit) did not log proxy users. The new plugin version 2.0.3 introduces an event sub-type PROXY_CONNECT for event type CONNECT. (MDEV-19443)

    • On connect, if a proxy user is used, an extra line will be logged: TIME,HOSTNAME,user,localhost,ID,0,PROXY_CONNECT,test,plug_dest@%,0

  • Better MariaDB GTID support for the mariabackup --slave-info option. (MDEV-19264)

  • New global InnoDB variable innodb_max_purge_lag_wait (MDEV-16952)

  • The new parameter --include-unsupported for the script mariadb_es_repo_setup can be used to enable a repository of unsupported packages in the repository configuration. The repository currently includes the CONNECT Storage Engine. The storage engine can be installed by yum install MariaDB-connect-engine or apt-get install mariadb-plugin-connect-engine (MENT-1003)

  • Back port of a MariaDB Server 10.5 feature to not acquire InnoDB record locks when covering table locks exist. (MENT-403)

  • Change innodb_log_optimize_ddl=OFF by default. (MDEV-23720)

Issues Fixed

Can result in data loss

Can result in a hang or crash

  • InnoDB persistent stats analyze forces full scan which results in a lock crash. (MENT-1024)

  • InnoDB hang on INSERT with error message Semaphore wait has lasted > 300 seconds. (MENT-1007)

  • Server crash can happen on filesort with a setting for max_sort_length to a value lower than the default of 64 (MDEV-24033)

  • Potential stack overflow in InnoDB fulltext search with a complex MATCH .. AGAINST string. (MDEV-23999)

  • Mariabackup can hang if the server goes idle after a particular kind of redo log write. (MDEV-23982)

  • A server crash can occur when encryption is enabled for temporary tables (encrypt-tmp-files=ON) and queries use window functions. (MDEV-23867)

  • A crash of MariaDB Server is possible when binary logging is activated, caused by improper raising of an error or replication checksum. (MDEV-23832)

  • InnoDB assertion on TRUNCATE after ALTER TABLE .. DISCARD TABLESPACE (MDEV-23705)

  • Server crashes after failed attempt to create unique key on virtual column. (MDEV-23685)

  • Possible server crash when using an index on a spatial data type with InnoDB. (MDEV-23600)

  • Possible server crash when a string function is used for a column of type DATETIME and the string function is used in a subquery which is returning a row. (MDEV-23535)

  • MariaDB Enterprise Cluster node can crash on high INSERT, DELETE, or UPDATE load from many connections executed on the same table with foreign keys. (MDEV-23557)

  • Server crashes if a query is executed on an InnoDB table with a foreign key where the foreign key was removed while using SET FOREIGN_KEY_CHECKS=0. This case should result in an SQL error. (MDEV-23470)

  • Recursive procedure call ends with a crash instead of SQL error. (MDEV-23463)

  • InnoDB fails to open the table during removal of VIRTUAL column DDL while using SET FOREIGN_KEY_CHECKS=0, due to lack of referenced index. (MDEV-23387)

  • Server crash when altering a table after its tablespace has been discarded already. (MDEV-22939)

  • SHOW BINLOG EVENTS FROM ... caused a variety of non-determinism failures if the given position did not exist. (MDEV-22473)

  • SET GLOBAL `replicate_do_db` = DEFAULT causes a crash. (MDEV-20744)

  • JSON_MERGE_PATCH(json_doc, json_doc[, json_doc] ...) can crash if the first parameter is set to NULL and the second is not valid JSON. (MDEV-20593)

  • Server crashes after DELETE with ON DELETE SET NULL for foreign key and a virtual column in index. (MDEV-20396)

  • Server can crash on a prepared SELECT statement executed via MariaDB MariaDB Connector/ODBC. (MDEV-19838)

  • Crash on SELECT on a table that contains indexed virtual columns. (MDEV-18366)

  • Possible server crash for queries using the window function NTH_VALUE() (MDEV-15180)

  • Galera got stuck after FLUSH TABLES (MDEV-22707)

  • Server crash can occur when SET GLOBAL replicate_do_table is used. (MDEV-23534)

Can result in unexpected behavior

Interface Changes

Platforms

In alignment to the enterprise lifecycle, MariaDB Enterprise Server 10.2.36-10 is provided for:

  • Red Hat Enterprise Linux 7

  • Red Hat Enterprise Linux 8

  • CentOS 7

  • CentOS 8

  • Ubuntu 16.04

  • Ubuntu 18.04

  • Debian 9

  • Debian 10

  • SUSE Linux Enterprise Server 12

  • SUSE Linux Enterprise Server 15

  • Microsoft Windows

Some components of MariaDB Enterprise Server might not support all platforms. For additional information, see "MariaDB Corporation Engineering Policies".

Note

In alignment with the MariaDB Engineering Policy, this release does not include CentOS 6.x and RHEL 6.x packages.