Release Notes for MariaDB Enterprise Server 10.2.36-10

This tenth release of MariaDB Enterprise Server 10.2 is a maintenance release. This release includes security fixes.

MariaDB Enterprise Server 10.2.36-10 was released on 2020-12-14.

Fixed Security Vulnerabilities

CVE (with cve.mitre.org link)

CVSS base score

CVE-2020-14765

6.5

CVE-2020-14776

4.9

CVE-2020-14789

4.9

CVE-2020-14812

4.9

CVE-2020-28912

N/A #f1

Notable Changes

  • The audit plugin (not MariaDB Enterprise Audit) did not log proxy users. The new plugin version 2.0.3 introduces an event sub-type PROXY_CONNECT for event type CONNECT. (MDEV-19443)

    • On connect, if a proxy user is used, an extra line will be logged: TIME,HOSTNAME,user,localhost,ID,0,PROXY_CONNECT,test,plug_dest@%,0

  • Better MariaDB GTID support for the mariabackup --slave-info option. (MDEV-19264)

  • New global InnoDB variable innodb_max_purge_lag_wait (MDEV-16952)

  • Galera wsrep library updated to 25.3.31 in MariaDB Enterprise Cluster.

  • The new parameter --include-unsupported for the script mariadb_es_repo_setup can be used to enable a repository of unsupported packages in the repository configuration. The repository currently includes the CONNECT Storage Engine. The storage engine can be installed by yum install MariaDB-connect-engine or apt-get install mariadb-plugin-connect-engine (MENT-1003)

  • Back port of a MariaDB Server 10.5 feature to not acquire InnoDB record locks when covering table locks exist. (MENT-403)

  • Change innodb_log_optimize_ddl=OFF by default. (MDEV-23720)

  • In alignment with the MariaDB Engineering Policy, this release does not include CentOS 6.x and RHEL 6.x packages.

Issues Fixed

Can result in data loss

Can result in a hang or crash

  • InnoDB persistent stats analyze forces full scan which results in a lock crash. (MENT-1024)

  • InnoDB hang on INSERT with error message Semaphore wait has lasted > 300 seconds. (MENT-1007)

  • Server crash can happen on filesort with a setting for max_sort_length to a value lower than the default of 64 (MDEV-24033)

  • Potential stack overflow in InnoDB fulltext search with a complex MATCH .. AGAINST string. (MDEV-23999)

  • Mariabackup can hang if the server goes idle after a particular kind of redo log write. (MDEV-23982)

  • A server crash can occur when encryption is enabled for temporary tables (encrypt-tmp-files=ON) and queries use window functions. (MDEV-23867)

  • A crash of MariaDB Server is possible when binary logging is activated, caused by improper raising of an error or replication checksum. (MDEV-23832)

  • InnoDB assertion on TRUNCATE after ALTER TABLE .. DISCARD TABLESPACE (MDEV-23705)

  • Server crashes after failed attempt to create unique key on virtual column. (MDEV-23685)

  • Possible server crash when using an index on a spatial data type with InnoDB. (MDEV-23600)

  • Possible server crash when a string function is used for a column of type DATETIME and the string function is used in a subquery which is returning a row. (MDEV-23535)

  • MariaDB Enterprise Cluster node can crash on high INSERT, DELETE, or UPDATE load from many connections executed on the same table with foreign keys. (MDEV-23557)

  • Server crashes if a query is executed on an InnoDB table with a foreign key where the foreign key was removed while using SET FOREIGN_KEY_CHECKS=0. This case should result in an SQL error. (MDEV-23470)

  • Recursive procedure call ends with a crash instead of SQL error. (MDEV-23463)

  • InnoDB fails to open the table during removal of VIRTUAL column DDL while using SET FOREIGN_KEY_CHECKS=0, due to lack of referenced index. (MDEV-23387)

  • Server crash when altering a table after its tablespace has been discarded already. (MDEV-22939)

  • SHOW BINLOG EVENTS FROM ... caused a variety of non-determinism failures if the given position did not exist. (MDEV-22473)

  • SET GLOBAL `replicate_do_db` = DEFAULT causes a crash. (MDEV-20744)

  • JSON_MERGE_PATCH(json_doc, json_doc[, json_doc] ...) can crash if the first parameter is set to NULL and the second is not valid JSON. (MDEV-20593)

  • Server crashes after DELETE with ON DELETE SET NULL for foreign key and a virtual column in index. (MDEV-20396)

  • Server can crash on a prepared SELECT statement executed via MariaDB MariaDB Connector/ODBC. (MDEV-19838)

  • Crash on SELECT on a table that contains indexed virtual columns. (MDEV-18366)

  • Possible server crash for queries using the window function NTH_VALUE() (MDEV-15180)

  • Galera got stuck after FLUSH TABLES (MDEV-22707)

  • Server crash can occur when SET GLOBAL replicate_do_table is used. (MDEV-23534)

Can result in unexpected behavior

Interface Changes

Platforms

In alignment to the enterprise lifecycle, MariaDB Enterprise Server 10.2.36-10 is provided for:

  • Red Hat Enterprise Linux 7

  • Red Hat Enterprise Linux 8

  • CentOS 7

  • CentOS 8

  • Ubuntu 16.04

  • Ubuntu 18.04

  • Debian 9

  • Debian 10

  • SUSE Linux Enterprise Server 12

  • SUSE Linux Enterprise Server 15

  • Microsoft Windows

Note

In alignment with the MariaDB Engineering Policy, this release does not include CentOS 6.x and RHEL 6.x packages.