MariaDB 5.3.12 Release Notes
Release date: 30 Jan 2013
This is a Stable (GA) release. In general this means that there are no known serious bugs, except for those marked as feature requests, that no bugs were fixed since last release that caused a notable code changes, and that we believe the code is ready for general usage (based on bug inflow).
For a list of changes made in this release, with links to detailed information on each push, see the MariaDB 5.3.12 Changelog.
In most respects MariaDB will work exactly as MySQL: all commands, interfaces, libraries and APIs that exist in MySQL also exist in MariaDB.
This release is primarily a bug-fix release.
Important Security Fixes
This release includes fixes for the following security vulnerabilities:
- A buffer overflow that can cause a server crash or arbitrary code execution (a variant of CVE-2012-5611)
- CVE-2012-5627/MDEV-3915 fast password brute-forcing using the "change user" command
- CVE-2012-5615/MDEV-3909 information leakage about existing user accounts via the protocol handshake
- fixes for DoS attacks - crashes and server lockups (see the Changelog)
- DoS - server lockup (MDEV-4029)
- DoS - server crash (MDEV-729)
Additionally, it includes all security fixes from MySQL 5.1.67, such as fix for a buffer overflow with stored routines (a variant of CVE-2012-5612) and fixes for the following vulnerabilities:
Includes MariaDB 5.2.14 and MySQL 5.1.67
The MariaDB project tries to support as many different Operating Systems and Linux Distributions as we can. However, when a distribution or OS stops receiving security and other updates it becomes difficult to freely provide packages for that platform. In such cases, our policy is to deprecate that platform and stop providing binary packages for it.
As of 1 Feb 2013, we will stop building packages for the following:
- Fedora 16 "Verne"
- Debian 5 "Lenny"
- Ubuntu 10.10 "Maverick"
- Ubuntu 11.04 "Natty"
If your chosen Linux Distribution or Operating System is deprecated, packages or support are not completely unavailable. Companies such as SkySQL and Monty Program (and others) provide support for all versions of MariaDB back to even very old MySQL versions. This includes packaged binaries. Contact them for more details.
More information on our deprecation policy can be found at:
From the beginning of the MariaDB project in 2009 we've kept all of our old releases online via our network of mirrors. Doing this is great for those few who are interested in old releases, but the disk space required to host all of our old releases is over 130 Gigabytes at present and grows by several gigabytes with each new release. This is too much for some of our mirrors to handle. So, starting with this release our primary mirror will only host the most recent three or four releases in each series (5.5, 10.0, and so on). Mirrors are, of course, free to keep archiving every release, but the primary mirror that they pull from will not.
Old releases do have value, so for those that are interested in old releases, we are setting up a simple, no frills, archive server which will host them. Once the server is up and running, links to archived releases on http://downloads.mariadb.org will point at the archive server. During the transition period, links to some old releases may disappear for a short time, but don't worry, they haven't been deleted, they're just being moved!
Thanks, and enjoy MariaDB!
Be notified of new MariaDB Server releases automatically by subscribing to the MariaDB Foundation community announce 'at' mariadb.org announcement list (this is a low traffic, announce-only list). MariaDB Corporation customers will be notified for all new releases, security issues and critical bug fixes for all MariaDB Corporation products thanks to the Notification Services.
MariaDB may already be included in your favorite OS distribution. More information can be found on the Distributions which Include MariaDB page.