ＭｙＳＱＬ 4.1.10a がリリースされました。
このリリースには UDF (User-defined function) のセキュリティパッチが含まれています。

ＵＤＦのセキュリティ問題に関する情報は、
http://dev.mysql.com/doc/mysql/en/udf-security.html
を参照ください。


以下チェンジログ：


■機能の追加と変更 (4.1.10から):

- Security improvement: The server creates `.frm', `.MYD', `.MYI', `.MRG', `.ISD', and `.ISM' table files only if a file with the same name does not already exist.

- Security improvement: User-defined functions should have at least one symbol defined in addition to the `xxx' symbol that corresponds to the main `xxx()' function. These auxiliary symbols correspond to the `xxx_init()', `xxx_deinit()', `xxx_reset()', `xxx_clear()', and `xxx_add()' functions. `mysqld' by default no longer loads UDFs unless they have at least one auxiliary symbol defined in addition to the main symbol.
The '--allow-suspicious-udfs' option controls whether UDFs that have only an `xxx' symbol can be loaded.
By default, the option is off. `mysqld' also checks UDF filenames when it reads them from the `mysql.func' table and rejects those that contain directory pathname separator characters. (It already checked names as given in `CREATE FUNCTION' statements.)
See the section in the manual on writing UDFs.