Hello, On this page: https://mariadb.com/kb/en/library/security/ I can find CVEs that affect MariaDB server and releases they were fixed in. Other useful page is this one: https://mariadb.com/kb/en/library/security-vulnerabilities-in-oracle- mysql-that-did-not-exist-in-mariadb/ -- I'd like to ask you to also list CVEs applicable for connectors and versions of connectors (CONC, CONJ, ODBC) they were fixed in, since there is not direct relationship between: 1) server nad CONC 2) ODBC and CONC Server is (or atleast should be) built on top of released version of the CONC, not the latest Git content. Atleast downstreams starts to use this scheme (separate server and client library - the CONC), so they depend only on the released versions of the CONC. -- For example CVE-2018-3081 should be fixed in CONC 3.0.5, however since nor git commit, nor CONC release notes says it explicitly, I can only guess. -- Michal Schorm Associate Software Engineer Core Services - Databases Team Red Hat