Hello Daniel (and others),
The usual changelogs[1] and relese notes[2] don't seem to contain CVE
identifiers, or even a separate section about fixed security issues
For the downstream security teams if would be reassuring if the CVE
information would be easily available. For example if the security
teams follow the CVE news and they for example know or suspect that
CVE-2014-4260 affects MariaDB, it would be nice to see if it is
already fixed or what version it was fixed in, so downstream security
teams can organize and prioritize their patching and release work.
Do you have any suggestion how to address this?
Should we maybe have a separate wiki page, e.g.
https://mariadb.com/kb/en/mariadb/cve/ that would have a table of CVEs
and MariaDB 5.5/10.0/Galera versions where they are fixed? Or should
just each release notes include a subsection "Security" with these
details? Something else?
Of course we need to consider timing issues, e.g. a security issue
fixed in MariaDB might get publicity and a CVE only later when Oracle
releases it, and in those cases old release notes need to be upgraded
to include the CVE identifiers.
[1] https://mariadb.com/kb/en/mariadb-10013-changelog/
[2] https://mariadb.com/kb/en/mariadb-10013-release-notes/
(To be exact, googling for 'mariadb cve' does give one hit at
mariadb.com in the 5.3.12 release notes)
I was chatting with some folks on IRC and someone pointed this out to me.
On the "Upgrading From MariaDB 5.5 to MariaDB 10.0" page, it says that
the new default value for innodb-buffer-pool-instances is '0':
https://mariadb.com/kb/en/upgrading-from-mariadb-55-to-mariadb-100/
And when I run the following, it says the default is indeed '0':
mysqld --no-defaults --verbose --help | grep innodb-buffer-pool-instances
...
innodb-buffer-pool-instances 0
But when I'm in the client, I get the following:
MariaDB [(none)]> select @@innodb_buffer_pool_instances;
+--------------------------------+
| @@innodb_buffer_pool_instances |
+--------------------------------+
| 8 |
+--------------------------------+
So when innodb-buffer-pool-instances is set to '0', does that mean the
actual value is dynamic or calculated in some way based on my other
settings?
Just trying to understand what's going on, and once I do, use it to
update the XtraDB/InnoDB buffer-pool page (which doesn't appear to
have been updated for 10.0).
https://mariadb.com/kb/en/xtradbinnodb-buffer-pool/
Thanks!
--
Daniel Bartholomew, MariaDB Release Manager
MariaDB | http://mariadb.com
Hi Ian! i think you forgot the maria-docs mailist at CC, i included it again
-----
yes, i think that's a job of some MDEV:
https://mariadb.atlassian.net/browse/MDEV-5425https://mariadb.atlassian.net/browse/MDEV-4007https://mariadb.atlassian.net/browse/MDEV-4427
and from last one (that i reported), this was the last comment from monty:
Michael Widenius<https://mariadb.atlassian.net/secure/ViewProfile.jspa?name=monty>
added
a comment - 2014-04-22 08:19
We already have one implementation of this task. We are just waiting for
the sponsor to pay for it so that we can push it.
i will ask at jira if we have news about it
2014-05-26 16:47 GMT-03:00 Ian Gilfillan <ian(a)mariadb.org>:
> Thanks for picking that up.
>
> I'm not sure of the history, but the original version of the page you're
> referring to:
> https://mariadb.com/kb/en/how-to-limittimeout-queries/13101/
> details such a feature, which was scheduled for inclusion in MariaDB 5.5.29
>
> That feature never seemed to make it, and the link you've picked up is
> still a legacy of that.
>
> I'll remove the mention and wait for the feature to actually arrive ;)
>
> ian
>
>
> On 26/05/2014 21:26, Roberto Spadim wrote:
>
> hi guys, i was reading about kill query id
>
> https://mariadb.com/kb/en/data-manipulation-kill-connection-query/
>
> at this part:
> "The timeouts generated by MAX_QUERY_TIME<https://mariadb.com/kb/en/how-to-limittimeout-queries/#max_query_time-varia…>
> use KILL SOFT QUERY.
> "
>
> when i click at MAX_QUERY_TIME, i open a new link to a page that doesn't
> explain what is MAX_QUERY_TIME
>
> hehe maybe a broken link? or a feature not developed yet?
>
>
>
>
--
Roberto Spadim
SPAEmpresarial
Eng. Automação e Controle
I've started the release prep for MariaDB 10.0.11. Draft release notes
and changelog pages are here:
- https://mariadb.com/kb/en/mariadb-10011-release-notes/
- https://mariadb.com/kb/en/mariadb-10011-changelog/
Please make necessary additions/modifications/etc...
The release is still building at the moment, but when finished I'll
upload to the mirrors later today or tomorrow. Current plan, if
everything goes well, is to activate and announce the release on
Monday, 12 May.
Thanks!
--
Daniel Bartholomew, MariaDB Release Manager
MariaDB | http://mariadb.com