November 23, 2014

Percona response to recent MySQL security bugs

Recently there have been discussions on several vulnerabilities in MySQL and closely related projects such as MariaDB and Percona Server. Usually we have inherited security fixes from MySQL when we have updated Percona Server to be based off a new Oracle MySQL release. In this case however, Oracle has been incredibly quiet.

We’ve been examining how these affect current Percona Server versions and will shortly be making security releases and more information available (we wish to ensure what we say is correct in regards to Percona Server).

As seems to often be the case, we already had a release in the pipeline – Percona Server 5.5.28-29.2 which contains many bug fixes that affect users (see our release notes). We’re going to still release 5.5.28-29.2 and shortly after we’ll make 5.5.28-29.3 available with just security fixes.

For more information, see:

About Stewart Smith

Stewart Smith has a deep background in database internals including MySQL, MySQL Cluster, Drizzle, InnoDB and HailDB. he is also one of the founding core developers of the Drizzle database server. He served at Percona from 2011-2014. He is a former Percona employee.


  1. Chris Howells says:

    Is there any news on whether these bugs affect 5.1, and if so, if there will be a equivalent 5.1 release?


  2. We’ll be making 5.1 releases shortly. We went with 5.5 first as an overwhelming majority of users are on 5.5 rather than 5.1

Speak Your Mind