Percona Server for MySQL 5.7.21-21 Is Now Available with Increased Built-In Security EnhancementsDmitriy Kostiuk
Percona announces the GA release of Percona Server for MySQL 5.7.21-21 on on April 24, 2018. Download the latest version from the Percona web site or the Percona Software Repositories. You can also run Docker containers from the images in the Docker Hub repository.
This version of Percona Server for MySQL 5.7.21 includes three new encryption features – Vault keyring plug-in, encryption for InnoDB general tablespaces, and encryption for binary log files.
These new capabilities, which allow companies to immediately increase security for their existing databases, are also part of a larger project to build complete, robust, enterprise-grade encryption capabilities into Percona Server for MySQL, allowing customers and the community to satisfy their most rigorous security compliance requirements. Percona also announced the release of a new version of Percona XtraBackup that supports backing up Percona Server for MySQL instances that have these encryption features enabled.
Based on MySQL 5.7.21, including all the bug fixes in it, Percona Server for MySQL 5.7.21-21 is the current GA release in the Percona Server for MySQL 5.7 series. Percona provides completely open-source and free software.
- A new variable
innodb_temp_tablespace_encryptis introduced to turn encryption of temporary tablespace and temporary InnoDB file-per-table tablespaces on/off. Bug fixed #3821.
- A new variable
innodb_encrypt_online_alter_logssimultaneously turns on encryption of files used by InnoDB for merge sort, online DDL logs, and temporary tables created by InnoDB for online DDL. Bug fixed #3819.
- A new variable
innodb_encrypt_tablescan be set to
ON, making InnoDB tables encrypted by default, to
FORCE, disabling creation of unencrypted tables, or
OFF, restoring the like-before behavior. Bug fixed #1525.
- Query response time plugin now can be disabled at session level with use of a new variable
- Attempting to use a partially-installed query response time plugin could have caused server crash. Bug fixed #3959.
- There was a server crash caused by a materialized temporary table from semi-join optimization with key length larger than 1000 bytes. Bug fixed #296.
- A regression in the original 5.7 port was causing integer overflow with
thread_pool_stall_limitvariable values bigger than 2 seconds. Bug fixed #1095.
- A memory leak took place in Percona Server when performance schema is used in conjunction with thread pooling. Bug fixed #1096.
- A code clean-up was done to fix compilation with clang, both general warnings (bug fixed #3814, upstream #89646) and clang 6 specific warnings and errors (bug fixed #3893, upstream #90111).
- Compilation warning was fixed for
-DWITH_QUERY_RESPONSE_TIME=ONCMake compilation option, which makes QRT to be linked statically. Bug fixed #3841.
- Percona Server returned empty result for
SELECTquery if number of connections exceeded 65535. Bug fixed #314 (upstream #89313).
- A clean-up in Percona Server binlog-related code was made to avoid uninitialized memory comparison. Bug fixed #3925 (upstream #90238).
--innodb-optimize-keysoption was incorrectly working with foreign keys on the same table, producing invalid SQL statements. Bugs fixed #1125 and #3863.
- A fix of the mysqld startup script failed to detect jemalloc library location for preloading, thus not starting on systemd based machines, introduced in Percona Server
5.7.21-20, was improved to take into account previously created configuration file. Bug fixed #3850.
- The possibility of a truncated bitmap file name was fixed in InnoDB logging subsystem. Bug fixed #3926.
- Temporary file I/O was not instrumented for Performance Schema. Bug fixed #3937 (upstream #90264).
- A crash in the unsafe query warning checks with views took place for
UPDATEstatement in case of statement binlogging format. Bug fixed #290.
- A re-implemented variable
rpl_skip_tx_apiallows to turn on simple RocksDB write batches functionality, increasing replication performance by the transaction api skip. Bug fixed MYR-47.
- Decoding value-less padded varchar fields could under some circumstances cause assertion and/or data corruption. Bug fixed MYR-232.
- Two new variables introduced for the TokuDB fast updates feature,
tokudb_enable_fast_upsertshould be now used instead of the
NOARkeyword, which is now optional at compile time and off by default. Bugs fixed #63 and #148.
- A set of compilation fixes was introduced to make TokuDB successfully build in MySQL / Percona Server 8.0. Bugs fixed #84, #85, #114, #115, #118, #128, #139, #141, and #172.
- Conditional compilation code dependent on version ID in the TokuDB tree was separated and arranged to specific version branches. Bugs fixed #133, #134, #135, and #136.
ALTER TABLE ... COMMENT = ...statement caused TokuDB to rebuild the whole table, which is not needed, as only FRM metadata should be changed. Bug fixed #130, and #137.
- Data race on the cache table pair attributes was fixed.
[2018-04-26 – UPDATE:] CentOS 6 and CentOS 7 packages were affected by PS-3971 where
my.cnf configuration file would be replaced by a symlink. These packages (
5.7.21-21.1) were removed from the repos, and new packages (
5.7.21-21.3) with the fix have been deployed later today.