Security Fixes for Percona XtraDB Cluster, Updated Percona Distribution for MySQL: Release Roundup March 29, 2021

It’s release roundup time again here at Percona!

Percona Releases March 29Our Release Roundups showcase the latest Percona software updates, tools, and features to help you manage and deploy our software. It offers highlights and critical information, as well as links to the full release notes and direct links to the software or service itself to download.

Today’s post includes those releases and updates that have come out since March 15, 2021, including fixes for security vulnerability CVE-2021-27928 in Percona XtraDB Cluster, an updated Percona Distribution for MySQL (PXC variant), and the release of Percona Monitoring and Management 2.15.1.

 

Percona Distribution for MySQL (Percona XtraDB Cluster Variant) 8.0.22

On March 23, 2021, Percona Distribution for MySQL (PXC variant) 8.0.22 was released. It is a single solution with the best and most critical enterprise components from the MySQL open source community, designed and tested to work together. This release is based on Percona XtraDB Cluster 8.0.22-13.1.

Download Percona Distribution for MySQL (PXC variant) 8.0.22

 

Percona Monitoring and Management 2.15.1

Percona Monitoring and Management 2.15.1 was released on March 18, 2021. It is a free and open-source platform for managing and monitoring MySQL, MongoDB, and PostgreSQL performance. A release highlight is a patch that fixes performance issues discovered in systems, together with other small fixes. In addition, there are several bug fixes, including high CPU consumption by Grafana server, high CPU and Memory consumption by Victoria Metrics, and MongoDB exporter IndexStatsCollections assigning values from the wrong flag (intended for 2.15.0, omitted due to missing merge cutoff – Thanks to Tim for reporting this issue).

Download Percona Monitoring and Management 2.15.0

 

Percona XtraDB Cluster 5.6.51-28.46

On March 22, 2021, Percona XtraDB Cluster 5.6.51-28.46 was released. It is a high availability, open-source, MySQL clustering solution that helps enterprises minimize unexpected downtime and data loss, reduce costs, and improve the performance and scalability of their database environments. This fixes security vulnerability CVE-2021-27928, a similar issue to CVE-2020-15180.

Download Percona XtraDB Cluster 5.6.51-28.46

 

Percona XtraDB Cluster 5.7.33-31.49

Percona XtraDB Cluster 5.7.33-31.49 was released on March 22, 2021. This fixes security vulnerability CVE-2021-27928, a similar issue to CVE-2020-15180. There are also several bug fixes, including modifying processing to not allow threads/queries to be killed if the thread is in TOI and explicitly set the dhparam option with socat to bypass the use of the old certs.

Download Percona XtraDB Cluster 5.7.33-31.49

 

Percona XtraDB Cluster 8.0.22-13.1

March 22, 2021, saw the release of Percona XtraDB Cluster 8.0.22-13.1. This fixes security vulnerability CVE-2021-27928, a similar issue to CVE-2020-15180. An improvement in this release is the implementation of package changes for SELinux and AppArmor, and bug fixes include modification of processing to not allow threads/queries to be killed if the thread is in TOI, correct condition in thd_binlog_format() function for List Index process (Thanks to user Paweł Bromboszcz for reporting this issue), and the adjustment of mysqld_safe script to parse 8.0 log style properly. There are also some known issues you should be aware of, listed in the release notes.

Download Percona XtraDB Cluster 8.0.22-13.1

 

Percona XtraBackup 2.4.22

Percona XtraBackup 2.4.22 was released on March 22, 2021. It enables MySQL backups without blocking user queries, making it ideal for companies with large data sets and mission-critical applications that cannot tolerate long periods of downtime. This release fixes the security vulnerability CVE-2020-29488. There are also bugs fixed, including updated versions for xbstream and xbcrypt, correct spellings in xbcloud help, and the addition of missing PXB help options to the xtrabackup options reference.

Download Percona XtraBackup 2.4.22

 

Percona XtraBackup 8.0.23-16.0

Also on March 22, 2021, Percona XtraBackup 8.0.23-16.0 was released, fixing the security vulnerability CVE-2020-29488. Improvements in this release include providing SELinux and AppArmor default policies and enabling –lock-ddl by default to prevent corruption of the backup. A full list of bug fixes are in the release notes, but some of the highlights are the correction of incremental prepare failure with logical redo by skipping the apply of logical redos (MLOG_TABLE_DYNAMIC_META) during the incremental prepare (except the last prepare), the addition of build dependencies to correct Debian/Ubuntu packages in docker (Thanks to user Matt Cole for reporting this issue), and correct restore processing when there are DML statements running during backup stage by writing the last_checkpoint and LSN from ps.log_status instead of the redo log (Thanks to user Li Biao for reporting this issue).

Download Percona XtraBackup 8.0.23-16.0

 

That’s it for this roundup, and be sure to follow us on Twitter to stay up-to-date on the most recent releases! Percona is a leader in providing best-of-breed enterprise-class support, consulting, managed services, training, and software for MySQL, MongoDB, PostgreSQL, MariaDB, and other open source databases in on-premises and cloud environments.

Share this post

Leave a Reply