Hi,
this is in reply to various questions that have reached us after the recent security fix, contained in MySQL 4.1.20, 4.0.22, and 5.1.11-beta:
The problem was a possible "SQL injection" risk, if the application sent data using some multi-byte character sets, due to an incorrect parsing in the server of strings generated by mysql_real_escape_string().
It had been introduced in 4.1 only, it does NOT affect any earlier version (4.0 or 3.23).
As 3.23 and 4.0 never had this security risk, there is nothing to fix in these releases.
We are sorry if anybody got the impression we were neglecting any such security risk in older releases.
Enjoy! Joerg -- Joerg Bruehe, Senior Production Engineer MySQL AB, www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
