Dear MySQL users,

MySQL Server 5.6.34, a new version of the popular Open Source
Database Management System, has been released. MySQL 5.6.34 is
recommended for use on production systems.

For an overview of what's new in MySQL 5.6, please see

     Starting with 5.6.11, Microsoft Windows packages for MySQL 5.6
     are available both as a "full" installer and as a "web" installer.
     The full installer is significantly larger and comes bundled with
     the latest software releases available. This bundle makes it easy
     to download and configure a full server and development suite.

     The web installer doesn't come bundled with any actual products
     and instead relies on download-on-demand to fetch only the
     products you choose to install. This makes the initial download
     much smaller but increases install time as the individual products
     will need to be downloaded.

For information on installing MySQL 5.6.34 on new servers or upgrading
to MySQL 5.6.34 from previous MySQL releases, please see

MySQL Server is available in source and binary form for a number of
platforms from our download pages at

Not all mirror sites may be up to date at this point in time, so if you
can't find this version on some mirror, please try again later or choose
another download site.

We welcome and appreciate your feedback, bug reports, bug fixes,
patches, etc:

The following section lists the changes in MySQL 5.6 since
the release of MySQL 5.6.33. It may also be viewed
online at


Changes in MySQL 5.6.34 (2016-10-12)

     * Packaging Notes

     * Security Notes

     * Functionality Added or Changed

   Packaging Notes

     * RPM and Debian packages now create the
       /var/lib/mysql-files directory, which is now the default
       value of the secure_file_priv system variable that
       specifies a directory for import and export operations.
       (Bug #24709892, Bug #24761774)

   Security Notes

     * Incompatible Change: The secure_file_priv system variable
       is used to limit the effect of data import and export
       operations. The following changes have been made to how
       the server handles this variable:

          + secure_file_priv can be set to NULL to disable all
            import and export operations.

          + The server checks the value of secure_file_priv at
            startup and writes a warning to the error log if the
            value is insecure. A non-NULL value is considered
            insecure if it is empty, or the value is the data
            directory or a subdirectory of it, or a directory
            that is accessible by all users. If secure_file_priv
            is set to a nonexistent path, the server writes an
            error message to the error log and exits.

          + Previously, the secure_file_priv system variable was
            empty by default. Now the default value is platform
            specific and depends on the value of the
            INSTALL_LAYOUT CMake option, as shown in the
            following table.

INSTALL_LAYOUT Value    Default secure_file_priv Value
 -------------------- ------------------------------------------------
 DEB, RPM, SLES, SVR4    /var/lib/mysql-files
 Otherwise               mysql-files under the CMAKE_INSTALL_PREFIX value

          + To specify the default secure_file_priv value
            explicitly if you are building from source, use the
            new INSTALL_SECURE_FILE_PRIVDIR CMake option. To
            specify a directory for the embedded server, set the
            default value is NULL.
       (Bug #24679907, Bug #24695274, Bug #24707666)

   Functionality Added or Changed

     * yaSSL was upgraded to version 2.4.2. This upgrade
       corrects issues with: Potential AES side channel leaks;
       DSA padding for unusual sizes; the
       SSL_CTX_load_verify_locations() OpenSSL compatibility
       function failing to handle long path directory names.
       (Bug #24512715, Bug #24740291)

Reply via email to