MySQL 3.23.36 is now released. According to a MySQL mailing list announcement, the release should fix a security bug in regards to database names starting with ".." or containing ",".

In addition, the release fixes a bug that was recently introduced in 3.23.34.

MySQL recommends that administrators should never run the mysqld server as root.

The following is from the release announcement:

Changes in release 3.23.36

• Fixed that one can't use database names with `.'. This fixes a serious security issue when `mysqld' is run as root.
• Fixed bug when thread creation failed (could happen when doing a LOT of connections in a short time).
• Don't free the key cache on `FLUSH TABLES' as this will cause problems with temporary tables.
• Fixed problem in Innobase with with other character sets than latin1 and another problem when using many columns.
• Fixed a core-dump bug when using very complex query involving `DISTINCT' and summary functions.
• Added `SET TRANSACTION ISOLATION LEVEL ...'
• Added `SELECT ... FOR UPDATE'.
• Fixed bug where affected rows where not returned when `MySQL' was compiled without transaction support.
• Fixed a bug in `UPDATE' where keys weren't always used to find the rows to be updated.
• Fixed a bug in `CONCAT_WS()' where it returned wrong results.
• Changed `CREATE ... INSERT' and `INSERT ... SELECT' to not allow concurrent inserts as this could make the binary log hard to repeat. (Concurrent inserts are enabled if you are not using the binary or update log).
• Changed some macros to be able to use fast mutex with glibc 2.2.

Related Stories:
Getting out of MS Access [to MySQL](Mar 12, 2001)
WebTechniques: Someone Else's Database(Feb 15, 2001)
Techtarget: MySQL and the Open Source revolution: An interview with Britt Jonston(Jan 31, 2001)
WebTechniques: A Database-Independent API for PHP(Jan 23, 2001)
Why and How I Installed PHP4, MySQL, and Apache on Windows 98(Sep 27, 2000)