Background # A critical vulnerability CVE-2021-44228 in the Apache Log4j logging library was disclosed on Dec 9. The project provided release 2.15.0 with a patch that mitigates the impact of this CVE. It was quickly found that the initial patch was insufficient, and an additional CVE CVE-2021-45046 followed. This has been fixed in release 2.16.0. Who is affected? # The bulk of vitess code is in golang, and is unaffected by these vulnerabilities.
Here is a fix for the MySQL/TokuDB/MariaDB bug I reported earlier today. I think this fix is correct (it is only one line) but I don’t delve into the storage engine very often (and particularly not into ha_partition.cc) so I think it would be good to wait for Oracle (or Percona, MariaDB, or Tokutek) to validate that it is correct before using it.
diff -u ha_partition.cc /tmp/ha_partition.cc --- ha_partition.cc 2013-04-05 05:27:18.000000000 -0700 +++ /tmp/ha_partition.cc 2013-05-27 02:45:01.680676228 -0700 @@ -6455,9 +6455,11 @@ void ha_partition::get_dynamic_partition_info(PARTITION_STATS *stat_info, uint part_id) { + handler *file= m_file[part_id]; DBUG_ASSERT(bitmap_is_set(&(m_part_info->read_partitions), part_id)); - file->info(HA_STATUS_CONST | HA_STATUS_TIME | HA_STATUS_VARIABLE | + + info(HA_STATUS_CONST | HA_STATUS_TIME | HA_STATUS_VARIABLE | HA_STATUS_VARIABLE_EXTRA | HA_STATUS_NO_LOCK); stat_info->records= …[Read more]
As you may have heard, this week on December 28, 2011, a group of security experts released information about a nasty problem in almost all languages and platforms related to hash function collisions and possibility of using those for DoS attack on web applications.
Ruby core team released new 1.8.7-p357 version with the problem fixed. JRuby development team came out with the new 1.6.5.1 release. Unfortunately 2 days after the release there is still no information from Ruby Enterprise Edition team on what to do with all the ree deployments.
So, since there is …
[Read more]In Percona Server security fix releases I mentioned patches for MySQL 4.0 and 4.1.
I am happy to announce that GoDaddy.com released patches for MySQL 4.0 and MySQL 4.1 under GPL license and you can get them from our Launchpad:
for 4.0: lp:~percona-dev/percona-patches/4.0.30 ( or https://launchpad.net/~percona-dev/percona-patches/4.0.30
)
for 4.1: lp:~percona-dev/percona-patches/4.1.24 ( or https://launchpad.net/~percona-dev/percona-patches/4.1.24)
Fixed bugs:
- Bug#53371, …
This is the 182nd edition of Log Buffer, the weekly review of database blogs. Make sure to read the whole edition so you do not miss where to submit your SQL limerick!
This week started out with me posting about International Women’s Day, and has me personally attending Confoo (Montreal) which is an excellent conference I hope to return to next year. I learned a lot from confoo, especially the blending nosql and sql session I attended.
This week was also the Hotsos Symposium. …
[Read more]Our patches for 5.0 have attracted significant interest. You can read about SecondLife's experience here, as well as what Flickr had to say on their blog. The main improvements come in both performance gains and improvements to diagnostics (such as the improvements to the slow log output, and INDEX_STATISTICS).
Despite having many requests to port these patches to 5.1, we simply haven't had the bandwidth as our main focus has been on developing XtraDB and XtraBackup. Thankfully a customer (who prefers to stay unnamed) as stood up and sponsored the work to move the patches to 5.1.
To refresh, the most interesting patches are:
- Performance patches for InnoDB ®. Although …
I don't feel like it to change my patches with every new release of PHP. In order to give something back to the community and to support my laziness, I publish a few patches for the PHP language. Some are really useful, some are quite okay and others are only to help in a more particular case. But read over the new featureset to make you an own opinion.
At Days of Wonder we are huge fans of MySQL (and since about a year of the various Open Query, Percona, Google or other community patches), up to the point we’re using MySQL for about everything in production.
But since we moved to 5.0, back 3 years ago our production databases which hold our website and online game systems has a unique issue: the mysqld process uses more and more RAM, up to the point where the kernel OOM decide to kill the process.
You’d certainly think we are complete morons because we didn’t do anything in the last 3 years to fix the issue
Unfortunately, I never couldn’t …
[Read more]For the my previous post, there was comment to suggest to test db_STRESS benchmark on XtraDB by Dimitri. And I tested and tuned for the benchmark. I will show you the tunings. It should be also tuning procedure for general heavy writing workloads.
At first, <tuning peak performance>. The next, <tuning purge operation> to stabilize performance and to avoid decreasing performance.
<test condition>
Server:
PowerEdge R900, Four Quad Core E7320 Xeon, 2.13GHz, 32GB Memory,
16X2GB, 667MHz
db_STRESS:
32 sessions, RW=1, dbsize = 1000000, no thinktime
XtraDB: (mysql-5.1.39 + XtraDB-1.0.4-current)
innodb_io_capacity = 4000
innodb_support_xa = false
innodb_file_per_table = …
We just had a booboo in one of our internal systems, causing it to not come up properly on reboot. The actual mishap occurred several weeks ago (simple case of human error) and was in itself a valid change so monitoring didn’t raise any concerns. So, as always, it’s interesting and useful to think about such events and see what we can learn.
Years ago, but for some now still, one objective is to see long uptime for a server, sometimes years. It means the sysadmin is doing everything right, and thus some serious pride is attached to this number. As described only last week in Modern Uptime on the Standalone Sysadmin blog, security patches are a serious issue these days, and so (except if you’re using ksplice sysadmin quality has become more a question of when you …
[Read more]