MySQL Connector/ODBC 5.3.8 has been released

Dear MySQL users,

MySQL Connector/ODBC 5.3.8, a new version of the ODBC driver for the MySQL database management system, has been released.

The available downloads include both a Unicode driver and an ANSI driver based on the same modern codebase. Please select the driver type you need based on the type of your application – Unicode or ANSI.
Server-side prepared statements are enabled by default. It is suitable for use with any MySQL version from 5.5.

This is the fourth release of the MySQL ODBC driver conforming to the ODBC 3.8 specification. It contains implementations of key 3.8 features,
including self-identification as a ODBC 3.8 driver, streaming of output parameters (supported for binary types only), and support of the SQL_ATTR_RESET_CONNECTION connection attribute (for the Unicode driver only).

Also, Connector/ODBC 5.3 introduces a GTK+-based setup library providing a GUI DSN setup dialog on some Unix-based systems, currently included in the Debian 7/8, EL6/OL6, EL7/OL7 (64-bit only), Fedora 24/25,
FreeBSD 10/11, SLES 12, Ubuntu 12/14/16 packages. Other new features in the 5.3 driver are FileDSN and Bookmarks support.

The release is now available in source and binary form for a number of platforms from our download pages at http://dev.mysql.com/downloads/connector/odbc/5.3.html For information on installing, please see the documentation at http://dev.mysql.com/doc/connector-odbc/en/connector-odbc-installation.html Enjoy!

The MySQL Connectors team at Oracle Changes in MySQL Connector/ODBC 5.3.8 (2017-04-28)

Security Notes

* Security Fix: The linked OpenSSL library for Connector/ODBC Commercial 5.3.8 has been updated from version 1.0.2j to version 1.0.2k. Versions of OpenSSL prior to 1.0.2k are reported to be vulnerable to 2017-3731
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731), CVE-2017-3732
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732), and CVE-2017-7055
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7055).
This change does not affect the Oracle-produced MySQL Community build of Connector/ODBC 5.3.8, which uses the yaSSL library instead. (Bug #25615448, CVE-2017-3731,
CVE-2017-3732, CVE-2017-7055)

Bugs Fixed

* When error 2006 (“MySQL server has gone away”) occurred,
Connector/ODBC wrongly returned the SQL_NO_DATA error.
(Bug #25671389)

* When the SQL_TIMESTAMP_STRUCT was used, if the date portion of a timestamp was populated but the time portion was uninitialized, queries involving the timestamp would fail with a Date overflow error. With this fix, the uninitialized time value is simply ignored. (Bug
#25386024)

* Segmentation faults occurred when catalog, column, or table names that were too long were passed as arguments to metadata functions like SQLColumnPrivileges(),SQLColumns(),SQLTablePrivileges()
and SQLTables(). With this fix, proper errors are returned in those cases. (Bug #18796005)

* An assertion error occurred when calling SQLSetDescField() with SQL_DESC_COUNT as FieldIdentifier,
irrespective of the record number set. (Bug #18641633)

* Connector/ODBC quit unexpectedly when a negative column number was passed as an argument for the SQLGetData()
method. (Bug #18636600)

* When server-side prepared statements were enabled, using the prefetch option caused SQL syntax errors to be returned for queries that contained parameter markers.
(Bug #17386788)

* After the attribute SQL_ATTR_MAX_ROWS had been set for a certain statement handler, a new statement handler also had the same value set automatically. The fix makes sure a new statement handler returns all rows by default. (Bug
#17259397, Bug #69554)

* If the NO_INFORMATION_SCHEMA connection option was set,
the SQLTables() function did not return the catalog correctly when a wildcard or SQL_ALL_CATALOGS was used in its arguments. (Bug #14005343)
References: See also: Bug #13914518.

On behalf of the Oracle MySQL RE Team,
Hery Ramilison