Skip to content

Changelog

aharonrobbins edited this page Dec 28, 2017 · 89 revisions

v1.1.5 (release)

  • Removed support for MySQL 5.1, all versions.
  • Added support for MariaDB 5.5.57 - 5.5.58, 10.0.32 - 10.0.33, 10.1.26 - 10.1.29, and 10.2.7 - 10.2.11.
  • Added support for MySQL 5.5.57 - 5.5.58, 5.6.37 - 5.6.38, and 5.7.19 - 5.7.20.
  • Added support for Percona 5.7.19-17, 5.7.20-18, 64-bit only.
  • The plugin now sends the numeric MySQL error code ("status") for commands when they fail, or zero on success. This fixes issue #82.
  • Fix issue #171.
  • Fix issue #172.
  • Fix issue #173.

v1.1.4 (release)

  • Added support for MariaDB 10.0.31, 10.1.24 - 10.1.25, and 10.2.0 - 10.2.6.
  • The plugin can now be renamed.
  • The socket "unable to connect" message is logged as a warning the first time.
  • The plugin now correctly retrieves the port for a remote connection on MySQL 5.7.
  • If a user-id doesn't have a username and is negative, it is logged as [unknown].

v1.1.3

  • Added support for MySQL 5.5.56.
  • Added support for MariaDB 5.5.56 and 10.1.23.
  • New configuration variable, audit_json_socket_write_timeout, which provides a timeout in milliseconds for writes to the JSON socket. Current value is 1000 (= 1 second). This should prevent the plugin from causing any lockouts of MySQL.

v1.1.2

  • Added support for MySQL 5.5.55, 5.6.36, and 5.7.18.
  • Added support for MariaDB 5.5.55, 10.1.21 - 10.1.22, and 10.0.29 - 10.0.30.
  • Fix issue #155.
  • Add more information to each record:
    • For connections via Unix Domain Socket, PID, application name, and OS user name of process on the other end of the connection.
    • For connections via TCP Socket, client port of the connection.
    • When audit_before_after is set to 'after', the number of rows affected by the statement and/or returned by the SQL query.
  • The offset-extract.sh script was updated. If you have extracted offsets on your own, you should rerun the script to make the new offsets available.
  • New configuration variable, audit_socket_creds, which enables writing of the connection-related information. Default is ON.
  • UNINSTALL PLUGIN now works on MySQL 5.7.
  • UPDATE was added to the list of commands where password masking is done.
  • New configuration variable, audit_before_after, which determines if the log record is written before or after execution of the SQL statement. Possible string values are 'before', 'after', or 'both'. The default is after.
    • This changes the behavior of the plugin for statements created with PREPARE.
    • Using 'both' produces two records for each statement, be prepared to process them.
  • The offset extraction script is now included in the pre-built binary releases.
  • Fixed a crash in cases where there are no connection attributes. See issue #160.

v1.1.1

  • Added support for MySQL 5.5.54, 5.6.35, and 5.7.17.
  • Added support for MariaDB 10.1.20, and 5.5.54.
  • Changed algorithm for allocation of trampoline page on 64 bit systems when MySQL is loaded into the lower 32 bits of the address space. Should address issue #150 and possibly some of the others.
  • Fixed a bug such that an empty connect message is not created for the MySQL 5.7 "pre authenticate" event.
  • Added offsets for client capabilities (all versions) and for session connect attributes (MySQL 5.6 and 5.7). The default is to log the connection attributes but not the capabilities.
  • Updated the offset-extract.sh script. If you have extracted offsets on your own, you should rerun the script to make the new offsets available.
  • Added two new configuration variables: audit_client_capabilities (all versions, default OFF) and audit_sess_connect_attr (MySQL 5.6 and 5.7, default ON).
  • Improved the plugin's behavior on systems where skip_name_resolve is set in MySQL, particularly for Percona server.

v1.1.0

  • Added support for MariaDB 10.0.25-10.0.28, 10.1.13-10.1.19, 5.5.49 - 5.5.53.
  • Added support for MySQL 5.5.49 - 5.5.53, 5.6.30 - 5.6.34, 5.7.12 - 5.7.16.
  • Updated to latest YAJL and PCRE libraries.
  • Fixed an Autoconf warning in yajl/src/Makefile.am.
  • Reformatted the code, including making line endings consistent.
  • Fixed problem computing the name of the audit socket if MySQL was configured for no networking or with no sockets specified in the configuration file.
  • Fixed problem loading the plugin on Debian 8 32-bit systems. See issue: #132.
  • Fixed problem with very large query crashing MySQL when the plugin is loaded. See issue: #145.
  • Improved handling of prepared statements with jdbc driver. See issue: #144.
  • Restored creation of failed login messages for MySQL 5.6.32 and forward, and 5.7.14 and forward.
  • Some performance improvements in the plugin.

v1.0.9

  • Added support for MySQL 5.7.9, 5.7.10 and 5.7.11
  • Added support for MariaDB 10.1.10 through 10.1.12
  • Fixed problem with setting variables to null. See issue: #133.
  • If the password masking regex is set to a value that won't compile, revert to the default regex
  • Added MariaDB 10.0.19 to 10.0.24 offsets
  • Added MariaDB 5.5 offsets through 5.5.48
  • Added MySQL offsets up to: 5.5.48 and 5.6.29
  • Documentation fixes. See issue: #115.

v1.0.8

  • Added MariaDB 10.0.15 to 10.0.17 offsets
  • Added MySQL offsets up to: 5.5.43 and 5.6.24
  • Added a special symbol named: audit_plugin_version_<version>_<revision> where . is replaced with _. It is possible to get the version of the library file by running the following command: nm /usr/lib/mysql/plugin/libaudit_plugin.so | grep 'audit_plugin_version' | grep -P -o '\d+_\d+_\d+_\d+'. Output will be of the form: 1_0_8_511. This can be used to determine the version of the audit plugin library without logging into MySQL and performing a query.
  • Fixed an issue where after terminating a query (not a connection) further queries on the same connection will not return results. See issue: #98.
  • Fixed crash on Percona 5.6 when changing default database (use <db>).
  • New configuration option: audit_force_record_logins: Force logging: Connect, Quit and Failed Login commands, regardless of the settings in audit_record_cmds and audit_record_objs variables. Enable|Disable. Default value: disabled. Contributed by @RickPizzi.

v1.0.7

  • Added MySQL offests up to: 5.5.40 and 5.6.21
  • MariaDB 10.0 support: offsets for 10.0.9 through 10.0.14 added. Note there is a separate binary build available for MariaDB 10.0.
  • Bug fix: Protection for case where tcp port or unix socket is not set and plugin tries to set default socket name at startup. The tcp port or unix socket are not initialized when they are not passed either on the command line or configured in my.cnf. In this case the plugin init function is called before mysql has set the default values.

v1.0.6

  • Added MySQL offests up to: 5.5.39 and 5.6.20
  • New feature: write a header message at start of logging or on file flush (both file and socket logging options). Includes new configuration parameter: audit_header_msg to control if the header message is enabled/disabled (default enabled). Header message is in json format. Sample json message: {"msg-type":"header","date":"1404402497645","audit-version":"1.0.0-99999","audit-protocol-version":"1.0","hostname":"debian","mysql-version":"5.5.23-1~dotdeb.0","mysql-program":"/usr/sbin/mysqld","mysql-socket":"/var/run/mysqld/mysqld.sock","mysql-port":"3306"}
  • New feature: password masking. Passwords will be masked in the audit log. New configuration variables added: audit_password_masking_cmds and audit_password_masking_regex.
  • New configuration option: audit_whitelist_cmds: Comma separated list of white-listed cmds whose queries are not recorded. Contributed by @imreFitos.
  • New default socket name used for auditing. Default name used if not explicitly configured: /tmp/mysql.audit_[cwd]_[port number OR unix socket with underscores instead of slashes]. Used for better support of multiple mysql instances running on the same machine.
  • New configuration options for specifying retry interval for connecting to audit destination: audit_json_file_retry and audit_json_socket_retry.

v1.0.5

  • Added MySQL offests up to: 5.5.38 and 5.6.19
  • MariadDB 5.5 support. Note there is a separate binary build available for MariaDB.

v1.0.4

  • Added MySQL offsets up to: 5.1.73, 5.5.35 and 5.6.15.
  • New configuration option: audit_whitelist_users: Comma separated list of white-listed users whose queries are not recorded.
  • Better support for SELinux.
  • Support for empty user white listing using "{}".
  • Compilation fixes for newer compilers.
  • Various bugs fixed. See: [closed issue list] (https://github.com/mcafee/mysql-audit/issues?page=1&sort=updated&state=closed).

v1.0.3

  • Added MySQL offsets up to 5.5.28 and 5.1.66
  • New configuration var: offsets_by_version - If checksum validation doesn't pass, will attempt to load and validate offsets according to the MySQL version (default: on).
  • New configuration var: validate_offsets_extended - perform offset extended validation (default: on).
  • Better support for MySQL Cluster NDB: fixed bug with socket mode.
  • Support for '{}' in audit_record_objs as a means to specify an empty set. See issue #12.
  • Support for MySQL compiled with newer versions of GCC (Percona and Red Hat 6 distributions). See issues #11 and #1.
  • Compilation error fixes and configuration change crash fix. See issues #18 and #15. Contributed by @mitans02.

v1.0.2

  • Added MySQL offsets up to 5.5.25 and 5.1.63
  • Better support for Debian/Ubuntu distributions. If audit_validate_checksum is disabled will try additional offsets with 24 bytes difference as seen on Debian/Ubuntu distributions.
  • Better support for log file rotation. Added support for audit_json_file_flush. See issue #9.
  • Bug fix where audit_delay_cmds was not being set if already set in my.cnf. See issue #7. Contributed by @creechy.
  • New options to limit auditing: audit_record_cmds and audit_record_objs. See issue #8. Contributed by @creechy.
  • New checksum assurance option: audit_checksum. See issue #8. Contributed by @creechy.

v1.0.1

  • README documentation: reference to github wiki
  • Performance improvements for command name lookup
  • Cached queries: fixed cmd type and object type reported
  • Compilation: changed to minimal export of only the needed functions for loading a plugin
  • Added MySQL 5.5.21 offsets

v1.0.0

  • Initial Release
Clone this wiki locally