6411: 5.07 and newer assemblers generate MvLOCALIZED code that crashes 5.06 or older engines
6441: sha256 with openssl < 0.9.8
6449: Win32: file_read and [fs]time() create non-existent files
6454: 3.x Configuration causes segmentation fault when one or more required tag attributes are missing
6455: Floating point to string conversions occasionally include a NULL byte in the string
6456: MvSMTP: Write Error: Connection closed by remote host (windows server only)
6469: ISAPIApplication has no s.process_id
6482: ISNULL of a reference to a structure is always 1
6498: Free of uninitialized memory in Dictionary::Read when TaggedFile has no TF_DICT_ID section
6505: MvFOR without /MvFOR not caught by compiler
6519: Embedded bracket } causes compiler error [g.file].fn('}')
6546: Passing a database variable to a function by reference leads to a crash
6576: MvCALL does not verify server identity
6679: xml_parse when an xml_parse_section is present returns the section's content in root
6712: External function calls in MvDO expressions behave strangely when they reference functions that are not used in the MvDO'd file
6734: Hash-table collision based DOS with POSTed form data
6762: miva_array_deserialize outputs an array with a single empty element when passed an empty string
6799: Strings that contain ASCII NULL but begin with numbers are considered numbers
MySQL Connector Changes
- Only a single connection to the database server is used per VM instance, regardless of whether
a script opens multiple views simultaneously or executes an MvQUERY when a view is open.
- The connector now supports caching of prepared statements for better performance. The cache is
disabled by default and may be enabled using the "statement_cache_size" db command. Example:
<MvDBCOMMAND NAME = "Merchant" COMMAND = "statement_cache_size" PARAMETER = "5">
The value of PARAMETER controls the number of prepared statements that are cached. The N most
recently used prepared statements are retained.
- A new DBCOMMAND "autostorelimitqueries" causes the connector to automatically call
mysql_stmt_store_results() whenever it sees the LIMIT keyword in an SQL statement used to open a
- Additional bits in MvCONFIG_FLAGS_SECURITY (securityoptions in the 3.x configuration) allow an administrator
to control SSL certificate validation.
MvCONFIG_SEC_SSL_NOVERIFY_CHAIN 0x00001000 4096
Disables chain of trust verification
MvCONFIG_SEC_SSL_NOVERIFY_HOSTNAME 0x00002000 8192
Disables certificate commonName/subjectAltName checking when a connection is made using a hostname
MvCONFIG_SEC_SSL_VERIFY_IP 0x00004000 16384
Enables IP Address based subjectAltName checking when a connection is made using an IP address
- A new configuration setting MvCONFIG_TIMEOUT_POST (posttimeout in the 3.x configuration) allows an administrator
to configure the maximum number of seconds that are permitted to receive and parse POST input from a client.
The default value is 30 seconds, and this timeout does not apply to file uploads that have been accepted by a
- A new configuration setting MvCONFIG_MAX_POST_VARS (maxpostvars in the 3.x configuration) controls the maximum
number of variables that may be present in a single POST request. The default value is 2000.
setting has also been moved to this dialog.
- The following new certificates have been added:
7C4656C3061F7F4C0D67B319A855F60EBC11FC44.pem Go Daddy Secure Certification Authority
188590E94878478E33B6194E59FBBB28FF0888D5.pem VeriSign Class 3 Secure Server CA
D559A586669B08F46A30A133F8A9ED3D038E2EA8.pem VeriSign International Server CA - Class 3