Log Message:
mysql57: updated to 5.7.21

MySQL 5.7.21

Audit Log Notes
* MySQL Enterprise Audit now supports compression and encryption of audit log \ 
files. Encryption is based on a user-defined password. To use this feature, the \ 
MySQL keyring must be enabled because audit logging uses it for password \ 
storage. MySQL Enterprise Audit also now supports logging in JSON format, in \ 
addition to the existing XML formats. For JSON format, functions are available \ 
that provide runtime log reading capabilities. For additional information, see \ 
MySQL Enterprise Audit.

Configuration Notes
* For RHEL, SLES, and Fedora RPMs, the default plugin directory for debug builds \ 
has been changed from /usr/lib64/mysql/plugin to /usr/lib64/mysql/plugin/debug.
* The installation scripts for MySQL Enterprise Audit and MySQL Enterprise \ 
Firewall now create their associated tables in the mysql system database as \ 
InnoDB rather than MyISAM tables.
* The hardcoded memory page size of 8KB for the memory-mapped transaction \ 
coordinator was too small for platforms such as ARM64 and PowerPC where the page \ 
size is much larger. The server now invokes a system call to get the page size \ 
of the current platform rather than using a hardcoded value. A consequence for \ 
the --log-tc-size option is that the minimum and default values are now 6 times \ 
the page size. Also, the value must be a multiple of the page size. Thanks to \ 
Alexey Kopytov for the patch.

Performance Schema Notes
* The Performance Schema setup_timers table is now deprecated, to be removed in \ 
MySQL 8.0, as is the TICK row in the performance_timers table.

Pluggable Authentication
* For the LDAP authentication plugins, handling of the group search attribute \ 
indicated by the authentication_ldap_sasl_group_search_attr and \ 
authentication_ldap_simple_group_search_attr system variables is more flexible. \ 
If the group search attribute is isMemberOf, LDAP authentication directly \ 
retrieves the user attribute isMemberOf value and assign it as group \ 
information. If the group search attribute is not isMemberOf, LDAP \ 
authentication searches for all groups where the user is a member. (The latter \ 
is the default behavior.) This behavior is based on how LDAP group information \ 
can be stored two ways: 1) A group entry can have an attribute named memberUid \ 
or member with a value that is a user name; 2) A user entry can have an \ 
attribute named isMemberOf with values that are group names.
* The LDAP authentication plugins now permit the authentication string that \ 
provides user DN information to begin with a + character. In the absence of this \ 
character, the authentication string value is treated as is without \ 
modification, as it has been previously. If the authentication string begins \ 
with +, the plugin constructs the full user DN value from the account user name \ 
as the cn attribute value, together with the authentication string (with the + \ 
removed). The authentication string is stored as given in the mysql.user system \ 
table, with the full user DN constructed on the fly before authentication.
* For the LDAP authentication plugins, the group search attribute was fixed and \ 
not configurable. Two new system variables now enable using custom group \ 
filters: authentication_ldap_sasl_group_search_filter and \ 
authentication_ldap_simple_group_search_filter.

Security Notes
* Incompatible Change: Passwords are now restricted to a maximum of 256 \ 
characters for the sha256_password authentication plugin, and for the PASSWORD() \ 
function when old_passwords=2. Also, the number of password hashing rounds is \ 
capped to limit CPU time used.
* The linked OpenSSL library for the MySQL Commercial Server has been updated to \ 
version 1.0.2n. Issues fixed in the new OpenSSL version are described at \ 
http://www.openssl.org/news/vulnerabilities.html.
* This change does not affect the Oracle-produced MySQL Community build of MySQL \ 
Server, which uses the yaSSL library instead.
* MySQL now supports key migration between underlying keyring keystores. This \ 
enables DBAs to switch a MySQL installation from one keyring plugin to another. \ 
See Migrating Keys Between Keyring Keystores.
* MySQL Enterprise Edition now includes a keyring plugin, \ 
keyring_encrypted_file, that is similar to the keyring_file plugin in its use of \ 
a local data file for key storage, but that also encrypts the file based on a \ 
user-defined password. See Using the keyring_encrypted_file Keyring Plugin.