This release contains an important security update and closes numerous false-negatives:
- Fixes a buffer over-read. This went undetected due to a GCC option that (incorrectly?) disables some automated memory checkes. You can read more on this other blog post. This may cause core-dumps and other nastyness on long inputs.
- Parses MS SQLServer [bracket] quoting for table and column names. This closes a lot of false-negatives.
- Other improvements and fixes to reduce false-negatives.
Here's the full changelog
- Issue #54: Add test vectors from Arne Swinnen. Thanks qerub@github
- Minor fingerprint update for Issue #54. I don't really think it's valid SQL but it's safe enough to detect without false positives.
- Issue #55: Parse MS SQLSERVER use of [brackets] for column and table names. This is a big one that closes a lot of holes. Thanks nroggle@github
- Issue #56: fix buffer over-read. Thanks safe3@github and flily@github
- Remove use of
-fstack-protectoras it breaks valgrind detecting memory problems Read more about it http://blog.client9.com/2013/10/12/gcc-valgrind-stackprotector.html
- Fixed folding issue where
1,-sin(1))would be folded as
- Add more test cases and improved test coverage to 98.8%
3.7.1 was released right after 3.7.0. This just removed some dead code.