The linked OpenSSL library for Connector/ODBC Commercial 5.3.7 has been updated from version 1.0.1q to version 1.0.2j. Versions of OpenSSL prior to 1.0.2j are reported to be vulnerable to CVE-2016-6304.

This change does not affect the Oracle-produced MySQL Community build of Connector/ODBC 5.3.7, which uses the yaSSL library instead. (Bug #24753385)

A new configuration option, SSLMODE, has been introduced for setting the SSL mode of the connection to the server. This option overrides the now deprecated sslverify and SSL_ENFORCE options. See Connector/ODBC DSN Configuration Options for details. (Bug #23497043)

Added new configuration option NO_TLS_1_0, NO_TLS_1_1, and NO_TLS_1_2 for controlling TLS versions for encrypting connecting. See Connector/ODBC DSN Configuration Options for details. For more information about encryption protocols in MySQL, see Encrypted Connection TLS Protocols and Ciphers. (Bug #23496903)

An assertion failure occurred when mysql_stmt_close() was called on a broken connection. (Bug #25109356)

Connector/ODBC could not be installed on OS X using the installer provided with the .dmg file unless unixODBC had been installed on the system. With this fix, Connector/ODBC is now built to work with the iODBC manager instead. Installation now only requires iODBC to be on the system. (Bug #23123503, Bug #81113)

Connector/ODBC could not be built with CMake 3.0.2 or later. The build script has been fixed to correct the issue. (Bug #22746557)