https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/

Changes

In addition to the MariaDB-5.5.43 fixes and improvements, the following fixes and improvements have been made to MariaDB 10.0.18.

    Performance Schema updated to 5.6.24
    XtraDB updated to XtraDB-5.6.23-72.1
    Innodb updated to InnoDB-5.6.24
    Spider updated to 3.2.21
    Mroonga updated to 5.02 

Parser

    Fixed unrecognised column quoted with backticks in a function in a HAVING clause (MDEV-7301).
    ALTER TABLE with conflicting CHARACTER SET and CONVERT TO CHARACTER SET arguments now reports error (MDEV-7386).
    Fixed Regression (from 10.0.14): Bit and hex string literals changed column names (MDEV-7629). 

Optimizer

    Merged derived tables/VIEWs incorrectly increment created_tmp_tables (MDEV-7586). 

Alter Table

    Some symbols in table name can cause to Error Code: 1050 when created FK. Table name is on filename charset but foreign key identifiers are not. This lead incorrect foreign key identifier number to be used (MDEV-7627).
    ALTER [ONLINE] TABLE with no options no longer requires a table copy (MDEV-7390).
    Fixed a case where it was impossible to create copy of a table if the table contained a default value for timestamp field in sql_mode="NO_ZERO_DATE" (MDEV-7778). 

Other SQL Commands

    INSTALL PLUGIN can now be done in bootstrap mode where authentication is disabled (MDEV-7781).
    Corrected error handing in AES_ENCRYPT/AES_DECRYPT where incorrect data could result in a SSL client connection being terminated (MDEV-7697).
    Corrected Assertion `status_var.memory_used == 0' failed in THD::THD() on disconnect after executing EXPLAIN for multi-table UPDATE (MDEV-7038).
    Fixed crash when dropping user within rebuild_role_grants which occurs in some cases in SHOW GRANTS and DROP ROLE (MDEV-7774).
    SHOW GRANTS now shows the password for users that have the password field set, auth_string field empty, plugin=mysql_native_password (MDEV-7985). 

Innodb

    In Debug builds, an assertion could be triggered on really large blobs (MDEV-7754).
    Fixed segfault when a virtual column used on an Innodb table and an index was created on a field after the virtual column (MDEV-7367).
    Fixed server crash when inserting more rows than available space on disk (MDEV-7685).
    Now possible to get Innodb internal primary key for wrapper type storage engines (MDEV-7714). 

Replication

    Starting with this release, commits in certain instances in parallel replication complete immediately, avoiding losing throughput when many transactions need conflicting locks. See binlog_commit_wait_count (MDEV-7847 / MDEV-7882).
    Fixed parallel replication worker threads that hung in some cases with non-transactional event groups (MDEV-7929).
    Fixed parallel replication error where deadlock was incorrectly handled (MDEV-8031).
    Fixed replication aborting on DROP /*!40005 TEMPORARY */ TABLE IF EXISTS (MDEV-8016).
    Fixed replication of temporary tables in statement mode that are grouped - fix MDEV-7668 wasn't sufficient (MDEV-7936).
    Fixed ANALYZE TABLE which was ordered incorrectly in the binlog (MDEV-7888).
    Added more detailed information about errors when GTID mode IO threads fail to connect (MDEV-7975).
    Fixed temporary tables lost at STOP SLAVE in GTID mode if master has not rotated binlog since restart (MDEV-6403).
    Fixed incorrect relay log start position when restarting SQL thread after error in parallel replication (MDEV-6589).
    Fixed problem where slave was 10x slower to execute a set of statements compared to the master when using RBR (MDEV-7578).
    Parallel replication worker threads are not spawned until needed (when an SQL thread is started), and they will be de-spawned if all SQL threads are stopped (MDEV-5289).
    Multilevel slaves with parallel replication - better logic resulted in performance increase to group more transactions at the first slave level resulting in increased parallelism at the second replication level (MDEV-7249).
    Fixed problem where Intermediate master groups using CREATE TEMPORARY TABLE with INSERT could cause the INSERT to occur before the TEMPORARY TABLE it operates on, causing parallel replication failure (MDEV-7668).
    Slave SQL: stopping replication on a non-last RBR event with annotations no longer results in segfaults (MDEV-7864).
    MASTER_POS_WAIT(log_name,log_pos,timeout,"connection_name") when connection name is specified now respects the timeout (MDEV-7130).
    New status variables binlog_group_commit_trigger_count, binlog_group_commit_trigger_timeout, and binlog_group_commit_trigger_lock_wait used to examine which triggers caused a group commit to be made (MDEV-7802).
    Fixed seconds_behind_master display in SHOW SLAVE STATUS which occasionally returned 0 when it really was much higher (MDEV-5114). 

Platforms

    PowerPC - fixed Innodb locking issue under high load - (MDEV-7148).
    BigEndian now builds in Cassandra storage engine (MDEV-7839).
    Fixed crash when running MariaDB Debug with InnoDB on Windows (MDEV-8079). 

Connect Engine

    CONNECT Engine Column names are now retrieved properly when field values are not latin1 characters (MDEV-7521).
    Fixed problem where connecting to missing remote table caused error that was re-reported when SHOW TABLE STATUS on a correctly formed table (MDEV-7636).
    Fixed problem where CONNECT returned error 174 on query to MS SQL Server 2012 involving timestamp column when the condition is given as a date literal (MDEV-7840).
    CONNECT now works with if(exists(select * from test)) statement in procedures (MDEV-7852).
    Fixed user variable assignment with SET @var = that resulted in ERROR 1148 (42000): CONNECT Unsupported command (MDEV-7616).
    Removed assertion in delete_or_rename_table that caused crashes on (XML) HTML tables (MDEV-7935).
    Added UDF Json_Array_Delete (MDEV-7935).
    Fixed a problem where defining indexes on a connect engine caused wrong results (MDEV-8090). 

OQ Graph Engine

    Fixed issue with incorrect handling of multiple threads (MDEV-6282, MDEV-6345 and MDEV-6784). 

Other

    SSL connections increased from 512 to 1024 bits in Diffie-Hellman exchange to support fips (MDEV-7794).
    Fixed problem where SSL read/write timeouts were 1000 times too high due to seconds/milliseconds error (MDEV-8096).
    OpenSSL now uses MD5 even if FIPS prohibited it, fixing a previous crash. This is fine as MD5 is not used for cryptographical purposes (md5 is used internally for P_S message digests and for view checksums) (MDEV-7788).
    Fixed problem where Initialization of status variables was not invoked for embedded (no bug reference. code change)
    Corrected wrong results with bigint when compiled with gcc 5.0 (MDEV-7973).
    Fixed assertion in Protocol::end_statement where CREATE VIEW occured after another connection aborted (MDEV-8045). 

Client

    Fixed MariaDB client where it could hang in an infinite loop based on no IO data returned (MDEV-8014). 

Security Fixes

    Fixes for the following security vulnerabilities:
        CVE-2014-8964 / CVE-2015-2325 / CVE-2015-2326 bundled PCRE contained heap-based buffer overflow vulnerability that allowed the server to crash or have other unspecified impact via a crafted regular expression made possible with the REGEXP_SUBSTR function (MDEV-8006).
        CVE-2015-0501
        CVE-2015-2571
        CVE-2015-0505
        CVE-2015-0499 



https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/

Changes
    Fixed the server crash caused by mysql_upgrade (MDEV-8115)