MySQL 8.0.26

Two new version have just been announced MySQL 8.0.26 and 5.7.35 of the popular open source database management system in conjunction with the 8.0.26 Connector and Component products. MySQL Cluster 8.0.26 have also been announced, the distributed, shared-nothing variant of MySQL.

MySQL 8.0.26
MySQL 8.0.26

These releases are recommended for use on production systems and are available in source and binary form for a number of platforms from our MySQL Community download pages at:

https://dev.mysql.com/downloads/

Windows packages are available via the Installer for Windows or .ZIP (no-install) packages for more advanced needs. The point and click configuration wizards and all MySQL products are available in the unified Installer for Windows:

http://dev.mysql.com/downloads/installer/

Changes in MySQL 8.0.26

Audit Log Notes

  • Previously, each event logged by MySQL Enterprise Audit included the SQL statement literal text. To provide an alternative in MySQL 8.0.26 (because it possible that statements contain sensitive information), the audit log filtering language now supports logging a statement’s digest rather than its literal text. For example, instead of logging this statement:SELECT * FROM orders WHERE some_sensitive_column=1234567The audit log plugin can log this digest:SELECT * FROM `orders` WHERE `some_sensitive_column` = ?

Authentication Notes

  • Previously, as part of the “hello” packet sent by the server to clients, the server sent the name of the server-side authentication plugin rather than the client-side plugin. The server now sends the client-side name, which is more appropriate for the client’s needs and may help to avoid extra protocol round trips.

MySQL 8.0.26 Compilation Notes

  • macOS: It is now possible to build MySQL for macOS 11 on ARM (that is, for Apple M1 systems). (Bug #32386050, Bug #102259)
  • Building on openSUSE 15 and SLES 15 now requires GCC 9, found in packages gcc-9 and gcc9-c++.Building on SLES 12 now requires GCC 10, found in packages gcc-10 and gcc10-c++.It is also recommended to use the named GCC version when building third-party applications that are based on the libmysqlclient C API library. (Bug #32886268, Bug #32886439)
  • Building on Ubuntu 18.04 (bionic) now requires GCC 8, found in packages gcc-8 and g++-8. It is also recommended to use GCC 8 when building third-party applications that are based on the libmysqlclient C API library. (Bug #32877062)
  • It is now possible to build MySQL on Solaris using GCC 10, which becomes the default and recommended compiler. It is also recommended to use GCC 10 when building third-party applications that are based on the libmysqlclient C API library. (Bug #32552988)

Component Notes

  • A new component service enables server components to set system variable values. For information about this service, see the MySQL Server Doxygen documentation, available at https://dev.mysql.com/doc/index-other.html (search for s_mysql_mysql_system_variable_update_string and mysql_system_variable_update_string_imp).

MySQL 8.0.26 Deprecation and Removal Notes

  • The TLSv1 and TLSv1.1 connection protocols now are deprecated and support for them is subject to removal in a future MySQL version. (For background, refer to the IETF memo Deprecating TLSv1.0 and TLSv1.1.) It is recommended that connections be made using the more-secure TLSv1.2 and TLSv1.3 protocols. TLSv1.3 requires that both the MySQL server and the client application be compiled with OpenSSL 1.1.1 or higher.On the server side, this deprecation has the following effects:
    • If the tls_version or admin_tls_version system variable is assigned a value containing a deprecated TLS protocol, the server produces a warning for each deprecated protocol:
      • If the assignment occurs during server startup, the warning appears in the error log.
      • If the assignment occurs at runtime, the warning is added to the result of executing the ALTER INSTANCE RELOAD TLS statement.
    • If a client successfully connects using a deprecated TLS protocol, the server writes a warning to the error log.
    On the client side, the deprecation has no visible effect. Clients do not issue a warning if configured to permit a deprecated TLS protocol. This includes:
    • Client programs that support a --tls-version option for specifying TLS protocols for connections to the MySQL server.
    • Statements that enable replicas to specify TLS protocols for connections to the source server. (CHANGE REPLICATION SOURCE TO has a SOURCE_TLS_VERSION option and CHANGE MASTER TO has a MASTER_TLS_VERSION option.)
    • The group_replication_recovery_tls_version system variable that enables joining members to specify TLS protocols for distributed recovery connections.
    (Bug #32565996)
  • The temptable_use_mmap variable is now deprecated and subject to removal in a future MySQL version.
  • TLS support in MySQL has been moving toward a channel model using named sets of TLS parameters that apply to different securable ports or protocols. For example, to query the state of a particular TLS channel, use the Performance Schema tls_channel_status table:mysql> SELECT VALUE FROM performance_schema.tls_channel_status WHERE CHANNEL = 'mysql_main' AND PROPERTY = 'Enabled'; +-------+ | VALUE | +-------+ | Yes | +-------+This makes monolithic parameters that apply to TLS support as a whole less applicable, so the following options and system variables are now deprecated and subject to removal in a future MySQL version:The --ssl and --admin-ssl options are enabled by default, so it is normally unnecessary to specify them. As an alternative to specifying those options in negated form, if it is desired to disable encrypted connections for the main or administrative interface, set the corresponding TLS version system variable to the empty value to indicate that no TLS versions are supported. For example, these lines in the server my.cnf file disable encrypted connections for both interfaces:[mysqld] tls_version='' admin_tls_version=''

Error Handling

  • Information written to the server error log for client timeouts now includes (if available) the timeout value, and client user and host. (Bug #31581289, Bug #100112)

Event Scheduler Notes

  • If the Event Scheduler is enabled, enabling the super_read_only system variable prevents it from updating event “last executed” timestamps in the events data dictionary table. This causes the Event Scheduler to stop the next time it tries to execute a scheduled event, after writing a message to the server error log.Previously, if enabling super_read_only caused the Event Scheduler to stop, then after subsequently disabling super_read_only, it was necessary to manually restart the Event Scheduler by enabling it again. As a convenience, the server now automatically restarts the Event Scheduler as needed when super_read_only is disabled. (Bug #31633859)

MySQL 8.0.26 Firewall Notes

  • In MySQL 8.0.23, MySQL Enterprise Firewall implemented group profiles that each can apply to multiple accounts, in addition to the previously implemented account profiles that each apply to a single account. See Using MySQL Enterprise Firewall.A group profile with a single member account is logically equivalent to an account profile for that account, so it is possible to administer the firewall using group profiles exclusively, rather than a mix of account and group profiles. For new firewall installations, that is accomplished by uniformly creating new profiles as group profiles and avoiding account profiles. For upgrades from firewall installations that already contain account profiles, MySQL Enterprise Firewall now includes a stored procedure named sp_migrate_firewall_user_to_group() for converting account profiles to group profiles.Due to the greater flexibility offered by group profiles, all aspects of the firewall related to account profiles are now deprecated and subject to removal in a future MySQL version:
    • INFORMATION_SCHEMA tables: MYSQL_FIREWALL_USERSMYSQL_FIREWALL_WHITELIST
    • mysql system schema tables: firewall_usersfirewall_whitelist
    • mysql system schema stored procedures: sp_reload_firewall_rules()sp_set_firewall_mode()
    • Loadable functions: read_firewall_users()read_firewall_whitelist()set_firewall_mode()
    Additionally, if the server detects account profiles at startup, it writes a warning for every successfully loaded account profile.For information about converting account profiles to group profiles (which you should do at your earliest convenience), see Migrating Account Profiles to Group Profiles.

MySQL 8.0.26 Packaging Notes

  • Binary packages that include curl rather than linking to the system curl library have been upgraded to use curl 7.77.0. (Bug #33077562)
  • For Ubuntu packages, the AppArmor profile for mysqld was too restrictive regarding PID and socket file names and failed for servers not using the exact names in the profile. Now the profile applies to the directories in which the files live, enabling it to apply for different file names, and multiple servers. (Bug #32857611)
  • The dh-systemd package has been removed from Ubuntu 21.04, so the dependency on it has been removed from MySQL packages built for that distribution. (Bug #32688072)
  • For Debian packages, an EnvironmentFile directive was added to enable the systemd service to read environmental variables from the /etc/default/mysql file if it is present. (Bug #32082863, Bug #101363)
  • Debian packages now use /run rather than /var/run for path names. (Bug #31955638)
  • The bundled lz4 library was upgraded to version 1.9.3. (Bug #29747853)
  • For Debian packages, the update-alternatives priority of the MySQL configuration file was increased to ensure it replaces an existing file from a previously installed distribution. (Bug #29606955)

Pluggable Authentication

  • Linux: MySQL Enterprise Edition now supports an authentication method that enables users to authenticate to MySQL Server using Kerberos, provided that appropriate Kerberos tickets are available or can be obtained. For details, see Kerberos Pluggable Authentication.This authentication method uses a pair of plugins, authentication_kerberos on the server side and authentication_kerberos_client on the client side. It is available only on MySQL server and client hosts running Linux, but can access Kerberos services running on non-Linux hosts.

Server Administration

  • Setting the session value of the innodb_strict_mode system variable is now a restricted operation and the session user must have privileges sufficient to set restricted session variables.For information about the privileges required to set restricted session variables, see System Variable Privileges. (Bug #32944980)

MySQL 8.0.26 Spatial Data Support

X Plugin Notes

  • When the X DevAPI Session.run_sql() method was used to execute a query that returned multiple results, due to a caching issue, the result.columns property was not updated to reflect the columns present in the active result, although the result.column_names property was. (Bug #32887586)
  • During an upgrade process, X Plugin logged a message stating that it was ready for connections once the TCP port and UNIX socket had been allocated. However, connections could not actually be accepted until after the upgrade process was complete. The message is now issued only after the upgrade has finished. (Bug #32814997)

More changes and updates of MySQL 8.0.26 available at https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-26.html

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here