Added the new audit_log_filter_uninstall.sql script to simplify removing MySQL Enterprise Audit. For information about this plugin, see MySQL Enterprise Audit. (Bug #35611072)

The mysql_native_password plugin, which was deprecated previously, now is no longer mandatory and can be disabled at server startup. For information about this plugin, see Native Pluggable Authentication. For general information about pluggable authentication and other available authentication plugins, see Pluggable Authentication and Authentication Plugins.

(WL #15667)

MySQL Enterprise Edition now supports authentication to MySQL Server using devices such as smart cards, security keys, and biometric readers in a WebAuthn context. The new WebAuthn authentication method is based on the FIDO and FIDO2 standards. It uses a pair of plugins, authentication_webauthn on the server side and authentication_webauthn_client on the client side. The server-side WebAuthn authentication plugin is included only in MySQL Enterprise Edition distributions. For additional information, see WebAuthn Pluggable Authentication.

The pluggable FIDO authentication method is deprecated with the introduction of WebAuthn authentication. (WL #15006)

The client library now supports the use of query attributes in prepared statements with the introduction of mysql_stmt_bind_named_param(), a new C API prepared statement function. mysql_stmt_bind_named_param() replaces the now deprecated mysql_stmt_bind_param() function. Unlike mysql_stmt_bind_param(), mysql_stmt_bind_named_param() enables binding both unnamed and named parameters of a prepared statement. For an overview of the interface, see C API Prepared Statement Interface. (Bug #35435138, WL #15803)

Earlier distributions, such as MySQL 5.1 and MySQL 5.0, included servers that did not advertise pluggable authentication. When a newer client using any pluggable authentication method attempted to connect to one of these older servers, the server emitted a “bad handshake” error message. This fix now ensures that client-side authentication (specifically, the --default-auth option) works properly for all servers, including those that do not support pluggable authentication. In addition, mysql_native_password now replaces caching_sha2_password as the default authentication method when the server does not support pluggable authentication. (Bug #90994, Bug #28082093)

The mysql_ssl_set() C API function is deprecated and subject to removal in a future MySQL release. There are equivalent mysql_options() TLS options for all mysql_ssl_set() parameters. (WL #11091)

Microsoft Windows: Updated code to compile with the latest MSVC 2022 version, v17.7.2. (Bug #35737379)

Removed the MYSQL_PARSE_ARGUMENTS macro and the obsolete support-files/compiler_warnings.sup file. (Bug #35661316)

Setting the WITH_CURL CMake option to bundled now uses the bundled curl distribution in extra/curl/. (Bug #35649213)

Removed CMake configuration definitions related to the 32-bit architecture as 32-bit is not supported as of MySQL 8.1.0. (Bug #35621081)

Fixed RPATH definitions in the CMake code for telemetry_client and component_telemetry so they'll build properly with debug mode enabled. (Bug #35598485)

Increased the minimum required CMake version from 3.5.1 to 3.14.6. (Bug #35553331)

Very long path names of keyring_encrypted_file source files were shortened to conform with the 256-character limit established by Windows compilers. (Bug #35493420)

Improved ASAN for clang support on Windows. (Bug #35468711)

Compiling on macOS would explicitly look for openssl@1.1 but now looks for the generic openssl symlink to also allow openssl@3. (Bug #35468370)

Fixed the WITH_DEVELOPER_ENTITLEMENTS macOS CMake option; it did not activate due to a typo. (Bug #35374026)

Added experimental C++20 compiler support for Linux. Usage requires GCC 10+ or Clang 11+. (Bug #35362952, Bug #35667284)

Simplified the way OpenSSL is imported by utilizing the standard CMake OpenSSL::SSL and OpenSSL::Crypto libraries. The "system" type uses FIND_PACKAGE, alternative system types use pkg-config, and custom paths utilize FIND_PATH/FIND_FILE/FIND_LIBRARY. (Bug #35140672)

Fixed a string concatenation warning produced when compiling with Clang 12. (Bug #111614, Bug #35549962)

Made additional improvements to WITH_ZLIB functionality.

Thanks to Nikolai Kostrigin for the contribution. (Bug #111549, Bug #35534309)

Building with WITH_PROTOBUF=system failed with Protobuf 22 or newer due to Protobuf 22 adding the Abseil dependency. (Bug #111469, Bug #111623, Bug #35546459, Bug #35550389)

Building with WITH_ZLIB="system" would break the MySQL build as it failed to find ZLIB.

Thanks to Amazon for the contribution. (Bug #111467, Bug #35511210)

References: This issue is a regression of: Bug #35057542.

On EL7 aarch64-based platforms, fixed an issue related to how fetching the CPU cache line size returned 0 that caused the MySQL server to unexpectedly halt. (Bug #110752, Bug #35479763)

References: See also: Bug #107081, Bug #34095278.

The C++ Standardization Committee's Library Working Group recently resolved an issue (LWG-3865 Sorting a range of pairs) which changes how the comparison operators are defined for std::pair. This fix updates the equality operator used in two files in sql/auth to align with this change.

Based on a suggestion by the Microsoft Visual Studio team. (Bug #110254, Bug #35137978)

Incompatible Change: The WAIT_UNTIL_SQL_THREAD_AFTER_GTIDS() SQL function, deprecated in MySQL 8.0 (see Changes in MySQL 8.0.18 (2019-10-14, General Availability)), has been removed; attempting to invoke it now causes a syntax error. Use WAIT_FOR_EXECUTED_GTID_SET() instead. (WL #13180)

Replication: The binlog_transaction_dependency_tracking server system variable is now deprecated, and subject to removal in a future version of MySQL. Setting or retrieving the value of this variable now triggers a warning, as does using the equivalent startup option --binlog-transaction-dependency-tracking. Applications depending on this variable (or option) should begin migrating away from it as soon as possible. No replacement for this variable or its functionality is planned or needed. (WL #13964)

The expire_logs_days server system variable, which was deprecated in MySQL 8.0, has now been removed, and is no longer supported. This means that, beginning with this release, any attempt to get or set this variable at runtime results in an error. Trying to start the server while employing the equivalent startup option (--expire-logs-days) is also now rejected with an error.

Use binlog_expire_logs_seconds rather than expire_logs_days; this variable continues to be supported, and allows you to specify expiration periods in units other than an integral number of days. (WL #11006)

The deprecated server startup options --abort-slave-event-count and --disconnect-slave-event-count, deprecated in MySQL 8.0, have been removed in this release. Attempting to start mysqld with either of these options now results in an error.

These options were formerly used in testing; no replacement for them is planned. (WL #14854)

The old and new server system variables are now deprecated, and a warning is now issued whenever either of these variables is set or read. Expect these variables are to be removed in a future version of MySQL; applications which rely on them should migrate away from such dependencies as soon as possible. (WL #8609)

The --character-set-client-handshake server option, originally intended for use with upgrades from very old versions of MySQL, is now deprecated, and a warning is issued whenever it is used. You should expect this option to be removed in a future version of MySQL; applications depending on this option should begin migration away from it as soon as possible. (WL #13220)

The use of the characters % and _ as wildcards in database grants is now deprecated, and you should expect for the wildcard functionality to removed in a future MySQL release. The intent is for these characters always to be treated as literals, as they are already whenever the value of the partial_revokes server system variable is ON.

In addition, the treatment of %by the server as a synonym for localhost when checking privileges (that is, privileges granted to 'myuser'@'%' are also granted to 'myuser'@'localhost') is now also deprecated as of MySQL 8.2.0 and thus also subject to removal in a future version of MySQL. (WL #14280, WL #15676)

INFORMATION_SCHEMA.PROCESSLIST is deprecated and subject to removal in a future MySQL release. As such, the implementation of SHOW PROCESSLIST which uses that table is also deprecated.

It is recommended to use the Performance Schema implementation of SHOW PROCESSLIST instead. As such, performance_schema_show_processlist is also deprecated and subject to removal in a future MySQL release. (WL #15915)

The SET_USER_ID privilege is deprecated and is subject to removal in a future version of MySQL. When SET_USER_ID is granted using GRANT, a SQL warning informs you of the deprecation status. It is now superseded by these new privileges:

Both of the new privileges are required to produce orphaned SQL objects using CREATE PROCEDURE, CREATE FUNCTION, CREATE TRIGGER, CREATE EVENT, or CREATE VIEW.

During an upgrade of MySQL Server, these privileges coexist as follows:

At runtime, when the ACL tables are read (as with FLUSH PRIVILEGES, a server startup, and so on) and a SET_USER_ID grant is sourced, a warning message is added to the error log detailing the account SET_USER_ID receiving the grant. (WL #15874)

Support for the TLS_AES_128_CCM_8_SHA256 ciphersuite now is deprecated and subject to removal in a future version of MySQL. Any attempt to set it using either the tls_ciphersuites or admin_tls_ciphersuites system variable now returns a warning. By default, both system variables accept these ciphersuites:

Several previously supported ciphers now are deprecated and subject to removal in a future version of MySQL. If the deprecated ciphers are specified using either the ssl_cipher or admin_ssl_cipher system variable, then a warning now is issued. By default, both system variables accept these ciphers:

(WL #15800)

MySQL Enterprise Firewall now permits its memory cache to be reloaded periodically with data stored in the firewall tables. Previous implementations reloaded the cache only at server startup or when the server-side plugin was reinstalled. The new mysql_firewall_reload_interval_seconds system variable sets up the schedule to use to reload table data at runtime, or it disables the reload capability (default). For an overview, see Scheduling Firewall Cache Reloads. (WL #15696)

MySQL Enterprise Firewall previously stored internal tables, functions, and stored procedures in the mysql system database. Now, the new mysql_firewall_database server system variable enables specifying a custom schema to use with the existing installation scripts and at server startup.

A new script, uninstall_firewall.sql, now simplifies removing the firewall (see Installing or Uninstalling MySQL Enterprise Firewall). (WL #15655)

The STR_TO_DATE() function did not perform complete range checking on the string to be converted, so that it was possible to pass to it a string which would yield an invalid date, such as '2021-11-31'. (Bug #108782, Bug #34704094)

On Windows, the MSI package definition files were updated to work with the Windows Installer XML (WiX) toolset version 4. Note that they can no longer be used with previous versions of the toolset. (Bug #35613791)

The bundled libedit library was upgraded to version 20221030-3.1. (Bug #35489173)

The SUM_ROWS_EXAMINED column of the Performance Schema events_statements_summary_by_digest table did not provide a correct count of rows for Index Merge. (Bug #35616015)

Replication: This release continues work done previously releases to update terminology used in features relating to MySQL Replication. MySQL 8.2 deprecates a number of SQL statements, including RESET MASTER (use RESET BINARY LOGS AND GTIDS instead), SHOW MASTER STATUS (use SHOW BINARY LOG STATUS), SHOW MASTER LOGS (use SHOW BINARY LOGS), and PURGE MASTER LOGS (use PURGE BINARY LOGS). In addition, the DISABLE ON SLAVE option for CREATE EVENT and ALTER EVENT is now deprecated, and is superseded by DISABLE ON REPLICA.

Related changes include the following:

(WL #14190)

EXPLAIN now supports a FOR SCHEMA or FOR DATABASE option which causes the statement to be analyzed as if it had been run in the database specified by the option. The database must exist and the user must have the necessary privileges to access it.

The syntax is as shown here, where stmt is an explainable statement:

EXPLAIN [options] FOR SCHEMA schema_name stmt

This causes stmt to be run as if schema_name were the current database.

This option is incompatible with FOR CONNECTION; the two cannot be used together in the same EXPLAIN statement.

For more information and examples, see Obtaining Execution Plan Information. (WL #15785)

Incompatible Change: Upgraded the bundled libfido2 library to libfido2 v1.13.0. This libfido2 version requires OpenSSL 1.1.1 or higher, which means the authentication_fido and authentication_fido_client authentication plugins are no longer available on the following platforms: Enterprise Linux 6 and 7, Solaris 11, and SLES 12. (Bug #35685515)

Important Change: For platforms on which OpenSSL libraries are bundled, the linked OpenSSL library for MySQL Server has been updated to version 3.0.10. Issues fixed in OpenSSL version 3.0.10 are described at https://www.openssl.org/news/cl30.txt. (Bug #35732474)

Important Change: Added support for Debian 12, Fedora 39, macOS 14, and Ubuntu 23.10. For macOS, the macOS 13 binaries were tested on macOS 14.

Binary packages that include curl rather than linking to the system curl library have been upgraded to use curl 8.2.1. (Bug #35709229)

For mysqldump: added an --ignore-views option to skip table views in the generated dump file.

Our thanks to Meta for the contribution. (Bug #30284943, WL #15662)

For mysqldump: added --init-command and --init-command-add options to allow executing SQL statements after connecting or reconnecting to the MySQL server.

Our thanks to Meta for the contribution. (Bug #27411227, WL #15662)

For mysql: added an --init-command-add option that adds an additional SQL statement to execute after connecting or reconnecting to the MySQL server. It's similar to the --init-command option.

Our thanks to Meta for the contribution. (Bug #27411227, WL #15662)

Added a new --no-login-paths command-line option that disables login paths from being processed. It was added to each MySQL client that has the --login-path option. (WL #12429)

InnoDB: Improved innodb_doublewrite related error messages. (Bug #35482724)

InnoDB: Improved flush handling, to help make sure flushing is correctly and uniformly handled throughout the code. (Bug #35385801)

InnoDB: While innodb_redo_log_capacity_update changed log capacity and waited for the next governor thread iteration to finish, the governor thread was not always aware of the change if it was already running in parallel. The log_files_wait_until_next_governor_iteration routine in this case just waited for the current iteration to finish. Now it waits for a full iteration to complete. (Bug #35145188)

InnoDB: If an index creation attempt was interrupted by 'kill query', InnoDB would not always attempt to drop the index being created if another thread referenced the table; and when the other reference was held by the stats background thread. This would raise an assertion error. (Bug #34823462)

References: This issue is a regression of: Bug #33399379.

InnoDB: B-tree validation could exceed the maximum wait time for large tables with debug mode enabled. (Bug #34411425)

InnoDB: Fixed a potential transaction rollback issue stemming from the ALTER TABLE EXCHANGE PARTITIONS statement. (Bug #110869, Bug #35352168)

References: This issue is a regression of: Bug #33700835.

InnoDB: When creating full-text indexes spanning multiple columns, index creation could fail with an error similar to "ERROR 1062 (23000): Duplicate entry 'NULL-NULL'." (Bug #109242, Bug #34846823)

InnoDB: The last detected deadlock section of the engine status log was only showing 1024 characters for the combined thread and query information. Fixing by removing the printed query string limit. (Bug #80927, Bug #23036096)

Replication: Memory used by binary log compression was not instrumented. (Bug #35290223)

Replication: The server did not honor the setting for the binlog_transaction_compression_level_zstd server system variable. (Bug #34833913)

Replication: The first and last transaction timestamps for the relay log showed incorrect values when querying the performance_schema.binary_log_transaction_compression_stats table. This was due to direct use of my_getsystime() to populate the first_transaction_timestamp and last_transaction_timestamp columns in binary_log_transaction_compression_stats; this function returns the timestamp value multiplied by 10, leading to the incorrect column values. We fix this by dividing the value returned by my_getsystime() by 10 before propagating it. (Bug #32022794)

Replication: For large transactions （greater than 4GB） and very small values of MASTER_HEARTBEAT_PERIOD, it was possible for the heartbeat event to be sent before binary log rotation could complete, causing RESET REPLICA and similar statements affecting the replica to hang. (Bug #111149, Bug #35431274)

Replication: To detect dependencies and conflicts among transactions, MySQL Replication uses writesets which are extracted from keys that are NOT NULL (primary keys by definition, as well as unique and foreign keys which are NOT NULL) whenever binlog_format is ROW and transaction_write_set_extraction is enabled (the default in both cases). In the case of multi-column unique keys using only the leading parts of column values (see Column Prefix Key Parts), the writesets were not properly generated, which sometimes led to spurious duplicate key errors; this was due to the fact that the whole values of referenced key columns were added to the writeset in such cases, even though the keys themselves referenced only the column prefix. (Bug #111027, Bug #35404584)

Group Replication: Removed a memory leak found in the internal function call_gr_incoming_connection_cb(). (Bug #111529, Bug #35526671)

Following a change made in MySQL 8.0.23, in some cases where GROUP_CONCAT() had previously returned NULL, it did so no longer. (Bug #35730982)

References: This issue is a regression of: Bug #32053547.

When no rows matched the WHERE condition of a query, the results of the query as prepared (using PREPARE) differed from those of the same query when run directly. (Bug #35689804)

It was not possible to pass configuration options to the telemetry_client from the command line.

Also, the telemetry_client configuration options trace and help were renamed to otel-trace and otel-help. (Bug #35616866)

A subquery in the inner expression of a semijoin caused the containing query to be rejected with Internal error: Key not found. (Bug #35535934)

References: See also: Bug #31401468, Bug #34453026.

Removed an assertion in strings/ctype-ucs2.cc. (Bug #35512282)

The transformation of correlated scalar subqueries to a join with a derived table added a redundant ANY_VALUE() wrapper to a GROUP BY column. (Bug #35507109)

Some queries using INTERSECT were not always processed correctly. (Bug #35504625)

References: See also: Bug #35362424.

In some cases, the QUOTE() function returned binary data rather than the expected NULL. (Bug #35499232)

The server did not always apply the subquery-to-derived transformation correctly to correlated subqueries. (Bug #35497723)

On Fedora, fixed MySQL Cluster 8.1.0 packages to not reference non-Cluster MySQL packages as dependencies. (Bug #35495002)

With AddressSanitizer enabled (compiled with -WITH_ASAN=true), ASAN complained and caused MySQL to unexpectedly halt if a MySQL client in interactive mode encountered a dollar sign as the first character. (Bug #35493484)

References: This issue is a regression of: Bug #35303407.

For the REPEAT() function we may evaluate the count argument during resolution if it is determined to be constant, but due to query rewriting introducing cached values, it was possible for the argument to be evaluated differently at resolution time and at run time.

We fix this by performing count evaluation for REPEAT() in the same way as we do for RPAD() and LPAD(), using an unsigned integer rather than a signed integer for the value. (Bug #35489153)

Previously, executing audit_log_rotate() manually could cause the function to appear unresponsive when the output performance was low, the workload on the server was heavy, and the audit_log_strategy system variable had a write strategy of ASYNCHRONOUS or PERFORMANCE. (Bug #35397216)

In some cases the QUOTE() function returned NULL even though it had previously been resolved as non-nullable. (Bug #35381715)

References: See also: Bug #35145246, Bug #35195181.

When sql_mode included PAD_CHAR_TO_FULL_LENGTH, a GRANT EXECUTE ON PROCEDURE statement worked after it was first issued, but following FLUSH PRIVILEGES or a restart of the MySQL server, the user named in the GRANT statement could no longer execute the procedure. (Bug #35380295)

When a backslash character was used to escape the '_' wildcard character in a database name pattern inside the GRANT statement, the SHOW DATABASES and USE database_name queries did not return the expected results. (Bug #35338567)

A previous fix in MySQL 8.0.30 for a stored program that was not executed correctly following the first invocation did not cover the case where it contained a SET statement.

Our thanks to Hao Lu for the contribution. (Bug #35328028)

References: This issue is a regression of: Bug #33754993.

Fixed or removed a number of improper references in the data dictionary and stored procedure code. (Bug #35325895, Bug #35325909, Bug #35325920, Bug #35325935)

The MySQL command-line client with --comments=on was unable to properly process multi-line comments prior to MySQL built-in commands. (Bug #35290350)

The internal Item_typecast_year class did not have its own print() member function override, which meant that some of the definitions shown for views, tables, or both could be malformed. (Bug #35244286)

For a query with a derived condition pushdown where a column in the condition needs to be replaced, a matching item could not found, even when known to be present, when the replacement item was wrapped in a ROLLUP while the matching item was not. (Bug #35211828)

References: This issue is a regression of: Bug #33349994.

An issue with stored functions was found to be a regression from work done previously to improve internal functions that are used in copying values between columns. (Bug #35150382)

References: This issue is a regression of: Bug #32742537.

When a condition that needed to be pushed down to a derived table had one outer-referenced field and another local to the query block, an assertion which checks for consistent dependency information for referenced items did not hold good. This was because, after collecting information related to a field in an expression, dependency and context were not cleared before collecting information for the next field in the expression.

We fix this by clearing the dependency and context information before looking into a new field in the expression. (Bug #35102220)

Updated the Kerberos library bundled with commercial builds to version 1.21.2. (Bug #35001935)

If the probe input for a hash join is empty, we do not need to read the build input, because we already know that the result will be empty. We now therefore read from the probe input first when the join is a left join or an antijoin; for these join types we must read the probe input even if the build input is empty, although the converse is not true. (Bug #34940000)

Some inserts on tables with triggers were not always handled correctly. (Bug #34920120)

References: See also: Bug #35178672, Bug #35195079.

Some DESCRIBE statements using FORMAT = JSON were not always processed correctly, and sometimes raised assertions in debug builds. (Bug #34909766)

Some complex queries using multiple common table expressions were not always handled correctly. (Bug #34900334)

References: This issue is a regression of: Bug #34377854.

Some queries with window functions were not pushed down correctly. (Bug #34778435)

Row estimates for a SELECT DISTINCT query were the same as for an identical SELECT with no DISTINCT modifier. This distorted cost estimates, which could lead to choosing inefficient query plans. (Bug #34762651)

Handled an unexpected condition which could arise during join optimization. (Bug #31401468)

References: See also: Bug #34350945.

Execution of a prepared statement containing one or more common table expressions led to an assertion in debug builds. (Bug #111955, Bug #35671595)

Under certain circumstances, if an out of memory condition occurred during Performance Schema initialization, the server closed unexpectedly during the cleanup process. (Bug #111860, Bug #35635853)

For Enterprise Linux, changed the krb5-devel build requirement from commercial to all builds. (Bug #111596, Bug #35546449)

EXPLAIN FORMAT=TREE lost the subquery in a hash join.

Our thanks to Wen He and the Tencent team for the contribution. (Bug #111564, Bug #35537921)

In some cases, an unexpected server exit followed a partitioning function error. (Bug #111443, Bug #35507164)

When pushing a condition down to a derived table, we clone the condition, and, if the underlying field is a view reference (that is, a field from a merged derived table), we strip off the view reference and clone the expression that it references. When the underlying expression is a constant expression from a table that is on the inner side of an outer join, it cannot be treated as a normal constant because of the need to generate NULL values. When we stripped off the view reference, this information was lost, leading to wrong results.

We fix this by avoiding condition pushdown for such cases. (Bug #111355, Bug #35634714)

CREATE ROLE and DROP ROLE statements were not handled correctly when checking for orphaned SQL objects. (Bug #111303, Bug #35471453)

A join on a BINARY column with a VARBINARY column of the same size, having matching values equal in size to that of the BINARY column in both columns, did not produce any matching rows. (Bug #111290, Bug #35467555)

A case was found that was not handled by work done in MySQL 8.0.24 for supporting transforms of correlated scalar subqueries: When the scalar subquery is grouped in addition to being correlated, the transformation needs to check that—for each partition of the result set, as partitioned by the inner expression (columns) being added to the group by—there is at most one row in the derived table so constructed. (Bug #111189, Bug #35473657)

For a user with no roles granted to it, any SET ROLE statement caused MySQL to forget all permissions associated directly with that user account until the session ongoing was terminated and a new one started. For example, a SHOW TABLES statement that succeeded previously was rejected following SET ROLE ALL, SET ROLE NONE, or SET ROLE DEFAULT because the user's privileges were no longer recognized. (Bug #110997, Bug #35386565)

Clone_Snapshot::extend_and_flush_files() always created files of type OS_CLONE_DATA_FILE. This function uses flush_redo() to handle redo log files, which must be of type OS_CLONE_LOG_FILE, which could sometimes lead to errors in os_file_set_size().

This problem is now fixed by ensuring that the type is set correctly when creating the new file.

Our thanks to Tencent for the contribution. (Bug #110569, Bug #35240055)

The low limit heuristic did not work well for ORDER BY DESC due to choosing the wrong index. (Bug #107626, Bug #34306497)