MySQL (64-bit)

What's new in this version:

Account Management Notes:
- A new password-validation system variable now permits the configuration and enforcement of a minimum number of characters that users must change when attempting to replace their own MySQL account passwords. This new verification setting is a percentage of the total characters in the current password. For example, if validate_password.changed_characters_percentage has a value of 50, at least half of the characters in the replacement account password must not be present in the current password, or the password is rejected.
- This new capability is one several that provide DBAs more complete control over password management. For more information, see Password Management. (WL #15751)

Audit Log Notes:
- In MySQL 8.0.33, the audit_log plugin added support for choosing which database to use to store JSON filter tables. It is now possible to specify an alternative to the default system database, mysql, when run the plugin installation script. Use the audit_log_database server system variable (or -D database_name) on the command line together with the alternative database name, for example:
- $> mysql -u root -D database_name -p < audit_log_filter_linux_install.sql
- For additional information about using audit_log plugin installation scripts, see Installing or Uninstalling MySQL Enterprise Audit.
- MySQL Enterprise Audit now supports using the scheduler component to configure and execute a recurring task to flush the in-memory cache. For setup instructions, see Enabling the Audit Log Flush Task. (WL #15567)

Binary Logging:
- Several functions now are added to the libmysqlclient.so shared library that enable developers to access a MySQL server binary log: mysql_binlog_open(), mysql_binlog_fetch(), and mysql_binlog_close().

C API Notes:
- In the calling function, len is initialized to 0 and never changed if net->vio is null. This fix adds a check of net before dereferencing vio.
- A variable in the async client was uninitialized in certain code paths. It is fixed by always initializing the variable.

Compilation Notes:
- Microsoft Windows: For Windows, improved MSVC_CPPCHECK support; and check for MSVC warnings similar to "maintainer" mode. For example, check after all third party configurations are complete.
- Microsoft Windows: For Windows builds, improved WIN_DEBUG_NO_INLINE=1 support; usage would exceed the library limit of 65535 objects.
- Upgraded the bundled robin-hood-hashing from v3.8.1 to v3.11.5.
- Removed the unused extra/libcbor/doc/ directory as extra/libcbor/doc/source/requirements.txt inspired bogus pull requests on GitHub.
- Updated the bundled ICU files from version 69.1 to version 73 for the icu-data-files package.
- ZSTD sources bundled in the source tree were upgraded to ZSTD 1.5.5 from 1.5.0.
- Initialize the internal MEM_ROOT class memory with garbage using the TRASH macro to make easier to reproduce bugs caused by reading initialized memory allocated from MEM_ROOT.
- We now determine stack direction at runtime rather than at configure time.
- Added the OPTIMIZE_SANITIZER_BUILDS CMake option that adds -O1 -fno-inline to sanitizer builds. It defaults to ON.
- Changed the minimum Bison version requirement from v2.1 to v3.0.4. For macOS, this may require installing Bison via a package manager such as Homebrew.
- MySQL now sets LANG=C in the environment when executing readelf to avoid problems with non-ASCII output.
- On macOS, MySQL would not compile if rapidjson was installed via Homebrew. The workaround was to brew unlink rapidjson.
- MySQL would not build with -DWITH_ZLIB=system; it'd complain about not finding the system zlib library despite finding it.
- Deprecation and Removal Notes:
- Important Change: Since MySQL provides other means of performing database dumps and backups with the same or additional functionality, including mysqldump and MySQL Shell Utilities, the mysqlpump client utility program has become redundant, and is now deprecated. Invocation of this program now produces a warning. You should keep in mind that mysqlpump is subject to removal in a future version of MySQL, and move applications depending on it to another solution, such as those mentioned previously. (WL #15652)
- Replication: The sync_relay_log_info server system variable is deprecated in this release, and getting or setting this variable or its equivalent startup option --sync-relay-log-info now raises a warning.
- Expect this variable to be removed in a future version of MySQL; applications which make use of it should be rewritten not to depend on it before this happens.
- Replication: The binlog_format server system variable is now deprecated, and subject to removal in a future version of MySQL. The functionality associated with this variable, that of changing the binary logging format, is also deprecated.
- The implication of this change is that, when binlog_format is removed, only row-based binary logging, already the default in MySQL 8.0, will be supported by the MySQL server. For this reason, new installations should use only row-based binary logging, and existing ones using the statement-based or mixed logging format should be migrated to the row-based format. See Replication Formats, for more information.
- The system variables log_bin_trust_function_creators and log_statements_unsafe_for_binlog, being useful only in the context of statement-based logging, are now also deprecated, and are thus also subject to removal in a future release of MySQL.
- Setting or selecting the values of any of the variables just mentioned now raises a warning. (WL #13966, WL #15669)
- Group Replication: The group_replication_recovery_complete_at server system variable is now deprecated, and setting it produces a warning. You should expect its removal in a future release of MySQL. (WL #15460)
- The mysql_native_password authentication plugin now is deprecated and subject to removal in a future version of MySQL. CREATE USER, ALTER USER, and SET PASSWORD operations now insert a deprecation warning into the server error log if an account attempts to authenticate using mysql_native_password as an authentication method.
- Previously, if the audit_log plugin was installed without the accompanying audit tables and functions needed for rule-based filtering, the plugin operated in legacy filtering mode. Now, legacy filtering mode is deprecated. New deprecation warnings are emitted for legacy audit log filtering system variables. These deprecated variables are either read-only or dynamic.
- (Read-only) audit_log_policy now writes a warning message to the MySQL server error log during server startup when the value is not ALL (default value).
- (Dynamic) audit_log_include_accounts, audit_log_exclude_accounts, audit_log_statement_policy, and audit_log_connection_policy. Dynamic variables print a warning message based on usage:
- Passing in a non-NULL value to audit_log_include_accounts or audit_log_exclude_accounts during MySQL server startup now writes a warning message to the server error log.
- Passing in a non-default value to audit_log_statement_policy or audit_log_connection_policy during MySQL server startup now writes a warning message to the server error log. ALL is the default value for both variables.
- Changing an existing value using SET syntax during a MySQL client session now writes a warning message to the client log.
- Persisting a variable using SET PERSIST syntax during a MySQL client session now writes a warning message to the client log.
- MySQL enables control of FIPS mode on the server side and the client side using a system variable and client option. Application programs can use the MYSQL_OPT_SSL_FIPS_MODE option to mysql_options() to enable FIPS mode on the client. Alternatively, it is possible to handle FIPS mode directly through OpenSSL configuration files rather than using the current server-side system variable and client-side options. When MySQL is compiled using OpenSSL 3.0, and an OpenSSL library and FIPS Object Module are available at runtime, the server reads the OpenSSL configuration file and respects the preference to use a FIPS provider, if one is set. OpenSSL 3.0 is certified for use with FIPS.
- To favor the OpenSSL alternative, the ssl_fips_mode server system variable, --ssl-fips-mode client option, and the MYSQL_OPT_SSL_FIPS_MODE option now are deprecated and subject to removal in a future version of MySQL. A deprecation warning prints to standard error output when an application uses the MYSQL_OPT_SSL_FIPS_MODE option or when a client user specifies the --ssl-fips-mode option on the command line, through option files, or both.
- Prior to being deprecated, the ssl_fips_mode server-side system variable was dynamically settable. It is now a read-only variable (accepts SET PERSIST_ONLY, but not SET PERSIST or SET GLOBAL). When specified on the command line or in the mysqld-auto.cnf option file (with SET PERSIST_ONLY) a deprecation warning prints to the server error log. (WL #15631)
- The mysql_ssl_rsa_setup program originally provided a simple way for community users to generate certificates manually, if OpenSSL was installed on the system. Now, mysql_ssl_rsa_setup is deprecated because MySQL Community Edition no longer supports using yaSSL as the SSL library, and source distributions no longer include yaSSL. Instead, use MySQL server to generate missing SSL and RSA files automatically at startup (see Automatic SSL and RSA File Generation). (WL #15668)
- The keyring_file and keyring_encrypted_file plugins now are deprecated. These keyring plugins are superseded by the component_keyring_file and component_keyring_encrypted_file components. For a concise comparison of keyring components and plugins, see Keyring Components Versus Keyring Plugins. (WL #15659)
- Previously, the MySQL server processed a version-specific comment without regard as to whether any whitespace followed the MySQL version number contained within it. For example, the comments /*!80034KEY_BLOCK_SIZE=1024*/ and /*!80034 KEY_BLOCK_SIZE=1024*/ were handled identically. Beginning with this release, when the next character following the version number in such a comment is neither a whitespace character nor the end of the comment, the server issues a warning: Immediately starting the version comment after the version number is deprecated and may change behavior in a future release. Please insert a whitespace character after the version number.
- You should expect the whitespace requirement for version-specific comments to become strictly enforced in a future version of MySQL.
- The MySQL client library currently supports performing an automatic reconnection to the server if it finds that the connection is down and an application attempts to send a statement to the server to be executed. Now, this feature is deprecated and subject to removal in a future release of MySQL.
- The related MYSQL_OPT_RECONNECT option is still available but it is also deprecated. C API functions mysql_get_option() and mysql_options() now write a deprecation warning to the standard error output when an application specifies MYSQL_OPT_RECONNECT. (WL #15766)

IPv6 Support:
- NDB Cluster: NDB did not start if IPv6 support was not enabled on the host, even when no nodes in the cluster used any IPv6 addresses

Performance Schema Notes:
- The type used for the Performance Schema clone_status table's gtid_executed column has been changed from VARCHAR(4096) to LONGTEXT

SQL Syntax Notes:
- CURRENT_USER() can now be used as a default value for VARCHAR and TEXT columns in CREATE TABLE and ALTER TABLE ... ADD COLUMN statements
- When used in this way, these functions are also included in the output of SHOW CREATE TABLE and SHOW COLUMNS, and referenced in the COLUMN_DEFAULT column of the Information Schema COLUMNS table where applicable.
- If you need to insure that values having the maximum possible length can be stored in such a column, you should make sure that the column can accommodate at least 288 characters (255 for the user name and 32 for the host name, plus 1 for the separator @). For this reason—while it is possible to use one of these functions as the default for a CHAR column, it is not recommended due to the risk of errors or truncation of values.

Functionality Added or Changed:
- Important Change: For platforms on which OpenSSL libraries are bundled, the linked OpenSSL library for MySQL Server has been updated from OpenSSL 1.1.1 to OpenSSL 3.0. The exact version is now 3.0.9. More information on changes from 1.1.1 to 3.0 can be found at https://www.openssl.org/docs/man3.0/man7/migration_guide.html.
- Binary packages that include curl rather than linking to the system curl library have been upgraded to use curl 8.1.1.

Fixed:
- Important Change: The default value of the connection_memory_chunk_size server system variable, when introduced in MySQL 8.0.28, was mistakenly set at 8912. This fix changes the default to 8192, which is the value originally intended.
- NDB Cluster: The fix for a previous issue introduced a slight possibility of unequal string values comparing as equal, if any Unicode 9.0 collations were in use, and the collation hash methods calculated identical hash keys for two unequal strings.
- InnoDB: Possible congestion due to purging a large number of system threads has been fixed.
- InnoDB: ddl::Aligned_buffer now uses the standard memory allocator and not kernel memory management.
- InnoDB: An upgrade from MySQL 5.7 to MySQL 8.0.32 might fail due to deprecated configuration parameters innodb_log_file_size or innodb_log_files_in_group. The workaround is to start MySQL 8.0.32 with --innodb-redo-log-capacity=206158430208.
- InnoDB: The rules for aggregating entries in the redo log have been fixed.
- InnoDB: Several errors due to tablespace deletion and the buffer pool have been fixed.
- Packaging; Group Replication: The group replication plugin from the Generic Linux packages did not load on some platforms that lacked a compatible version of tirpc.
- Replication: Changes in session_track_gtids were not always propagated correctly.
- Replication: By design, all DDL operations (including binary log operations such as purging the binary log) acquire a shared lock on the BACKUP_LOCK object, which helps to prevent simultaneous backup and DDL operations. For binary log operations, we checked whether any locks existed on BACKUP_LOCK but did not check the types of any such locks. This caused problems due to the fact that binary log operations should be prevented only when an exclusive lock is held on the BACKUP_LOCK object, that is, only when a backup is actually in progress, and backups should be prevented when purging the binary log.
- Now in such cases, instead of checking for locks held on the BACKUP_LOCK object, we acquire a shared lock on BACKUP_LOCK while purging the binary log.
- Replication: In all cases except one, when mysqlbinlog encountered an error while reading an event, it wrote an error message and returned a nonzero exit code, the exception being for the active binary log file (or any binary log where the format_description_log_event had the LOG_EVENT_BINLOG_IN_USE_F flag set), in which case it did not write a message, and returned exit code 0, thus hiding the error.
- Now mysqlbinlog suppresses only those errors which are related to truncated events, and when doing so, prints a comment rather than an error message. This fix also improves the help text for the --force-if-open option.
- Replication: Compressed binary log event handling was improved.
- Replication: A transaction consisting of events each smaller than 1 GiB, but whose total size was larger than 1 GiB, and where compression did not make it smaller than 1 GiB, was still written to the binary log as one event bigger than 1 GiB. This made the binary log unusable; in effect, it was corrupted since neither the server nor other tools such as mysqlbinlog could read it.
- Now, when the compressed data grows larger than 1 GiB, we fall back to processing the transaction without any compression.
- Group Replication: In a group replication setup, when there was a source of transactions other than the applier channel, the following sequence of events was possible:
- Several transactions being applied locally were already certified, and so were associated with a ticket, which we refer to as Ticket 2, but had not yet been committed. These could be local or nonlocal transactions.
- A view is created with Ticket 3, and must wait on transactions from Ticket 2.
- The view change (VC1) entered the GR applier channel applier and waited for the ticket to change to 3.
- Another group change, and another view change (VC2), occurred while the transactions from Ticket 2 were still completing.
- This gave rise to the following issue: There was a window wherein the last transaction from Ticket 2 had already marked itself as being executed but had not yet popped the ticket; VC2 popped the ticket instead but never notified any of the participants. This meant that VC1 continued to wait indefinitely for the ticket to change, and with the additional effect that the worker could not be killed.
- We fix this by checking for the need to break each second so that this loop is responsive to changes in the loop condition; we also register a new stage, so that the loop is more responsive to kill signals.
- Group Replication: Removed a memory leak discovered in Network_provider_manager::open_xcom_connection().
- Group Replication: When a group action was sent to the group and the connection was killed on the coordinator, group members were in different states, with members which received the coordinated action waiting for the member that executed it, and the member which started execution having nothing to process, which caused problems with coordination of the group.
- Now in such cases, we prevent this issue from occurring by causing group actions to wait until all members have completed the action.
- Group Replication: Cleanup of resources used by OpenSSL connections created indirectly by group replication was not carried out as expected at all times. We fix this by adding cleanup functionality that can be called at any time such connections are created by group replication.
- JSON: When the result of JSON_VALUE() was an empty string and was assigned to a user variable, the user variable could in some cases be set to NULL instead
- With this fix, the query just shown now returns (1, 0), as expected
- JSON: Some JSON schemas were not always processed correctly by JSON_SCHEMA_VALID()
- In rare cases, MySQL server could exit rather than emit an error message as expected
- The internal resource-group enhancement added in MySQL 8.0.31 and refactored in MySQL 8.0.32 is now reverted
- An in-place upgrade from MySQL 5.7 to MySQL 8.0, without a server restart, could result in unexpected errors when executing queries on tables. This fix eliminates the need to restart the server between the upgrade and queries.
- A fix in MySQL 8.0.33 made a change for ORDER BY items already resolved so as not to resolve them again (as is usually the case when a derived table is merged), but this did not handle the case in which an ORDER BY item was itself a reference.
- Changes in session_track_gtids were not always handled correctly
- Some pointers were not always released following statement execution
- Some instances of subqueries within stored routines were not always handled correctly
- Fortified parsing of the network packet data sent by the server to the client
- Encryption enhancements now strengthen compliance and remove the use of deprecated APIs.
- When a column reference given by table name and column name was looked up in the function find_item_in_list(), we ignored that the item searched for might not have a table name, as it was not yet resolved. We fix this by making an explicit check for a null table name in the sought-after item.
- Deprecated the lz4_decompress and zlib_decompress command-line utilities that exist to support the deprecated mysqlpump command-line utility.
- Queries using LIKE '%...%' ran more poorly than in previous versions of MySQL.
- In Bounded_queue::push(), when Key_generator::make_sortkey() returns UINT_MAX (error), then no key has been produced; now when this occurs, we no longer update the internal queue.
- As part of this fix, push() now returns true on error
- The authentication_oci plugin is fixed to allow federated and provisioned users to connect to a DB System as a mapped Proxy User using an ephemeral key-pair generated through the OCI CLI.
- Some queries using common table expressions were not always processed correctly.
- The internal function compare_pair_for_nulls() did not always set an explicit return value.
- Removed the clang-tidy checks that clash with the MySQL coding style.
- Some subqueries using EXISTS in both the inner and outer parts of the query were not handled correctly.
- Rotated audit log files now always reset the ID value of the bookmark to zero, rather than continuing the value from the previous file.
- Errors were not always propagated correctly when evaluating items to be sorted by filesort.
- The fix for a previous issue with ROLLUP led to a premature server exit in debug builds.
- Simplified the implementation of Item_func_make_set::val_str() to make sure that we never try to reuse any of the input arguments, always using the local string buffer instead.
- When transforming subqueries to a join with derived tables, with the containing query being grouped, we created an extra derived table in which to do the grouping. This process moved the initial select list items from the containing query into the extra derived table, replacing all of the original select list items (other than subqueries, which get their own derived tables) with columns from the extra derived table.
- This logic did not handle DEFAULT correctly due to the manner in which default values were modelled internally. This fix adds support for DEFAULT(expression) in queries undergoing the transform previously mentioned. This fix also solves an issue with item names in metadata whereby two occurrences of the same column in the select list were given the same item name as a result of this same transform.
- A query of the form SELECT * FROM t1 WHERE (SELECT a FROM t2 WHERE t2.a=t1.a + ABS(t2.b)) > 0 should be rejected with Subquery returns more than 1 row, but when the subquery_to_derived optimization was enabled, the transform was erroneously applied and the query returned an incorrect result.
- Handling of certain potentially conflicting GRANT statements has been improved.
- A query using both MEMBER OF() and ORDER BY DESC returned only a partial result set following the creation of a multi-valued index on a JSON column. This is similar to an issue fixed in MySQL 8.0.30, but with the addition of the ORDER BY DESC clause to the prblematic query.
- For index skip scans, the first range read set an end-of-range value to indicate the end of the first range, but the next range read did not clear the stale end-of-range value and applies this stale value to the current range. Since the indicated end-of-range boundary had already been crossed in the previous range read, this caused the reads to stop, causing multiple rows to be missed in the result.
- We fix this by making sure in such cases that the old end-of-range value is cleared.
- The debug server asserted on certain operations involving DECIMAL values.
- All instances of adding and replacing expressions in the select list when transforming subqueries to use derived tables and joins have been changed so that their reference counts are maintained properly.
- Index Merge (see Index Merge Optimization) should favor ROR-union plans (that is, using RowID Ordered Retrieval) over sort-union plans if they have similar costs, since sort-union requires additionally sorting of the rows by row ID whereas ROR-union does not.
- For each part of a WHERE clause containing an OR condition, the range optimizer gets the best range scan possible and uses all these range scans to build an index merge scan (that is, a sort-union scan). If it finds that all the best range scans are also ROR-scans, the range optimizer always proposes a ROR-union scan because it is always cheaper than a sort-union scan. Problems arose when the best range scan for any one part of an OR condition is not a ROR-scan, in which case, the range optimizer always chose sort-union. This was true even in cases, where it might be advantageous to choose a ROR-scan (even though it might not be the best range scan to handle one part of the OR condition), since this would eleminate any need to sort the rows by row ID.
- Now, in such cases, when determining the best range scan, the range optimizer also detects whether there is any possible ROR-scan, and uses this information to see whether each part of the OR condition has at least one possible ROR-scan. If so, we rerun the range optimizer to obtain the best ROR-scan for handling each part of the OR condition, and to make a ROR-union path. We then compare this cost with the cost of a sort-union when proposing the final plan.
- Selecting from a view sometimes raised the error Illegal mix of collations ... for operation '=' when the collation used in the table or tables from which the view definition selected did not match the current session value of collation_connection.
- Valid MySQL commands (use and status) and C API functions (mysql_refresh, mysql_stat, mysql_dump_debug_info, mysql_ping, mysql_set_server_option, mysql_list_processes, and mysql_reset_connection) could write an error message to the audit log, even though running the command or calling the function emitted no such error.
- Increased the maximum fixed array size to 8192 instead of 512. This fixes an issue with mysqladmin extended status requests, which can exceed 512 entries.
- The mysqldump --column-statistics option attempted to select from information_schema.column_statistics against MySQL versions before 8.0.2, but this now generates the warning column statistics not supported by the server and sets the option to false.
- The function used by MySQL to get the length of a directory name was enhanced.
- Executing a query with an implicit aggregation should return exactly one row, unless the query has a HAVING clause that filters out the row, but a query with a HAVING clause which evaluated to FALSE sometimes ignored this, and returned a row regardless.
- For a query with a derived condition pushdown where a column in the condition needs to be replaced, a matching item could not found, even when known to be present, when the replacement item was wrapped in a ROLLUP while the matching item was not.
- The presence of an unused window function in a query, along with an ORDER BY that could have been eliminated, led to an unplanned server exit.
- ORDER BY RANDOM_BYTES() had no effect on query output
- Fixed an issue which could occur when loading user-defined functions
- Concurrent execution of FLUSH STATUS, COM_CHANGE_USER, and SELECT FROM I_S.PROCESSLIST could result in a deadlock. A similar issue was observed for concurrent execution of COM_STATISTICS, COM_CHANGE_USER, and SHOW PROCESSLIST.
- The mysqldump utility could generate invalid INSERT statements for generated columns.
- During optimization, range-select tree creation uses logic which differs based on the left-hand side of the IN() predicate. For a field item, each value on the right-hand side is added to an OR tree to create the necessary expression. In the case of a row item comparison (example: WHERE (a,b) IN ((n1,m1), (n2, m2), ...)), an expression in disjunctive normal form (DNF) is needed. A DNF expression is created by adding an AND tree with column values to an OR tree for each set of RHS values, but instead the OR tree was added to the AND tree causing the tree merge to require exponential time due to O(n2) runtime complexity.
- When using SELECT to create a table and the statement has an expression of type GEOMETRY, MySQL could generate an empty string as the column value by default. To resolve this issue, MySQL no longer generates default values for columns of type GEOMETRY under these circumstances.