Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to MySQL 8.3.0 #39081

Closed
trcoelho opened this issue Jan 10, 2024 · 9 comments
Closed

Upgrade to MySQL 8.3.0 #39081

trcoelho opened this issue Jan 10, 2024 · 9 comments
Assignees
@bclozel
Labels
status: noteworthy A noteworthy issue to call out in the release notes type: dependency-upgrade A dependency upgrade
Milestone
3.2.2

Comments

@trcoelho
Copy link

Even updated to version 3.2.2-SNAPSHOT version, this version uses MySQL driver 8.1.0 when we have a new one available (8.2.0) https://mvnrepository.com/artifact/com.mysql/mysql-connector-j/8.2.0 .

Any chance to use 8.2.0 version on 3.2.2 Spring boot version?

Thanks in advance.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 10, 2024
@wilkinsona
Copy link
Member

Generally speaking, we don't upgrade to a new minor version of a dependency in a maintenance version of Spring Boot. At this time, it's not clear if 8.1.0 is completely end of life so I don't think an exception to this policy is warranted at the moment. We have already upgraded to MySQL driver 8.2.0 for this month's 3.3.0-M1 release. You can use 8.2.0 with Spring Boot 3.2 by overriding the mysql.version property in your pom.xml or build.gradle file.

@wilkinsona wilkinsona closed this as not planned Won't fix, can't repro, duplicate, stale Jan 10, 2024
@wilkinsona wilkinsona added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 10, 2024
@bclozel
Copy link
Member

bclozel commented Jan 10, 2024

Duplicates #38423

@bclozel bclozel added status: duplicate A duplicate of another issue and removed status: declined A suggestion or change that we don't feel we should currently apply labels Jan 10, 2024
@trcoelho
Copy link
Author

Hi @bclozel , I ask that as we have a security vulnerability in 8.1.0 version as follows:

https://security.snyk.io/vuln/SNYK-JAVA-COMMYSQL-6075938

Which is recommended upgrade to 8.2.0.

@bclozel
Copy link
Member

bclozel commented Jan 10, 2024

Reopening for team discussion. I'm wondering if we should adopt the same approach as #38901 because the official website says:

Version 8.2.0 is a new GA release version of the MySQL Connector/J. MySQL Connector/J 8.2.0 supersedes the 8.1 series and is recommended for use on production systems.

It sounds like the CVE fix will not be backported and we shouldn't expect maintenance versions in the 8.2.x line.

@bclozel bclozel reopened this Jan 10, 2024
@bclozel bclozel added for: team-attention An issue we'd like other members of the team to review status: waiting-for-triage An issue we've not yet triaged and removed status: duplicate A duplicate of another issue labels Jan 10, 2024
@philwebb philwebb changed the title Update to the latest MySQL driver version. Upgrade to MySQL 8.2.0 Jan 10, 2024
@philwebb philwebb added type: dependency-upgrade A dependency upgrade and removed for: team-attention An issue we'd like other members of the team to review status: waiting-for-triage An issue we've not yet triaged labels Jan 10, 2024
@philwebb philwebb added this to the 3.2.x milestone Jan 10, 2024
@wilkinsona wilkinsona added the status: noteworthy A noteworthy issue to call out in the release notes label Jan 10, 2024
@lzysuqianqiu
Copy link

MySQL 8.3.0 is out !

@bclozel
Copy link
Member

bclozel commented Jan 16, 2024

We can't consider this now as the release notes state:

Version 8.3.0 has no release notes, or they have not been published because the product version has not been released.

@lzysuqianqiu
Copy link

https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/8.3.0/

@wilkinsona
Copy link
Member

The release appearing on Maven Central doesn't invalidate what Brian has said. We can't consider an upgrade to 8.3.0 until it has been announced, its content including any CVE fixes has been described, and information about whether or not it supersedes 8.2 has been provided.

@bclozel
Copy link
Member

bclozel commented Jan 16, 2024

The page is now updated:

Version 8.3.0 is a new GA release version of the MySQL Connector/J. MySQL Connector/J 8.3.0 supersedes 8.2 and is recommended for use on production systems. This release can be used against MySQL Server version 8.0 and beyond. It supports the Java Database Connectivity (JDBC) 4.2 API, and implements the X DevAPI.

@bclozel bclozel changed the title Upgrade to MySQL 8.2.0 Upgrade to MySQL 8.3.0 Jan 16, 2024
@bclozel bclozel modified the milestones: 3.2.x, 3.2.2 Jan 16, 2024
@bclozel bclozel self-assigned this Jan 16, 2024
This was referenced Jan 16, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bclozel bclozel

Labels
status: noteworthy A noteworthy issue to call out in the release notes type: dependency-upgrade A dependency upgrade
Projects
None yet
Milestone
3.2.2
Development

No branches or pull requests
6 participants
@bclozel @philwebb @wilkinsona @lzysuqianqiu @spring-projects-issues @trcoelho