MySQL 9.0 Released
The MySQL team has announced open source MySQL 9.0 (Innovation Release), along with the first update of the 8.4 LTS (8.4.1).
MySQL 9.0 represents a major release with several important updates. For example, this release removes the mysql_native_password authentication plugin. This plugin was previously deprecated but now has been removed altogether.
According to the 9.0 release notes: “The mysql_native_password authentication plugin, deprecated in MySQL 8.0, has been removed, and the server now rejects mysql_native authentication requests from older client programs which do not have CLIENT_PLUGIN_AUTH capability. For backward compatibility, mysql_native_password remains available on the client; the client-side built-in authentication plugin has been converted into a dynamically loadable plugin.”
A recent blog post from MySQL Community Manager Frederic Descamps explains further, noting that the mysql_native_password is considered weak compared to modern authentication methods because it:
- Uses the SHA-1 hashing algorithm, which is vulnerable to certain types of cryptographic attacks.
- Does not use salting when hashing passwords.
- Does not use multiple iterations of the hash function, which makes it faster to compute and therefore easier to brute force.
Learn more in the MySQL 9.0 release notes.