MySQL 9.0 Released

By

This major release includes important updates.

The MySQL team has announced open source MySQL 9.0 (Innovation Release), along with the first update of the 8.4 LTS (8.4.1).

MySQL 9.0 represents a major release with several important updates. For example, this release removes the mysql_native_password authentication plugin. This plugin was previously deprecated but now has been removed altogether.

According to the 9.0 release notes: “The mysql_native_password authentication plugin, deprecated in MySQL 8.0, has been removed, and the server now rejects mysql_native authentication requests from older client programs which do not have CLIENT_PLUGIN_AUTH capability. For backward compatibility, mysql_native_password remains available on the client; the client-side built-in authentication plugin has been converted into a dynamically loadable plugin.”

A recent blog post from MySQL Community Manager Frederic Descamps explains further, noting that the mysql_native_password is considered weak compared to modern authentication methods because it:

  • Uses the SHA-1 hashing algorithm, which is vulnerable to certain types of cryptographic attacks.
  • Does not use salting when hashing passwords.
  • Does not use multiple iterations of the hash function, which makes it faster to compute and therefore easier to brute force.

Learn more in the MySQL 9.0 release notes.
 
 
 

 
 
 

07/11/2024
authentication , MySQL , Security

Related content

comments powered by Disqus