MySQL now supports enhanced role management with the introduction of a new option, activate_mandatory_roles.

If activate_all_roles_on_login is enabled, activate_mandatory_roles is ignored, and both mandatory and granted roles are activated. If activate_all_roles_on_login is disabled and activate_mandatory_roles is enabled, mandatory roles are activated in addition to any default roles associated with the account.

If neither are activated, only the account's default roles are activated.

activate_mandatory_roles is enabled by default. (WL #16597)

Fixed an issue related to audit log strategy. (Bug #38223011)

Improved performance related to adding multiple general_sql_command.str fields to an Enterprise Audit filter. (Bug #38053242)

Fixed an issue related to audit_log_read performance. (Bug #36281295, Bug #38275868)

Security Enhancement: The default value of caching_sha2_password_digest_rounds is increased to 10,000. (WL #16974)

Under certain circumstances, the keyring component could not read the configuration file if the configured data directory path was shorter than the default path. (Bug #38078884)

General-Purpose Keyring Functions did not handle invalid parameters correctly. (Bug #38055488)

Important Change: The default value for the binlog_transaction_dependency_history_size server system variable has been increased from 25000 to 1000000 (one million). This variable's maximum value has also been increased, from 1000000 to 10000000 (ten million).

This change should not have any immediate effect on existing setups.

See the description of binlog_transaction_dependency_history_size for further information. (WL #16439)

Solaris: Clang and GCC now can be used for compiling MySQL on Solaris. (Bug #30562248)

OpenSSL 3 is now used on Solaris. (Bug #38193362)

Upgraded the bundled googletest library to version 1.17. (Bug #38152017)

Upgraded the bundled libbacktrace library to the latest version (April 2025). (Bug #38151970)

MySQL Server now bundles libzip and provides CMAKE options to choose between the bundled or system library when compiling the server. (Bug #38109824)

The minimum required version of CMAKE is now 3.17.5, for supported platforms. (Bug #38090672)

Compiler warnings were logged when building MySQL Server with GCC 15. (Bug #37721464)

The MYSQL_OPTION.OPTION_USAGE.OPTION_NAME field used a different character set than PERFORMANCE_SCHEMA.MYSQL_OPTION.OPTION_NAME.

As of this release, the CLUSTER_ID, SERVER_ID, and OPTION_NAME fields of MYSQL_OPTION.OPTION_USAGE use utf8mb4_general_ci instead of ascii. (Bug #38230424)

The sql_errno() method in the mysql_command_error_info service returned 0 when a command failed, instead of the appropriate error code. (Bug #38178087)

The server plugin system variable flag PLUGIN_VAR_NOSYSVAR was not processed properly. Variables defined with this flag were displayed when they should be hidden. (Bug #37654916)

Errors were not handled correctly when using the keyring UDF plugin and executing specific queries with the keyring_key_generate function. (Bug #37501458)

Telemetry component introduces a secret decoding service. This enables you to create your own secret-decoding service for OpenTelemetry.

The following system and status variables were added:

(WL #16647)

Microsoft Windows: If the MySQL Server was configured as a process, not as a service, the Configurator's Starting the server step could take a long time to complete due to delays in detecting when the server was ready to receive connections. (Bug #38068649)

Microsoft Windows: Shared Memory connections, --enable-shared-memory=true, failed when they were the only enabled protocol during server configuration. (Bug #38068619)

Microsoft Windows: It was not possible to create usernames with escaped characters, using single or double quotes, during new server configuration. (Bug #37459624)

Microsoft Windows: When upgrading, for example from version 9.1.0 to 9.2.0, using a non-default port, such as 3307, messages could be generated indicating a connection issue to port 3306, even if the server configuration is correct and the upgrade is successful. Errors were returned similar to the following:

        Can't connect to MySQL server on 'localhost:3306'
        (10061)
      

(Bug #37459255)

Microsoft Windows: The CLI help for MySQL Configurator now correctly displays the list of supported values for configurable server options. (Bug #37458648)

--config-type Configurator CLI option did not accept any values. (Bug #38068684)

Connection control now supports exempting unknown users from delay criteria, introducing a new system variable component_connection_control.exempt_unknown_users that allows administrators to configure whether failed connection attempts without user credentials should be penalized. This enhancement improves the component's ability to handle legitimate connection attempts from load balancers, ensuring better server availability while maintaining effectiveness in thwarting brute force attacks. A new status variable Component_connection_control_exempted_unknown_users provides insights into the number of exempted connections.

See (xref linkend="to-fill") for more information. (WL #17037)

The group_replication_allow_local_lower_version_join system variable, deprecated in MySQL 8.4.0, has now been removed. (WL #16019)

The replica_parallel_type system variable, deprecated in MySQL 8.0.29, has now been removed. (WL #13955)

The SCRAM-SHA-1 authentication method for SASL LDAP authentication is now deprecated, and subject to removal in a future version of MySQL. You are encouraged to use SCRAM-SHA-256 instead.

As part of this work, the default value for the authentication_ldap_sasl_auth_method_name system variable has been changed to SCRAM-SHA-256; the value SCRAM-SHA-1 is now deprecated.

For further information, see LDAP Pluggable Authentication. (WL #17022, WL #17034)

The following deprecated plugins are removed in this release:

(WL #16801)

Fixed an issue related to executing certain UPDATE statements. (Bug #37590580)

References: This issue is a regression of: Bug #31562881.

Important Change: The default value for innodb_log_writer_threads is now determined in part by whether binary logging is enabled, as shown here:

if (log_bin = OFF)
{
  if ([number of logical CPUs] <= 4)
  {
    innodb_log_writer_threads = OFF
  }
  else
  {
    innodb_log_writer_threads = ON
  }
}
else
{
  if ([number of logical CPUs] <= 32)
  {
    innodb_log_writer_threads = OFF
  }
  else
  {
    innodb_log_writer_threads = ON
  }
}

When binary logging is disabled (log_bin is OFF), the default is determined as it was in MySQL 9.4 and earlier.

This change does not affect the variable's configured value, if set.

For further information, see the description of innodb_log_writer_threads in the MySQL documentation; see also Optimizing InnoDB Redo Logging. (WL #16999)

InnoDB: The dict_stats_analyze_index() function could discard optimal index-based access paths, resulting in suboptimal performance for large tables when empty index statistics are read concurrently or an error leads to empty index statistics.

Our thanks to Casa Zang and the Tencent team for the contribution. (Bug #33472935)

Creating a thread for parallel scan may fail, resulting in assertion failures when it fell back to single-thread mode. Errors were returned similar to the following:

        Assertion failure: row0pread.h:306:active >= n_threads
      

(Bug #38325137)

Under certain circumstances, a virtual index rollback could fail on 32-bit builds of MySQL Server. (Bug #38167527)

The mlog read_1_bytes comment now accurately reflects a byte size of 1 byte, rather than 2 bytes.

Our thanks to Jeong Geun Lee for the contribution. (Bug #38001828)

If the buffer pool was very large, it could lead to a large number of chunks required by each buffer pool instance, which could fail if the operating system was unable to allocate the required memory.

As of this release, this allocation is checked to ensure it is allocated correctly. (Bug #37994397)

Fixed an issue relating to modifying the internal FTS configuration. (Bug #37792010)

Fixed an issue related to the purge coordinator.

Our thanks to Yin Peng and the Tencent team for the contribution. (Bug #37628911)

Fixed an issue related to virtual indexes. (Bug #37602657)

MySQL Server could behave unpredictably when simultaneously optimizing and updating a table. (Bug #37324137)

If the row size exceeded the maximum allowed size due to innodb_strict_mode=OFF, confusing warning messages similar to "Cannot add field" could appear in certain situations, such as selecting from a table or dropping a column.

Error messages are improved for this scenario. (Bug #37003342, Bug #36768046, Bug #36867372)

The dict_stats_analyze_index() function in could discard optimal index-based access paths, resulting in suboptimal performance for large tables when empty index statistics are read concurrently or an error return leads to empty index statistics.

Our thanks to Casa Zang and the Tencent team for the contribution. (Bug #33472935)

Under certain, rare circumstances, a race condition was possible during a purge operation. (Bug #32679024)

As of this release, the default value of innodb_change_buffering is ALL. This improves handling of secondary index updates. (WL #16967)

Size limit for result sets in SQL-callouts from JavaScript stored procedures has been increased to support larger data sizes. (Bug #38413760)

JavaScript language support provided by the MySQL Multilingual Engine component now conforms to the ECMAScript 2025 Language Specification (ECMA-262, 15th Edition) as shown at https://262.ecma-international.org/16.0/. (Bug #38358516)

Virtual FileSystem paths were not handled correctly by the MLE component. As of this release, paths with redundant or relative directories, such as ./ or ../, are accepted without errors. (Bug #38198011)

MySQL now supports automatic configuration for the mle.memory_max variable setting on-premises, utilizing a formula-based approach to dynamically allocate memory. This ensures that the default value of this variable is calculated as 5% of the total physical memory, capped within a range of 0.4GB to 32GB.

For more information, see MLE Component Memory and Thread Usage. (WL #17033)

Parsing very-large, high-precision float numbers in exponential notation, such as 5.0000000000000004e36, in a JSON column could result in a checksum verification error. (Bug #38033684)

Large TIME values inserted into a TIME column became smaller when converted to JSON. (Bug #37458212)

Fixed an issue related to handling JSON key values in the mysql.user.user_attribute column when using the ALTER USER statement with a JSON attribute containing a blank or null key-value pair. (Bug #31067575)

Using 0 as an explicit request for AUTO_INCREMENT columns was allowed. (Bug #38319365)

It was possible to delete a singleton child of a JSON Duality View's nested child. As of this release, it is no longer possible to delete a singleton child of a JSON Duality View's nested child. (Bug #38305543)

Creating a JSON Duality View with WHERE conditions that contained sub-queries resulted in an assertion failure, and the server possibly closing unexpectedly. Errors were returned similar to the following:

Assertion `nullptr != dynamic_cast<Target>(arg)' failed.

(Bug #38187473)

INSERT statements for a JSON Duality View that included an AUTO_INCREMENT column were rejected even if the column was not part of a join condition. (Bug #38179925)

JSON Duality Views exhibited inconsistent behavior with DML queries and SELECT queries when the derived_merge=off optimizer hint was used. (Bug #38175557)

Executing a JSON Duality Views UPDATE statement could result in the server closing unexpectedly. Errors were returned similar to the following:

Address not mapped to object

(Bug #38084877)

component_keyring_kmip or keyring_okv now support SECRET key types on Oracle Key Vault (OKV) server 21.10, or higher. (WL #17090)

The keyring_okv plugin is deprecated and replaced by the keyring_kmip component, enabling secure communication with Key Management Interoperability Protocol (KMIP) 1.1-compatible products such as Oracle Key Vault, Gemalto SafeNet KeySecure Appliance, Townsend Alliance Key Manager, and Entrust KeyControl. (WL #16524)

This version includes the MySQL Diagnostic Monitor (mysqldm), a new client tool designed to collect server diagnostic information. To supply to Oracle Support for efficient issue resolution, for example. The mysqldm client tool runs a predefined set of queries on the server, storing the results in JSON format, and provides options for customizing the output directory, number of iterations, and delay between iterations. (WL #16973)

Sorting with row IDs could produce incorrect results when the result came from a hash join reading a table in the temptable engine, where the temporary table is large enough to be stored on disk. (Bug #38418831)

Queries using semi join with materialization may return incorrect results due to a missing condition.

Our thanks to Jingqi Tian and the team at Alibaba. (Bug #38110792)

Fixed an issue related to query execution. (Bug #37847144)

Separate evaluation functions for DATE and DATETIME values have been introduced, utilizing distinct classes for these data types to optimize server performance. (Bug #37743288)

Fixed an issue relating to SQL queries involving correlated scalar subqueries and JSON tables. (Bug #36684370)

Queries using prepared statements to retrieve time type data did not always return expected results, regardless of whether precision was specified. (Bug #36065557)

Using WHERE IN (NULL,'xx:xx:xx.xxxxxx'); on a TIME column returned an empty set, whereas using WHERE IN ('xx:xx:xx.xxxxxx') returned the expected results. (Bug #35500028)

Using the IN() operator with TIME columns could return an empty set when a value is matched if the list contains NULL or empty strings. (Bug #34188599)

The default values of the following system variables have changed:

(WL #17039)

For platforms on which OpenSSL libraries are bundled, the linked OpenSSL library for MySQL Server has been updated to version 3.0.17. For more information, see OpenSSL 3.0 Series Release Notes. (Bug #38457056)

MySQL Server RPM installation on Fedora 42 could fail due to conflicts with MariaDB 11.8 packages. Errors were returned similar to the following:

        file /usr/bin/mysqld conflicts between mysql-community-server-8.4.7
        and mariadb11.8-server-3:11.8.3, file
        /usr/share/man/man1/mysql.1.gz conflicts between mysql-community-
        client-8.4.7 and mariadb11.8, file
        /usr/lib/systemd/system/mysqld.service conflicts between mysql-
        community-server-8.4.7 and mariadb11.8-server
      

(Bug #38384844)

MySQL Server now supports side-by-side installations of different innovation and LTS releases. (Bug #38104701)

Invalid temporal values in the binary protocol were silently adjusted when SQL_MODE was set to a non-strict value. As of this release, such values are rejected with an error. (Bug #38352728)

The following telemetry system variables were enabled by default, resulting in connection failures and log spamming:

As of this release, these variables are disabled by default. (Bug #38345446, Bug #38347061)

The default values for the following telemetry endpoint system variables, such as http://localhost:4318/v1/traces, caused log spamming and were defined using http instead of https:

As of this release, these variables have no default value. (Bug #38133218)

Connections waiting on the connection control plugin were not displayed in the performance_schema.processlist table. (Bug #38043683)

Queries with the same SQL_DIGEST could produce identical summaries, even if they had distinct characteristics, such as differing ORDER BY clauses. The digest computation has been improved to better distinguish between these queries. (Bug #31103386)

Client-server handshake errors occured during authentication with the authentication_oci plugin, when using the --default-auth parameter, if the server and client's default authentication methods were different on first connection. Errors were returned similar to the following:

        An error occurred during the client server handshake.
      

(Bug #37092159)

MySQL Replication supports enhanced security features with encryption now being enabled for all replication connections by default. With this configuration change, the default value of the SOURCE_SSL option in the CHANGE REPLICATION SOURCE TO Statement has been changed to 1, the default value of the group_replication_ssl_mode variable has been changed to REQUIRED, and the default value of the group_replication_recovery_use_ssl variable has been changed to ON.

For more information, see Replication Security. (WL #16438)

To enable enhanced replication capabilities by default, the default values of gtid_mode has been changed to ON. Additionally, the default value of enforce_gtid_consistency has been changed from ON.

For more information, see Replication with Global Transaction Identifiers. (WL #8602)

Geometry functions now support the inclusion of CRS URN in implicit JSON representation, ensuring that spatial reference system information is preserved when converting geometries to GeoJSON. This enhancement enables accurate representation and updating of geometry values in JSON duality views. It also affects the ST_AsGeoJSON function with options 2 and 4, which now always includes a CRS URN. With this update, GeoJSON resulting from an implicit conversion from a geometry type will have an extra "crs" attribute, providing a more comprehensive and accurate geometric representation.

See Spatial GeoJSON Functions for more information. (WL #16929)

Errors encountered by the sys.ps_trace_thread stored procedure were not handled properly.

Our thanks to Artem Avetian for the contribution. (Bug #34537707)

The sys schema stored procedure, revoke_schema_privileges_from_all_accounts_except() is now installed by default. This procedure enables you to revoke privileges on a schema, for all users, except for a defined list of exceptions.

See The revoke_schema_privileges_from_all_accounts_except() Procedure for more information. (WL #16996)

MySQL Thread Pool now supports automatic hardware-based configuration, allowing it to detect the underlying server hardware and set optimal defaults for better performance. The plugin automatically adjusts its settings based on the number of VCPUs available on the system, and users can still make changes when needed. Additionally, the plugin automatically validates and correct misconfigured parameters, and logs warnings when values are auto-corrected.

The following system variables are affected:

(WL #16621)

Logical clock handling for CREATE ... SELECT statements has been improved to ensure accurate logical clock values in the replica relay log. (Bug #38383106)

The server sometimes processed table references incorrectly. (Bug #38001000)