Connector/C++ now supports authentication to MySQL Server using devices such as smart cards, security keys, and biometric readers. This authentication method is based on the Fast Identity Online (FIDO) standard. To ensure client applications using the legacy JBDC API are notified when a user is expected to interact with the FIDO device, Connector/C++ implements the new setCallback() method in the MySQL_Driver class that accepts a single callback argument named Fido_Callback.

class Fido_Callback
{
public:

  Fido_Callback(std::function<void(SQLString)>);

  /**
  * Override this message to receive Fido Action Requests
  */
  virtual void FidoActionRequested(sql::SQLString msg);

};

Any connection created by the driver can use the callback, if needed. However, if an application does not set the callback explicitly, libmysqlclient determines the behavior by default, which involves printing a message to standard output.

A client application has two options for obtaining a callback from the connector:

Setting a new callback always removes the previous callback. To disable the active callback and restore the default behavior, pass nullptr as a function callback. Example:

driver->setCallBack(Fido_Callback(nullptr));

For more information about FIDO authentication, see FIDO Pluggable Authentication. (WL #14878)

For platforms on which OpenSSL libraries are bundled, the linked OpenSSL library for Connector/C++ has been updated to version 1.1.1n. Issues fixed in the new OpenSSL version are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html. (Bug #33987637)

The Connector/C++ X DevAPI Reference documentation, available at https://dev.mysql.com/doc/index-connectors.html, updated its usage instructions for the Collection.modify().unset() operation. The argument to unset() is a string to be interpreted as a document path expression (similar to "$.foo.'bar'"), rather than a literal field name. If the argument contains special characters (spaces, '.', '$', and so on), then it is necessary to enclose the field name in quotation marks. For example:

Collection.modify(~~).unset(""field name with spaces"")

(Bug #33795881)

Connector/C++ supports new aliases for existing TLS/SSL connection options to deliver better alignment among X DevAPI, X DevAPI for C, and the legacy JDBC-based API. This alignment effort ensures that option naming, functionality, and behavior are implemented consistently while also retaining compatibility with the existing options. For example, Connector/C++ now ensures that setting TLS/SSL connection options, along with ssl-mode=DISABLED, does not return an error if a client application provides incompatible options, or if the same option is repeated in a connection string or with properties.

Changes that apply to X DevAPI and X DevAPI for C are:

The new aliases for the legacy JDBC API are:

When using the legacy JDBC API, the effect of setting an option twice is determined by the client library. In addition, TLS/SSL options are not supported in URI-like strings when using the legacy JDBC API. (WL #14846)

Bit-value types in aggregate functions could return unexpected values for an application that uses the legacy JDBC API. (Bug #33748725)

The Connector/C++ classic driver was unable to find authentication plugins unless the OPT_PLUGIN_DIR connection option was set explicitly. The driver now uses its shared library to determine the plugin location as a relative path. (Bug #33721056)

On Windows, when an application using the legacy JDBC API attempted to authenticate a user with a plugin that was unable to find a required library, the process halted rather than emitting an error message. (Bug #33701997)