Documentation Home
MySQL Connector/C++ Release Notes
Related Documentation Download these Release Notes
PDF (US Ltr) - 341.3Kb
PDF (A4) - 342.2Kb


MySQL Connector/C++ Release Notes  /  Changes in MySQL Connector/C++ 8.0  /  Changes in MySQL Connector/C++ 8.0.29 (2022-04-26, General Availability)

Changes in MySQL Connector/C++ 8.0.29 (2022-04-26, General Availability)

Pluggable Authentication

  • Connector/C++ now supports authentication to MySQL Server using devices such as smart cards, security keys, and biometric readers. This authentication method is based on the Fast Identity Online (FIDO) standard. To ensure client applications using the legacy JBDC API are notified when a user is expected to interact with the FIDO device, Connector/C++ implements the new setCallback() method in the MySQL_Driver class that accepts a single callback argument named Fido_Callback.

    class Fido_Callback
    {
    public:
    
      Fido_Callback(std::function<void(SQLString)>);
    
      /**
      * Override this message to receive Fido Action Requests
      */
      virtual void FidoActionRequested(sql::SQLString msg);
    
    };

    Any connection created by the driver can use the callback, if needed. However, if an application does not set the callback explicitly, libmysqlclient determines the behavior by default, which involves printing a message to standard output.

    Note

    On Windows, the client application must run as administrator. The is a requirement of the fido2.dll library, which is used by the authentication_fido plugin.

    A client application has two options for obtaining a callback from the connector:

    • By passing a function or lambda to Fido_Callback.

      driver->setCallBack(Fido_Callback([](SQLString msg) {...}));
    • By implementing the virtual method FidoActionRequested.

      class MyWindow : public Fido_Callback
      {
        void FidoActionRequested(sql::SQLString msg) override;
      };
      
      MyWindow window;
      driver->setCallBack(window);

    Setting a new callback always removes the previous callback. To disable the active callback and restore the default behavior, pass nullptr as a function callback. Example:

    driver->setCallBack(Fido_Callback(nullptr));

    For more information about FIDO authentication, see FIDO Pluggable Authentication.

Security Notes

X DevAPI Notes

  • The Connector/C++ X DevAPI Reference documentation, available at https://dev.mysql.com/doc/index-connectors.html, updated its usage instructions for the Collection.modify().unset() operation. The argument to unset() is a string to be interpreted as a document path expression (similar to "$.foo.'bar'"), rather than a literal field name. If the argument contains special characters (spaces, '.', '$', and so on), then it is necessary to enclose the field name in quotation marks. For example:

    Collection.modify(~~).unset(""field name with spaces"")

    (Bug #33795881)

Functionality Added or Changed

  • Connector/C++ supports new aliases for existing TLS/SSL connection options to deliver better alignment among X DevAPI, X DevAPI for C, and the legacy JDBC-based API. This alignment effort ensures that option naming, functionality, and behavior are implemented consistently while also retaining compatibility with the existing options. For example, Connector/C++ now ensures that setting TLS/SSL connection options, along with ssl-mode=DISABLED, does not return an error if a client application provides incompatible options, or if the same option is repeated in a connection string or with properties.

    Changes that apply to X DevAPI and X DevAPI for C are:

    • tls-version is added as an alias to the existing tls-versions connection option.

    • ssl-capath, ssl-crl, and ssl-crlpath options are now implemented with the same functionality as the legacy JDBC API.

    • If the same option is repeated, the last option value prevails.

    The new aliases for the legacy JDBC API are:

    • ssl-mode (for the existing OPT_SSLMODE option): Preferred security state of a connection to server.

    • ssl-ca (for the existing sslCA option): File that contains a list of trusted SSL Certificate Authorities.

    • ssl-capath (for the existing sslCAPath option): Directory that contains trusted SSL Certificate Authority certificate files.

    • ssl-cert (for the existing sslCert option): File that contains X.509 certificate.

    • ssl-cipher (for the existing sslCipher option): Permissible ciphers for connection encryption.

    • ssl-key (for the existing sslKey option): File that contains X.509 key.

    • ssl-crl (for the existing sslCRL option): File that contains certificate revocation lists.

    • ssl-crlpath (for the existing sslCRLPath option): Directory that contains certificate revocation-list files.

    • tls-version (for the existing OPT_TLS_VERSION option): Permissible TLS protocols for encrypted connections.

    When using the legacy JDBC API, the effect of setting an option twice is determined by the client library. In addition, TLS/SSL options are not supported in URI-like strings when using the legacy JDBC API.

Bugs Fixed

  • Bit-value types in aggregate functions could return unexpected values for an application that uses the legacy JDBC API. (Bug #33748725)

  • The Connector/C++ classic driver was unable to find authentication plugins unless the OPT_PLUGIN_DIR connection option was set explicitly. The driver now uses its shared library to determine the plugin location as a relative path. (Bug #33721056)

  • On Windows, when an application using the legacy JDBC API attempted to authenticate a user with a plugin that was unable to find a required library, the process halted rather than emitting an error message. (Bug #33701997)