X DevAPI: The asynchronous variant of the X Protocol is no longer supported by Connector/J; the connection properties useAsyncProtocol and asyncResponseTimeout are now deprecated and have no effect when used. (WL #14017)

Security Enhancement: Previously, the LOCAL data loading capability for the LOAD DATA statement can be controlled on the client side only by enabling it for all files accessible to the client or by disabling it altogether, using the connection property allowLoadLocalInfile. A new connection property, allowLoadLocalInfileInPath, has been introduced to allow LOCAL data loading only from a specific filepath; see the description for the option in Configuration Properties for details. (WL #14096)

X DevAPI: A new connection property, xdevapi.compression-algorithms, has been introduced for specifying the compression algorithms to use and the priority in which they will be negotiated for.

Also, the older connection property xdevapi.compression-algorithm (without an “s” at the end of its name) has been renamed to xdevapi.compression-extensions; its function remains the same as before (providing implementations for compression algorithms), but the syntax for its value has been changed: each element in a triplet for an algorithm is now separated by a colon (:). See Connection Compression Using X DevAPI for details. (WL #14017)

X DevAPI: Connector/J now supports Java keystore for SSL client certificates for X DevAPI sessions. The following new connection properties have been introduced for the purpose:

See Connecting Securely Using SSL for details. (WL #13780)

When trying to open multiple connections to a MySQL server using Connector/J with a named pipe on Windows systems, the attempt sometimes failed with the "All pipe instances are busy" error. With this fix, if a timeout has been set using the connection property connectTimeout or the method DriverManager.setLoginTimeout(), Connector/J will retry opening the named pipe repeatedly until the timeout is reached or the named pipe is opened successfully. As a side-effect of this new behavior, there will be a delay, equal to the length of the timeout, for throwing an error for a failed named-pipe connection even when it is caused by an error other than "All pipe instances are busy." (Bug #31711961, Bug #98667)

When the connection option sslMode is set to VERIFY_IDENTITY, Connector/J now validates the host name in the connection string against the host names or IP addresses provided under the Subject Alternative Name (SAN) extension in the server's X.509 certificate. Also, verification against the Common Name (CN) is now performed when a SAN is not provided in the certificate or if it does not contain any DNS name or IP address entries. Host names listed in the certificate, under either the SAN or the CN, can contain a wildcard character as specified in the RFC 6125 standard. Thanks to Daniël van Eeden for contributing to the patch. (Bug #31443178, Bug #99767, Bug #28834903, Bug #92903)

When using Connector/J, the AbandonedConnectionCleanupThread thread can now be disabled completely by setting the new system property com.mysql.cj.disableAbandonedConnectionCleanup to true when configuring the JVM. The feature is for well-behaving applications that always close all connections they create. Thanks to Andrey Turbanov for contributing to the new feature. (Bug #30304764, Bug #96870)

Connector/J now supports client authentication with MySQL Enterprise Server using simple or SASL (SCRAM-SHA-1) LDAP authentication on Windows and Linux platforms. (WL #14115)

Connector/J can now be prevented from falling back to the system-wide truststore and keystore for server and client identity authentication, respectively. For JDBC connections, two new connection properties, fallbackToSystemKeyStore and fallbackToSystemTrustStore, have been introduced for the control. While those properties are true by default (fallbacks enabled), setting them to false disable fallbacks. See Connecting Securely Using SSL for details.

X DevAPI: Similar control for fallbacks for X DevAPI connections are provided by the new connection properties, xdevapi.fallback-to-system-keystore, and xdevapi.fallback-to-system-truststore. (WL #13780)

The integration classes for JBoss have been removed from Connector/J. (WL #14068)

In a load balancing setup, if the connection parameter loadBalanceBlacklistTimeout was set, a server that was once unavailable remained in the blocklist even after a connection to it has been reestablished, and this affected the system's performance. With this fix, the server is removed from the blocklist as soon as it becomes available again. (Bug #31699357, Bug #96309)

Using a PreparedStatement to store a Date into a database sometimes resulted in a NullPointerException. It was because some assignments were missing in ServerPreparedQueryBindValue.clone(), and this patch corrects the issue. (Bug #31418928, Bug #99713)

When a client attempted to establish a JDBC connection using the server's X Protocol port, Connector/J threw an ArrayIndexOutOfBoundsException. With this fix, Connector/J throws the proper exception for using the wrong protocol with the port and returns a proper error message. (Bug #31083755, Bug #99076)

LocalDate, LocalDateTime, and LocalTime values set through Connector/J were altered when there was a timezone difference between the server and the client. This fix corrects the issue by handling the LocalDate, LocalTime, and LocalDateTime with no time zone conversion and no intermediate conversions to other date-time classes. Thanks to Iwao Abe for his contribution to the fix. (Bug #29015453, Bug #93444)