Added support for the following MySQL server enterprise keyring features: keyring UDF functions, keyring_file, keyring_encrypted_file, and keyring_oci. This adds a new "keyring" element to the InnoDB Cluster specification.

An unhandled exception was emitted by dba.removeInstance() if the finalizer of the pod being deleted (due to eviction, scale down, version upgrade, or general STS change) was not removed; the operation would remain stuck in the terminating state. (Bug #34860802)

Defining a repository URL with a trailing slash was not recognized as a valid URL. (Bug #34731139)

Added podLabels and podAnnotations support for InnoDB cluster and backup profiles. (Bug #34728086, Bug #34733731)

The readinessprobe.sh script could not write to /mysql-ready as a shortcut to indicate readiness for the container. It's now written to /tmp/mysql-ready and functions for new InnoDB clusters. (Bug #34719171)

InnoDB cluster deployment could create a second router before the first router was terminated, and do so when one router was expected. (Bug #34689594)

The MySQL InnoDBCluster helm charts did not allow specifying the podSpec for a router. This prevented specifying settings such as affinity for the deployed routers. (Bug #34659086)

Operator now supports a spec.initDB.dump.options object as a dictionary of key-value pairs that are directly passed to MySQL Shell's loadDump(). (Bug #34648640)

Added a securityContext specification to backups that allows the backup pod to execute and store files as user mysql:mysql instead of user root:root. This also adds a new initContainer named fixdumpdir that changes the mounted directory to mysql:mysql. (Bug #34559403)

Altered security context capabilities by changing the following privileges from 'add' to 'drop': DAC_OVERRIDE, SETGID, SETUID, SYS_NICE, and SYS_RESOURCE. (Bug #108196, Bug #34568118)