The default value of --server-ssl-mode is changed from AS_CLIENT to PREFERRED. (WL #15966)

MySQL Router now supports client TLS certificates.

The following configuration options are introduced:

(WL #14304)

If a client sent read-only statements to a destination which was not configured as super_read_only, using the Read-Write splitting port, MySQL Router redirected the statement to the primary. The statement did not return the correct result. (Bug #36042078)

Queries with trailing semi-colons (;) were treated as multi-statements, which is not permitted if MySQL Router is configured for Read-Write Splitting. (Bug #36036725)

It was not possible to connect to the read-write splitting port with Connector/J. The following error was returned:

       Unknown character set ''

(Bug #35968017)

If MySQL Router was bootstrapped over an existing configuration, the existing user's credentials were retrieved from the keyring and reused, even if the user used the deprecated authentication plugin, mysql_native_password.

As of this release, MySQL Router checks the user's authentication method and, if it is set to mysql_native_password, changes it to the Cluster's default if there are no other user@host entries for the MySQL Router user. If there is more than one such entry, a warning is returned, advising the user to manually correct the authentication configuration. (Bug #35943415)

If MySQL Router was bootstrapped against an InnoDB Cluster, without using an existing account or using the --force-password-verification parameter, the auto-created metadata user was created using the mysql_native_password plugin. This plugin was deprecated in MySQL Server 8.1 and is subject to removal in a future release.

As of this release, the metadata user is created using the default authorization plugin defined on the InnoDB Cluster. (Bug #35737357)

In the Docker image for MySQL Router 8.2.0, the read-write splitting port, 6450, was not exposed by default. (Bug #112900, Bug #35964936)