As of this release, cluster.reset_recovery_accounts_password() is deprecated. It is replaced by the reset_replication_accounts_password() function.

reset_recovery_accounts_password() enables you to reset, or recreate, the credentials for the internal recovery and replication accounts and is now supported for Cluster, ClusterSet, and ReplicaSet deployments.

See Resetting Internal Replication Account Credentials. (Bug #37977363, WL #16904)

In previous versions, AdminAPI created internal accounts without explicitly specifying the authentication plugin; the server's default authentication plugin was used. This default has changed between versions and plugins such as mysql_native_password have been removed entirely. As a result, some AdminAPI-managed topologies could contain accounts created with outdated or obsolete plugins, causing authentication failures when upgrading server instances.

As of this release, AdminAPI creates internal replication accounts with the caching_sha2_password authentication plugin, if the target instance is running MySQL 8.0.4, or higher. Also, reset_replication_accounts_password() can be used on existing topologies with the recreate option to recreate internal accounts with the caching_sha2_password authentication plugin. (Bug #39051958)

If a target instance was configured to enforce a password policy stricter than the one used by AdminAPI, errors similar to the following were returned and the operation failed:

 RuntimeError: Dba.create_cluster: Unable to generate a password that complies with active 
 MySQL server password policies for account accountName

The AdminAPI generated passwords using a fixed length of 32 characters. If validate_password.length was set to a value larger than 32, the error was returned.

As of this release, for MySQL 8.0.18 or higher, internal accounts are created using IDENTIFIED BY RANDOM PASSWORD, ensuring the generated password complies with the active password policy. For older versions, the existing password generation method is used, but the value of validate_password.length is retrieved, thereby ensuring the generated password conforms to the target's policy. (Bug #38728092)

If a Read Replica, configured with the default 'replicationSources: PRIMARY', failed over to another source in a multi-primary cluster, status() incorrectly returned the warning current sources don't match the configured ones. This occurred because the check assumed only one PRIMARY was valid and flagged any other as a mismatch.

As of this release, all PRIMARY replicationSources are treated as valid across all primaries in multi-primary Clusters. (Bug #38598757)

MySQL Shell's copy and dump utilities now report accounts using the mysql_native_password authentication plugin as errors if ocimds is enabled for target versions 8.4 or higher.

A new compatibility option is added to the dump utilities, which is enabled by default for the copy utilities if the authentication plugin is enabled, target_has_mysql_native_password. This option makes it possible to dump or copy accounts from MySQL HeatWave Service DB Systems on which the mysql_native_password authentication plugin was enabled after they were created. (Bug #38852692)

Fixed an issue relating to the REST client. (Bug #39116948)

MySQL Shell did not correctly handle JSON documents with large amounts of nesting. (Bug #39116933, Bug #39116954)