Release Notes / Version 10.2107
Table Of ContentsThe mysql-connector-java Java library has been updated to version 8.0.28 to avoid security vulnerability CVE-2022-21363 of the previous version. Note, that the updated version of mysql-connector-java also dropped support for deprecated TLSv1 and TLSv1.1 connection protocols and requires using more-secure TLSv1.2 or TLSv1.3 protocols.
For details, see the release notes of the mysql-connector-java driver in https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/news-8-0-28.html .
The MySQL Server has to support at least TLSv1.2 when using the new driver version. Note, that the official docker image for the community edition of MySQL 5.7 doesn't currently support that, see
https://github.com/docker-library/mysql/issues/567
. If you are using that image with SSL enabled, you will have to adapt your setup, or revert the update of the driver in
shared/common/modules/shared/database-drivers/pom.xml
. You could also think about updating to MySQL 8, which is also still supported for the next major release CMCC 11.
(CMS-21104)