Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-25925

MySQL default auth plugin

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Data Center
    • None
    • 4
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem

      After migration to MySQL version 8.0, started getting a lot of messages like this in the MySQL log file:

      [Warning] [MY-013360] [Server] Plugin mysql_native_password reported: 'mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'

      If the mysql_native_password is changed to caching_sha2_password, Jira won't work (fails to connect to the database)

      Suggested Solution

      Why This Is Important

      Since MySQL will deprecate mysql_native_password shortly and Jira works with that only, support for caching_sha2_password must be added

      Workaround

      Leave as mysql_native_password and change MySQL log level to avoid receiving those warnings.

            [JSWSERVER-25925] MySQL default auth plugin

            SET Analytics Bot made changes -
            Support reference count Original: 3 New: 4
            SET Analytics Bot made changes -
            Support reference count New: 3

            fmoussat added a comment -

            9 months and nothing has been done to support the caching_sha2_password plugin! SHA-1 has been obsolete for a long time, broken, and therefore highly vulnerable.

            How is it that Atlassian takes Jira's security so lightly?

            When, and in which version, will Jira support SHA-256? This should be a top priority!

            fmoussat added a comment - 9 months and nothing has been done to support the caching_sha2_password plugin! SHA-1 has been obsolete for a long time, broken, and therefore highly vulnerable. How is it that Atlassian takes Jira's security so lightly? When, and in which version, will Jira support SHA-256? This should be a top priority!
            Andre Oliveira (Inactive) created issue -

              Unassigned Unassigned
              492e9b7c1fb9 Andre Oliveira (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: