MySQL for PCF Release Notes
Note: This version of MySQL for Pivotal Platform is no longer supported because it has reached the End of General Support phase. To stay up to date with the latest software and security updates, upgrade to a supported version.
Pivotal recommends upgrading to the latest version of your current minor release before you upgrade to the latest available version of the new minor release. For example, if you use v2.2.3, upgrade to the latest version of 2.2 before upgrading to the latest version of 2.3.
For product versions and upgrade paths, see the Product Compatibility Matrix.
v2.3.5
Release Date: April 5, 2019
Updated Dependencies
Updated dependencies in this release:
- Updates Service Backups to v18.2.0. This update includes the following:
smoke-testserrands can be used in environments that use custom Java buildpacks with OracleJDK for PCF Release Notes.
Resolved Issue
This release fixes a known issue, so that:
- Azure backups support on-premise blob storage. For more information, see the Blob Store Base URL field in Option 4: Back Up to Azure Storage.
Known Issue
This release has the following issue:
- If you set Plan 1 to Inactive in the MySQL for Pivotal Platform tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.
v2.3.4
Release Date: February 20, 2019
Security Fixes
This release includes the following security fixes:
- Updates golang to v1.11.4 to address CVE-2018-16873.
- Updates Percona Server to v5.7.24-26 to address CVE-2018-3133.
Known Issue
This release has the following issue:
- If you set Plan 1 to Inactive in the MySQL for Pivotal Platform tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.
Compatibility
This release uses the following component versions:
| Component | Version |
|---|---|
| Stemcell | Ubuntu Trusty 3541.x |
v2.3.3
Release Date: November 29, 2018
Known Issues
This release has the following issues:
- Service instances cannot be upgraded individually using the
cf update-serviceCLI command. To upgrade service instances after a tile upgrade, operators must run theupgrade-all-service-instancesBOSH errand.
- If you set Plan 1 to Inactive in the MySQL for Pivotal Platform tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.
Security Fixes
This release includes the following security fix:
Compatibility
This release uses the following component versions:
| Component | Version |
|---|---|
| Stemcell | 3541.x |
v2.3.2
Release Date: November 7, 2018
Features
New features and changes in this release:
find-non-tls-bindingsBOSH errand error messages have been improved to make determining the cause of failure easier.
Fixed Issues
This release fixes the following issues:
- The
mysqldump --all-databasesstep no longer fails during maunal backups. For more information, see Manual Backup. - Smoke tests no longer fail if Service Plan Access is set to manual.
find-non-tls-bindingsBOSH errands no longer fail when the Secure Service Bindings feature is disabled and Credhub is enabled on the deployment.- The
mysql-restorecommand now completely cleans up pre-existing MySQL users with column or table level privileges in the database.
Known Issue
This release has the following issue:
- If you set Plan 1 to Inactive in the MySQL for Pivotal Platform tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.
v2.3.1
Release Date: June 22, 2018
Known Issues
This release has the following issues:
- If you set Plan 1 to Inactive in the MySQL for Pivotal Platform tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.
- The
mysqldump --all-databasesstep when doing a manual backup will not work due to a MySQL user permissions issue.
Features
New features and changes in this release:
- Operators can set the global limit for maximum service instances to 200.
- Operators can audit connections to service instances to determine which instances are not using TLS.
They can do this by running the
find-non-tls-bindingsBOSH errand.
Fixed Issues
This release fixes the following issue:
- Fixes the known issue in MySQL for PCF v2.3.0 where apps cannot bind to/unbind from an outdated service instance.
v2.3.0
Release Date: June 1, 2018
Known Issues
This release has the following issues:
- After upgrading to MySQL for PCF v2.3.0, developers cannot create new bindings
to a service instance that has not also been upgraded.
For apps to bind and unbind successfully, operators must run the
upgrade-all-service-instanceserrand. For more information, see Upgrade MySQL Instances. - MySQL for PCF v2.3.0 requires v2.0 of the Cloud Foundry CLI MySQL plugin if secure service instance credentials are enabled. For more information, see the Cloud Foundry CLI MySQL Plugin GitHub repository and Configure Security in Installing and Configuring MySQL for PCF.
- If you set Plan 1 to Inactive in the MySQL for Pivotal Platform tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.
- The
mysqldump --all-databasesstep when doing a manual backup will not work due to a MySQL user permissions issue.
Features
New features and changes in this release:
Transport Layer Security
- TLS (formerly known as SSL) can now be used with apps, Docker-based containers, and other clients.
- With MySQL for PCF v2.3.0, apps can connect to MySQL over TLS, without the need for IPsec.
To use TLS as an operator or developer,
see Preparing for TLS.
- TLS works for desktop clients as well, if network connectivity allows. Follow Accessing Services with SSH, and use the CA cert provided by the service key.
- TLS (formerly known as SSL) can now be used with apps, Docker-based containers, and other clients.
Synchronous replication
When choosing the leader-follower topology, developers can enable MySQL “semi-synchronous” mode to ensure that transactions are replicated in real time. This ensures availability in case of host or AZ failure. For more information about synchronous replication, see Enable Semi-Synchronous Replication.
Service Credentials stored securely
For Pivotal Application Service (PAS) v2.0 and later, operators can store service credentials in runtime CredHub.
To ensure that credentials are stored in CredHub, any apps that are currently bound to service instances must be re-bound.
For more information, see the following:
- Securing Services Instance Credentials with Runtime CredHub
- Configure Security in Installing and Configuring MySQL for PCF
Improvements for developers:
- Developers can now create multiple database schemas within a dedicated service instance.
Database credentials created for application bindings or service keys can create new MySQL databases (schemas).
This means that multiple apps can co-exist on the same service instance without
interfering or having access to other schemas.
To use this feature, run:
create database NAME-OF-NEW-SCHEMA. Developers can now define the database charset and collation.
For information about defining these parameters, see Changing MySQL Server Defaults.
If developers supply invalid optional parameters when creating or updating a service instance, they receive an error message. For information about optional parameters, see Use Optional Parameters.
- Developers can now create multiple database schemas within a dedicated service instance.
Database credentials created for application bindings or service keys can create new MySQL databases (schemas).
This means that multiple apps can co-exist on the same service instance without
interfering or having access to other schemas.
To use this feature, run:
Improvements for operators:
- There is a new Service Instance Upgrades pane. In this pane, operators set how many canary upgrades must succeed and how many service instances may be upgraded in parallel. For more information, see Configure Service Instance Upgrades.
- The output wording for the
inspectandconfigure-leader-followererrands is improved. - If system logging is configured, the output from the broker errands is now sent to syslog. For information about configuring, see Configure System Logging.
- Logs sent to syslog are now annotated with the assigned hostname or IP address.
- All errands now send non-error output to stdout.
Improvements to backups:
- Operators are no longer required to specify an AWS region when using Amazon S3 to store backup artifacts.
- Operators no longer need to provide the admin credential when restoring a backup artifact.
- For PCF 2.0 and later, all backup encryption keys are stored in BOSH CredHub so that backup artifacts can be decrypted even after the service instance is deleted.
Improvements to smoke tests:
- The service broker
smoke-testserrand now runs in the org and spacesystem:pivotal-servicesso that operators can configure ASGs to allow thesmoke-testserrand to succeed. For how to create an ASG, see Create an Application Security Group for MySQL for PCF. - The timeout for smoke tests is now 30 minutes. This accommodates very slow infrastructures.
- The service broker
Security Fixes
This release includes the following security fix:
- The metrics collection job now connects to the MySQL server over a Unix domain socket. This reduces the scope of access for the metrics collection job user.
Fixed Issues
This release fixes the following issues that developers might have experienced:
Developers cannot lose access to a persistent disk by updating the plan of a service instance.
Developers can now un-bind and re-bind an app from a leader-follower instance, even when the leader is down.
If the broker is upgraded but the service instances are not, developers can now un-bind and re-bind an app to an outdated service instance.
This release fixes the following issue that operators might have experienced:
- Extra whitespace in Azure backup configuration no longer causes backup failures.
Compatibility
This release uses the following component versions:
| Component | Version |
|---|---|
| Stemcell | 3541.x |
| Percona Server | 5.7.21-20 |
| golang | 1.9.6 This is a downgrade because of an issue with golang v1.10. |