MySQL for PCF Release Notes

Warning: MySQL for Pivotal Cloud Foundry v2.3 is no longer supported because it has reached the End of General Support (EOGS) phase. To stay up to date with the latest software and security updates, upgrade to a supported version.

Pivotal recommends upgrading to the latest version of your current minor release before you upgrade to the latest available version of the new minor release. For example, if you use v2.2.3, upgrade to the latest version of 2.2 before upgrading to the latest version of 2.3.

For product versions and upgrade paths, see the Product Compatibility Matrix.

v2.3.5

Release Date: April 5, 2019

Updated Dependencies

Updated dependencies in this release:

• Updates Service Backups to v18.2.0. This update includes the following:
  • smoke-tests errands can be used in environments that use custom Java buildpacks with OracleJDK for PCF Release Notes.

Resolved Issue

This release fixes a known issue, so that:

• Azure backups support on-premise blob storage. For more information, see the Blob Store Base URL field in Option 4: Back Up to Azure Storage.

Known Issue

This release has the following issue:

• If you set Plan 1 to Inactive in the MySQL for Pivotal Cloud Foundry tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.

v2.3.4

Release Date: February 20, 2019

Security Fixes

This release includes the following security fixes:

• Updates golang to v1.11.4 to address CVE-2018-16873.
• Updates Percona Server to v5.7.24-26 to address CVE-2018-3133.

Known Issue

This release has the following issue:

• If you set Plan 1 to Inactive in the MySQL for Pivotal Cloud Foundry tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.

Compatibility

This release uses the following component versions:

v2.3.3

Release Date: November 29, 2018

Known Issues

This release has the following issues:

• Service instances cannot be upgraded individually using the cf update-service CLI command. To upgrade service instances after a tile upgrade, operators must run the upgrade-all-service-instances BOSH errand.

• If you set Plan 1 to Inactive in the MySQL for Pivotal Cloud Foundry tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.

Security Fixes

This release includes the following security fix:

• Critical CVE-2018-15759: On Demand Services SDK Timing Attack Vulnerability

Compatibility

This release uses the following component versions:

v2.3.2

Release Date: November 7, 2018

Features

New features and changes in this release:

• find-non-tls-bindings BOSH errand error messages have been improved to make determining the cause of failure easier.

Fixed Issues

This release fixes the following issues:

• The mysqldump --all-databases step no longer fails during manual backups. For more information, see Manual Backup.
• Smoke tests no longer fail if Service Plan Access is set to manual.
• find-non-tls-bindings BOSH errands no longer fail when the Secure Service Bindings feature is disabled and CredHub is enabled on the deployment.
• The mysql-restore command now completely cleans up pre-existing MySQL users with column or table level privileges in the database.

Known Issue

This release has the following issue:

• If you set Plan 1 to Inactive in the MySQL for Pivotal Cloud Foundry tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.

v2.3.1

Release Date: June 22, 2018

Known Issues

This release has the following issues:

• If you set Plan 1 to Inactive in the MySQL for Pivotal Cloud Foundry tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.

• The mysqldump --all-databases step when doing a manual backup will not work due to a MySQL user permissions issue.

Features

New features and changes in this release:

• Operators can set the global limit for maximum service instances to 200.
• Operators can audit connections to service instances to determine which instances are not using TLS. They can do this by running the find-non-tls-bindings BOSH errand.

Fixed Issues

This release fixes the following issue:

• Fixes the known issue in MySQL for PCF v2.3.0 where apps cannot bind to/unbind from an outdated service instance.

v2.3.0

Release Date: June 1, 2018

Known Issues

This release has the following issues:

• After upgrading to MySQL for PCF v2.3.0, developers cannot create new bindings to a service instance that has not also been upgraded. For apps to bind and unbind successfully, operators must run the upgrade-all-service-instances errand. For more information, see Upgrade MySQL Instances.

• MySQL for PCF v2.3.0 requires v2.0 of the Cloud Foundry CLI MySQL plugin if secure service instance credentials are enabled. For more information, see the Cloud Foundry CLI MySQL Plugin GitHub repository and Configure Security in Installing and Configuring MySQL for PCF.

• If you set Plan 1 to Inactive in the MySQL for Pivotal Cloud Foundry tile, your installation fails when you apply changes. To fix this issue, ensure that Plan 1 is always configured.

• The mysqldump --all-databases step when doing a manual backup will not work due to a MySQL user permissions issue.

Features

New features and changes in this release:

• Transport Layer Security

  • TLS (formerly known as SSL) can now be used with apps, Docker-based containers, and other clients.
    
    
  • With MySQL for PCF v2.3.0, apps can connect to MySQL over TLS, without the need for IPsec. To use TLS as an operator or developer, see Preparing for TLS.
    
    
  • TLS works for desktop clients as well, if network connectivity allows. Follow Accessing Services with SSH, and use the CA cert provided by the service key.

• Synchronous replication

  When choosing the leader-follower topology, developers can enable MySQL “semi-synchronous” mode to ensure that transactions are replicated in real time. This ensures availability in case of host or AZ failure. For more information about synchronous replication, see Enable Semi-Synchronous Replication.

• Service Credentials stored securely

  For Pivotal Application Service (PAS) v2.0 and later, operators can store service credentials in runtime CredHub.

  To ensure that credentials are stored in CredHub, any apps that are currently bound to service instances must be re-bound.
  
  

  For more information, see the following:

  • Securing Services Instance Credentials with Runtime CredHub
  • Configure Security in Installing and Configuring MySQL for PCF

• Improvements for developers:

  • Developers can now create multiple database schemas within a dedicated service instance. Database credentials created for application bindings or service keys can create new MySQL databases (schemas). This means that multiple apps can co-exist on the same service instance without interfering or having access to other schemas. To use this feature, run: create database NAME-OF-NEW-SCHEMA.

  • Developers can now define the database charset and collation.

    For information about defining these parameters, see Changing MySQL Server Defaults.

  • If developers supply invalid optional parameters when creating or updating a service instance, they receive an error message. For information about optional parameters, see Use Optional Parameters.

• Improvements for operators:

  • There is a new Service Instance Upgrades pane. In this pane, operators set how many canary upgrades must succeed and how many service instances may be upgraded in parallel. For more information, see Configure Service Instance Upgrades.
  • The output wording for the inspect and configure-leader-follower errands is improved.
  • If system logging is configured, the output from the broker errands is now sent to syslog. For information about configuring, see Configure System Logging.
  • Logs sent to syslog are now annotated with the assigned hostname or IP address.
  • All errands now send non-error output to stdout.

• Improvements to backups:

  • Operators are no longer required to specify an AWS region when using Amazon S3 to store backup artifacts.
  • Operators no longer need to provide the admin credential when restoring a backup artifact.
  • For PCF 2.0 and later, all backup encryption keys are stored in BOSH CredHub so that backup artifacts can be decrypted even after the service instance is deleted.

• Improvements to smoke tests:

  • The service broker smoke-tests errand now runs in the org and space system:pivotal-services so that operators can configure ASGs to allow the smoke-tests errand to succeed. For how to create an ASG, see Create an Application Security Group for MySQL for PCF.
  • The timeout for smoke tests is now 30 minutes. This accommodates very slow infrastructures.

Security Fixes

This release includes the following security fix:

• The metrics collection job now connects to the MySQL server over a Unix domain socket. This reduces the scope of access for the metrics collection job user.

Fixed Issues

This release fixes the following issues that developers might have experienced:

• Developers cannot lose access to a persistent disk by updating the plan of a service instance.

• Developers can now un-bind and re-bind an app from a leader-follower instance, even when the leader is down.

• If the broker is upgraded but the service instances are not, developers can now un-bind and re-bind an app to an outdated service instance.

This release fixes the following issue that operators might have experienced:

• Extra whitespace in Azure backup configuration no longer causes backup failures.

Compatibility

This release uses the following component versions: