Getting warnings related to "mysql_native_password" authentication plugin deprecation in Confluence DC

Still need help?

The Atlassian Community is here for you.

Ask the community

This article requires fixes

This article has been Flagged for fixing. Use caution when using it and fix it if you have Publisher rights.

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Upgrading from MySQL5.7 to MySQL8 for being compliant with the new Supported Platforms restrictions in Confluence, triggers warning messages related to 'mysql_native_password' plugin. 

Environment

Confluence 7.19 or Confluence 8 

MySQL 8

Diagnosis

In the MySQL logs, the following warning can be observed after starting to use MySQL v8:

2024-02-26T09:56:15.444623Z 9 [Warning] [MY-013360] [Server] Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'

Cause

 mysql_native_password is considered weak compared to more modern authentication methods like the default caching_sha2_password. This authentication method is marked as deprecated since MySQL 8.0.34 as officially mentioned in here and fully removed starting in MySQL v9.0 as stated in the following Oracle blogpost: MySQL 9.0 – it’s time to abandon the weak authentication method

Solution

caching_sha2_password plugin is supported by MySQL since MySQL Driver 8.0.9 as officially stated in their own documentation: MySQL Connector/J Release Notes >  Changes in MySQL Connector/J 8.0.9 (2018-01-30, Release Candidate)

To connect to the server using an account that authenticates with the caching_sha2_password plugin, you must use either a secure connection or an unencrypted connection that supports password exchange using an RSA key pair. You can read more about configuring MySQL with SSL in their documentation Connecting Securely Using SSL. Either way, the caching_sha2_password plugin uses MySQL's encryption capabilities. See Section 8.3, “Using Encrypted Connections”.

From Confluence's point of view, there is no impediment that prevents this configuration to work as long as it is properly configured in the database side. 


Last modified on Jul 19, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.