Getting warnings related to "mysql_native_password" authentication plugin deprecation in Confluence DC

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Upgrading from MySQL5.7 to MySQL8 for being compliant with the new Supported Platforms restrictions in Confluence, triggers warning messages related to 'mysql_native_password' plugin. 

Environment

Confluence 7.19 or Confluence 8 

MySQL 8

Diagnosis

In the MySQL logs, the following warning can be observed after starting to use MySQL v8:

1 2024-02-26T09:56:15.444623Z 9 [Warning] [MY-013360] [Server] Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'

Cause

mysql_native_passwordis considered weak compared to more modern authentication methods like the defaultcaching_sha2_password. This authentication method is marked as deprecated since MySQL 8.0.34 as officially mentioned in here and fully removed starting in MySQL v9.0 as stated in the following Oracle blogpost: MySQL 9.0 – it’s time to abandon the weak authentication method

Solution

caching_sha2_passwordplugin is supported by MySQL since MySQL Driver 8.0.9 as officially stated in their own documentation: MySQL Connector/J Release Notes >  Changes in MySQL Connector/J 8.0.9 (2018-01-30, Release Candidate)

To connect to the server using an account that authenticates with the caching_sha2_password plugin, you must use either a secure connection or an unencrypted connection that supports password exchange using an RSA key pair. You can read more about configuring MySQL with SSL in their documentation Connecting Securely Using SSL. Either way, the caching_sha2_password plugin uses MySQL's encryption capabilities. See Section 8.3, “Using Encrypted Connections”.

From Confluence's point of view, there is no impediment that prevents this configuration to work as long as it is properly configured in the database side. 

Updated on March 14, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community