Getting warnings related to "mysql_native_password" authentication plugin deprecation in Confluence DC
プラットフォームについて: Data Center - この記事は、Data Center プラットフォームのアトラシアン製品に適用されます。
このナレッジベース記事は製品の Data Center バージョン用に作成されています。Data Center 固有ではない機能の Data Center ナレッジベースは、製品のサーバー バージョンでも動作する可能性はありますが、テストは行われていません。サーバー*製品のサポートは 2024 年 2 月 15 日に終了しました。サーバー製品を利用している場合は、アトラシアンのサーバー製品のサポート終了のお知らせページにて移行オプションをご確認ください。
*Fisheye および Crucible は除く
要約
Upgrading from MySQL5.7 to MySQL8 for being compliant with the new Supported Platforms restrictions in Confluence, triggers warning messages related to 'mysql_native_password' plugin.
環境
Confluence 7.19 or Confluence 8
MySQL 8
診断
In the MySQL logs, the following warning can be observed after starting to use MySQL v8:
2024-02-26T09:56:15.444623Z 9 [Warning] [MY-013360] [Server] Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'
原因
mysql_native_password is considered weak compared to more modern authentication methods like the default caching_sha2_password. This authentication method is marked as deprecated since MySQL 8.0.34 as officially mentioned in here and fully removed starting in MySQL v9.0 as stated in the following Oracle blogpost: MySQL 9.0 – it’s time to abandon the weak authentication method
ソリューション
caching_sha2_password
plugin is supported by MySQL since MySQL Driver 8.0.9 as officially stated in their own documentation: MySQL Connector/J Release Notes > Changes in MySQL Connector/J 8.0.9 (2018-01-30, Release Candidate)
To connect to the server using an account that authenticates with the caching_sha2_password
plugin, you must use either a secure connection or an unencrypted connection that supports password exchange using an RSA key pair. You can read more about configuring MySQL with SSL in their documentation Connecting Securely Using SSL. Either way, the caching_sha2_password
plugin uses MySQL's encryption capabilities. See Section 8.3, “Using Encrypted Connections”.
From Confluence's point of view, there is no impediment that prevents this configuration to work as long as it is properly configured in the database side.