[Bug 2031548] Re: 8.0.34 client lib change in behavior/output - new warning - breaking apps

Tue Sep 19 19:26:45 UTC 2023

Oracle does not really have 'security updates'. They provide 'patch
level' releases which contain bug fixes, sometimes new features, and
also security fixes. However, between patch level versions they should
not be making API changes that break your app. In this case, generating
a warning is not really an API level change but it can cause things
perceived as 'breakage' in many scenarios.

I wanted to emphasize that upstream, Oracle has accepted the bug report
about the deprecation warning being introduced in a patch level release.
https://bugs.mysql.com/bug.php?id=112089

If this means that they might revert this behavior again in an upcoming
patch level release or maybe keep it as a 'known issue', I'm not sure.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apr-util in Ubuntu.
https://bugs.launchpad.net/bugs/2031548

Title:
  8.0.34 client lib change in behavior/output - new warning - breaking
  apps

Status in MySQL Server:
  Unknown
Status in apr-util package in Ubuntu:
  Confirmed
Status in libdbd-mysql-perl package in Ubuntu:
  Fix Released
Status in mysql-8.0 package in Ubuntu:
  Confirmed
Status in apr-util source package in Focal:
  Fix Released
Status in libdbd-mysql-perl source package in Focal:
  Fix Released
Status in mysql-8.0 source package in Focal:
  Confirmed
Status in apr-util source package in Jammy:
  Fix Released
Status in libdbd-mysql-perl source package in Jammy:
  Fix Released
Status in mysql-8.0 source package in Jammy:
  Confirmed
Status in apr-util source package in Lunar:
  Fix Released
Status in libdbd-mysql-perl source package in Lunar:
  Fix Released
Status in mysql-8.0 source package in Lunar:
  Confirmed
Status in apr-util source package in Mantic:
  Confirmed
Status in libdbd-mysql-perl source package in Mantic:
  Fix Released
Status in mysql-8.0 source package in Mantic:
  Confirmed

Bug description:
  The introduction of this warning output in a MINOR version/security
  update is completely inappropriate, regardless of it's validity. A
  minor version update of a package should NEVER change fundamental
  behavior

      WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in
  a future version.

  Any application (particularly web applications) that depended on mysql
  client library are now broken due to this additional warning being
  just dumped into the output of the app, such a API endpoints producing
  JSON.

  Please produce a newer build that does output the warning.

  I am not arguing for or against the change in functionality/defaults
  on the MYSQL_OPT_RECONNECT -- only about the zero-warning introduction
  of new warning level output in a dependent library.

  If this were a "hey we just found a major security problem, and we see
  you are using the function in a way that triggers it, so we are going
  to spew out an _ERROR_ level warning", that might be justifiable.
  Spewing out a new warning to say "Your app MIGHT break in the future."
  when the new effect is "We're going to break it NOW!" is not.

  8.0.33-0ubuntu0.20.04.4 is last working
  8.0.34-0ubuntu0.20.04.1 is when the BUG was introduced.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mysql-server/+bug/2031548/+subscriptions