Release Notes for MariaDB MaxScale 2.5.22


MariaDB MaxScale is an advanced database proxy, firewall, and query router.

MariaDB MaxScale 2.5.22 was released on 2022-10-11. This release is of General Availability (GA) maturity.

Issues Fixed

Can result in a hang or crash

  • A race condition in KILL command processing can cause MaxScale to crash. (MXS-4283)

  • When the persistpoolmax parameter is enabled and the KILL statement is executed, the connection that executes the statement hangs. (MXS-4209)

Can result in unexpected behavior

  • When using the MaxScale REST API, if an unknown parameter is given to maxctrl alter server a warning is reported instead of an error. This causes a generic HTTP error message to be printed: (MXS-4332)

    maxctrl alter server server1 ssl_ca /home/markusjm/ssl-certs/ca.pem
    Error: Server at responded with status code 403 to ``PATCH servers/server1``
    • Starting with this release, unknown parameters are logged at the error level, and will be correctly relayed to the client application.

  • When using the MaxScale REST API, maxctrl alter server fails if SSL is enabled. (MXS-4331)

    • Starting with this release, the runtime configuration code correctly detects no-op changes to the SSL configurations and ignores them.

  • When MaxScale is configured to use HTTPS and MaxCtrl is executed without the --secure option, the error message is unclear. (MXS-4321)

    • In previous releases, the following error message would be raised:

      Error: socket hang up
    • Starting with this release, the following error message is raised:

      If MaxScale is configured to use HTTPS, use the --secure option.
  • When using MaxCtrl with the MaxScale REST API, if an object name looks like a number, MaxCtrl automatically and incorrectly converts the object name to a number. (MXS-4313)

    • Starting with this release, object names are explicitly converted to strings.

  • The MaxScale REST API accepts empty values for id which allows users to be created with empty names. (MXS-4312)

  • MariaDB Monitor (mariadbmon) spams the log with connection errors if the server is both [Maintenance] and [Down]. (MXS-4304)

  • When the MaxScale REST API generates JWTs (JSON Web Tokens), the aud field is used to store the username instead of the sub field. (MXS-4279)

    • Starting with this release, to retain backwards compatibility with external applications, MaxScale still sets the aud field to the same value as the sub field, but MaxScale no longer reads the username from the aud field.

  • When use_sql_variables_in=all is configured and a write query modifies a user variable, MaxScale's query classifier can classify the query as a session command instead of as a write query, which can cause the query to be routed to replicas. (MXS-4269)

    • Starting with this release, write queries are not classified as session commands.

  • When replication fails to start on a replica node due to an incorrect password for the replication user, the Connection Router (readconnroute) still routes connections to the replica node. (MXS-4240, MXS-4239)

  • When replication fails to start on a replica node due to an incorrect password for the replication user, the MariaDB Monitor (mariadbmon) flags the node with the wrong server state. (MXS-4239)

    • In previous releases, commands like maxctrl list servers would show [Slave, Running] in cases where replication fails to start on a replica node due to an incorrect password for the replication user.

  • When MaxScale tries to load a TLS certificate for a listener and the certificate's chain of trust is unknown to OpenSSL, MaxScale improperly verifies the certificate while building the certificate chain. (MXS-4198)

    • In previous releases, the following notice could be written to the MaxScale log:

      notice : (LISTENER_NAME); OpenSSL reported problems in the certificate chain: error:1414C086:SSL routines:ssl_build_cert_chain:certificate verify failed. This is expected for certificates that do not contain the whole certificate chain.
    • Starting with this release, the notice is no longer written to the log.

  • If reverse name resolution takes longer than 1 second, a warning is now printed to the MaxScale log. (MXS-4148)

    • The following example shows what the message can look like:

      Reverse name resolution of address 'IP_ADDRESS' of incoming client 'USERNAME' took DURATION seconds. The resolution was performed to check against host pattern 'HOST_PATTERN', and can be prevented either by removing the user account or by enabling 'skip_name_resolve'.
    • If the warning frequently appears in the log, enabling the skip_name_resolve parameter can help improve performance.

  • When MaxScale sends an authentication switch request, it expects the response to contain an authentication token, even when the user has an empty password. (MXS-4094)


In alignment to the MariaDB Corporation Engineering Policy, MariaDB MaxScale 2.5.22 is provided for:

  • CentOS 7 (x86_64)

  • Debian 9 (x86_64, ARM64)

  • Debian 10 (x86_64, ARM64)

  • Debian 11 (x86_64, ARM64)

  • Red Hat Enterprise Linux 7 (x86_64)

  • Red Hat Enterprise Linux 8 (x86_64, ARM64)

  • Red Hat Enterprise Linux 9 (x86_64, ARM64)

  • Rocky Linux 8 (x86_64, ARM64)

  • Rocky Linux 9 (x86_64, ARM64)

  • SUSE Linux Enterprise Server 15 (x86_64, ARM64)

  • Ubuntu 18.04 (x86_64, ARM64)

  • Ubuntu 20.04 (x86_64, ARM64)