Release Notes for MariaDB MaxScale 2.5.22
This page is part of MariaDB's Documentation.
The parent of this page is: Release Notes for MariaDB MaxScale 2.5
Topics on this page:
Overview
MariaDB MaxScale is an advanced database proxy, firewall, and query router.
MariaDB MaxScale 2.5.22 was released on 2022-10-11. This release is of General Availability (GA) maturity.
Issues Fixed
Can result in a hang or crash
A race condition in
KILL
command processing can cause MaxScale to crash. (MXS-4283)When the
persistpoolmax
parameter is enabled and theKILL
statement is executed, the connection that executes the statement hangs. (MXS-4209)
Can result in unexpected behavior
When using the MaxScale REST API, if an unknown parameter is given to
maxctrl alter server
a warning is reported instead of an error. This causes a generic HTTP error message to be printed: (MXS-4332)maxctrl alter server server1 ssl_ca /home/markusjm/ssl-certs/ca.pem Error: Server at 127.0.0.1:8989 responded with status code 403 to ``PATCH servers/server1``
Starting with this release, unknown parameters are logged at the error level, and will be correctly relayed to the client application.
When using the MaxScale REST API,
maxctrl alter server
fails if SSL is enabled. (MXS-4331)Starting with this release, the runtime configuration code correctly detects no-op changes to the SSL configurations and ignores them.
When MaxScale is configured to use HTTPS and MaxCtrl is executed without the
--secure
option, the error message is unclear. (MXS-4321)In previous releases, the following error message would be raised:
Error: socket hang up
Starting with this release, the following error message is raised:
If MaxScale is configured to use HTTPS, use the --secure option.
When using MaxCtrl with the MaxScale REST API, if an object name looks like a number, MaxCtrl automatically and incorrectly converts the object name to a number. (MXS-4313)
Starting with this release, object names are explicitly converted to strings.
The MaxScale REST API accepts empty values for
id
which allows users to be created with empty names. (MXS-4312)MariaDB Monitor (
mariadbmon
) spams the log with connection errors if the server is both[Maintenance]
and[Down]
. (MXS-4304)When the MaxScale REST API generates JWTs (JSON Web Tokens), the
aud
field is used to store the username instead of thesub
field. (MXS-4279)Starting with this release, to retain backwards compatibility with external applications, MaxScale still sets the
aud
field to the same value as thesub
field, but MaxScale no longer reads the username from theaud
field.
When
use_sql_variables_in=all
is configured and a write query modifies a user variable, MaxScale's query classifier can classify the query as a session command instead of as a write query, which can cause the query to be routed to replicas. (MXS-4269)Starting with this release, write queries are not classified as session commands.
When replication fails to start on a replica node due to an incorrect password for the replication user, the Connection Router (
readconnroute
) still routes connections to the replica node. (MXS-4240, MXS-4239)When replication fails to start on a replica node due to an incorrect password for the replication user, the MariaDB Monitor (
mariadbmon
) flags the node with the wrong server state. (MXS-4239)In previous releases, commands like
maxctrl list servers
would show[Slave, Running]
in cases where replication fails to start on a replica node due to an incorrect password for the replication user.
When MaxScale tries to load a TLS certificate for a listener and the certificate's chain of trust is unknown to OpenSSL, MaxScale improperly verifies the certificate while building the certificate chain. (MXS-4198)
In previous releases, the following notice could be written to the MaxScale log:
notice : (LISTENER_NAME); OpenSSL reported problems in the certificate chain: error:1414C086:SSL routines:ssl_build_cert_chain:certificate verify failed. This is expected for certificates that do not contain the whole certificate chain.
Starting with this release, the notice is no longer written to the log.
If reverse name resolution takes longer than 1 second, a warning is now printed to the MaxScale log. (MXS-4148)
The following example shows what the message can look like:
Reverse name resolution of address 'IP_ADDRESS' of incoming client 'USERNAME' took DURATION seconds. The resolution was performed to check against host pattern 'HOST_PATTERN', and can be prevented either by removing the user account or by enabling 'skip_name_resolve'.
If the warning frequently appears in the log, enabling the
skip_name_resolve
parameter can help improve performance.
When MaxScale sends an authentication switch request, it expects the response to contain an authentication token, even when the user has an empty password. (MXS-4094)
Platforms
In alignment to the MariaDB Corporation Engineering Policy, MariaDB MaxScale 2.5.22 is provided for:
CentOS 7 (x86_
64) Debian 9 (x86_
64, ARM64) Debian 10 (x86_
64, ARM64) Debian 11 (x86_
64, ARM64) Red Hat Enterprise Linux 7 (x86_
64) Red Hat Enterprise Linux 8 (x86_
64, ARM64) Red Hat Enterprise Linux 9 (x86_
64, ARM64) Rocky Linux 8 (x86_
64, ARM64) Rocky Linux 9 (x86_
64, ARM64) SUSE Linux Enterprise Server 15 (x86_
64, ARM64) Ubuntu 18.04 (x86_
64, ARM64) Ubuntu 20.04 (x86_
64, ARM64)