MariaDB Connector/J 2.5.0 Release Notes

The most recent Stable (GA) release of MariaDB Connector/J is:
MariaDB Connector/J 3.4.0

Download Release Notes Changelog Connector/J Overview

Release date: 3 Oct 2019

MariaDB Connector/J 2.5.0 is a Release Candidate (RC) release.

NOTE: MariaDB Connector/J 2.5.0 is fully compatible with the latest release of version 2.4. Further maintenance releases will not be provided for version 2.4.

For an overview of MariaDB Connector/J see the About MariaDB Connector/J page


Authentication service

Client authentication plugins are now defined as services. This permits to easily add new client authentication plugins. The driver has 2 new plugins `caching_sha2_password` and `sha256_password plugin` for MySQL compatibility

List of authentication plugins in java connector :

  • mysql_clear_password
  • auth_gssapi_client
  • client_ed25519
  • mysql_native_password
  • mysql_old_password
  • dialog (PAM)
  • sha256_password
  • caching_sha2_password

New authentication plugins can be created implementing interface org.mariadb.jdbc.authentication.AuthenticationPlugin, and listing new plugin in a META-INF/services/org.mariadb.jdbc.authentication.AuthenticationPlugin file.

Credential service

Credentials are usually set using user/password in the connection string or by using DriverManager.getConnection(String url, String user, String password).

Credential plugins permit to provide credential information from other means. Those plugins have to be activated setting option `credentialType` to designated plugin.

The driver has 3 default plugins :


This permits AWS database IAM authentication. The plugin generate a token using IAM credential and region. Token is valid for 15 minutes and cached for 10 minutes.

To use this credential authentication, com.amazonaws:aws-java-sdk-rds dependency must be registred in classpath. Implementation use SDK DefaultAWSCredentialsProviderChain and DefaultAwsRegionProviderChain to get IAM credential and region. see DefaultAWSCredentialsProviderChain and DefaultAwsRegionProviderChain to check how those information can be retrieved (environment variable / system properties, files, ...)

Example: jdbc:mariadb://host/db?credentialType=AWS-IAM&useSsl&serverSslCert=/somepath/rds-combined-ca-bundle.pem

with AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_REGION environment variable set.


User and Password are retrieved from environment variables. default environment variables are MARIADB_USER and MARIADB_PWD, but can be changed by setting additional option `userKey` and `pwdKey`

Example : using connection string jdbc:mariadb://host/db?credentialType=ENV user and password will be retrieved from environment variable MARIADB_USER and MARIADB_PWD.


User and Password are retrieved from java properties. default property name are mariadb.user and mariadb.pwd, but property names can be changed by setting additional option `userKey` and `pwdKey`

Example : using connection string jdbc:mariadb://host/db?credentialType=PROPERTY&userKey=mariadbUser&pwdKey=mariadbPwd user and password will be retrieved from java properties `mariadbUser` and `mariadbPwd`

SSL factory service

A connection to a server initially creates a socket. When set, SSL socket is layered over this existing socket. Implementing org.mariadb.jdbc.tls.TlsSocketPlugin permit to provide custom SSL implementation for example create a new HostnameVerifier implementation.

Custom implementation need to implement org.mariadb.jdbc.tls.TlsSocketPlugin and register service META-INF/services/org.mariadb.jdbc.tls.TlsSocketPlugin

Custom implementation are activated using option `tlsSocketType`


  • CONJ-561 : JDBC 4.3 partial implementation java.sql.Statement methods isSimpleIdentifier, enquoteIdentifier, enquoteLiteral and enquoteNCharLiteral
  • CONJ-692 : ConnectionPoolDataSource interface addition to MariaDbPoolDataSource
  • CONJ-563 : closing possible option batch thread on driver deregistration.

Bug fixes

  • CONJ-732 : Driver getPropertyInfo returns no options information when url is empty
  • CONJ-734 : DatabaseMetaData.getSchemaTerm now return "schema", not empty string

New options

credentialTypeIndicate the credential plugin type to use. Plugin must be present in classpath
tlsSocketTypeIndicate TLS socket type implementation
serverRsaPublicKeyFileIndicate path to MySQL server public RSA key file
allowPublicKeyRetrievalAuthorize client to ask MySQL server public RSA key file if not set using serverRsaPublicKeyFile
Default: false


For a complete list of changes made in MariaDB Connector/J 2.5.0, with links to detailed information on each push, see the changelog.

Be notified of new MariaDB Server releases automatically by subscribing to the MariaDB Foundation community announce 'at' announcement list (this is a low traffic, announce-only list). MariaDB plc customers will be notified for all new releases, security issues and critical bug fixes for all MariaDB plc products thanks to the Notification Services.

MariaDB may already be included in your favorite OS distribution. More information can be found on the Distributions which Include MariaDB page.


Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.