What’s New in MySQL 8.2.0? Features, Deprecations, and Firewall Updates

1. Audit Log

A new audit_log_filter_uninstall.sql script simplifies removal of MySQL Enterprise Audit. The mysql_native_password authentication plugin is deprecated; disabling it at server startup prevents legacy client plugins from connecting and logs an “Access denied” error.

MySQL Enterprise now supports authentication via smart cards and other security devices using the FIDO/FIDO2 standards, implemented by the server‑side authentication_webauthn and client‑side authentication_webauthn_client C APIs.

The client library adds support for named parameters in prepared statements through the new C API function mysql_stmt_bind_named_param(), which replaces the deprecated mysql_stmt_bind_param() and allows binding both unnamed and named parameters.

The mysql_ssl_set() C API function is deprecated and will be removed in future releases; the equivalent functionality is now provided via mysql_options() TLS options.

2. Deprecations and Removals

Compatibility changes: The SQL function WAIT_UNTIL_SQL_THREAD_AFTER_GTIDS() is removed; use WAIT_FOR_EXECUTED_GTID_SET() instead.

Variables and options: binlog_transaction_dependency_tracking is deprecated and will be removed. expire_logs_days is removed; replace with binlog_expire_logs_seconds.

Server startup options --abort-slave-event-count and --disconnect-slave-event-count are removed.

System variables old and new are deprecated.

The --character-set-client-handshake option is deprecated.

Wildcard‑based grant syntax using ‘%’ and ‘_’ is deprecated; ‘%’ will be treated as a synonym for ‘localhost’ and this behavior is removed. INFORMATION_SCHEMA.PROCESSLIST is deprecated; use performance_schema instead.

The SET_USER_ID privilege is deprecated and replaced by SET_ANY_DEFINER and ALLOW_NONEXISTENT_DEFINER.

Cipher suite TLS_AES_128_CCM_8_SHA256 is deprecated.

3. Firewall

MySQL Enterprise Firewall now supports periodic reload of its in‑memory cache via the new system variable mysql_firewall_reload_interval_seconds, replacing the previous behavior of reloading only at server or plugin startup.

A new system variable mysql_firewall_database allows specifying a custom database to store firewall tables, functions, and stored procedures. The uninstall_firewall.sql script simplifies firewall removal.

4. SQL Syntax

Several replication‑related statements are deprecated: RESET MASTER (use RESET BINARY LOGS AND GTIDS), SHOW MASTER STATUS (use SHOW BINARY LOG STATUS), SHOW MASTER LOGS (use SHOW BINARY LOGS), and PURGE MASTER LOGS (use BINARY LOGS). The DISABLE ON SLAVE option is deprecated for CREATE EVENT and ALTER EVENT. mysqldump adds the --output-as-version option with values SERVER, BEFORE_8_0_23, and BEFORE_8_2_0 to control terminology level.

The system variable terminology_use_previous gains a new value BEFORE_8_2_0. SLAVESIDE_DISABLED is deprecated.

The status variable Com_show_master_status is renamed to Com_show_binary_log_status.

The EXPLAIN statement now supports the FOR SCHEMA or FOR DATABASE option, assuming the statement runs in the specified database.

5. Added or Changed Features

Non‑compatible changes: The bundled libfido2 library is upgraded to v1.13.0, which requires OpenSSL 1.1.1 or newer.

Important changes: OpenSSL library used by MySQL server connections is updated to version 3.0.10, and support is added for Debian 12, Fedora 39, macOS 14, and Ubuntu 23.10.

mysqldump enhancements: New --ignore-views option skips view definitions in dumps; --init-command and --init-command-add allow executing SQL after (re)connecting.

mysql client enhancements: New --init-command-add option adds extra SQL to run after (re)connecting, similar to the existing --init option.

New --no-login-paths option disables processing of login paths for any client that supports --login-path.