2022-04-21 Several Vulnerabilities in the MySQL Server product
On 21 April 2022, Oracle notified about several vulnerabilities in the MySQL Server product on versions 8.0.28 and prior.
- MySQL versions 8.0.28 and prior.
How To Patch it
- After some days, on 2022-04-26, a new version was released in the upstream project (8.0.29). Here you can find the release notes. The reported CVEs should be addressed in this version.
- Mattermost VM bundling the latest MySQL version was released in all the supported clouds.
- 100% of the assets depending on MySQL were released
- OroCRM bundling the latest MySQL version was released. At this moment, only the release of Mattermost with the latest MySQL is pending in some clouds. The Bitnami team continue working on it.
- MySQL is used as dependency in Akeneo (VM), OroCRM (VM), Mattermost (VM) and Argo Workflows (Helm chart). At this moment, those solutions were updated to use the latest MySQL version except OroCRM and some clouds in the case of Mattermost. We continue working on those ones.
[2022-04-28] Bitnami team is actively working on the release of this new version:
- Currently the MySQL Bitnami Application Catalog container and Helm chart, as well as the VMware Application Catalog ones are using this version.
- The VM, MultiTier solution and launchpads are also being updated. At this moment there are some platforms released with the newest version. There is still work in progress to release it on all the platforms.
Do you have more questions? You can open an issue in this github repository. Our support team will be happy to help you there.