mysql-8.0 (8.0.22-0ubuntu0.20.04.3) focal-security; urgency=medium

  This update now binds the mysqlx port to 127.0.0.1 by default. This
  change may impact certain environments where the mysqlx port needs to be
  accessed from other hosts. A configuration change may be required.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 26 Nov 2020 07:03:42 -0500

mysql-5.7 (5.7.20-2) unstable; urgency=medium

  Further to the change described in the previous NEWS entry, we now no
  longer prompt for the root password by default; the debconf priority
  for this question has been lowered to "medium".

  Rationale: in the "localhost" case, setting a root password is no
  longer appropriate security practice. Unix socket authentication
  should be used instead, and this operates automatically and by default
  when the root password is not set.

  Users who require remote access to the MySQL server can still set a
  root password by requesting lower priority debconf prompts.

 -- Robie Basak <robie.basak@canonical.com>  Fri, 12 Jan 2018 11:45:00 +0100

mysql-5.7 (5.7.13-1~exp1) experimental; urgency=medium

  Password behaviour when the MySQL root password is empty has
  changed. Packaging now enables socket authentication when the MySQL
  root password is empty. This means that a non-root user can't log in
  as the MySQL root user with an empty password. The new logic is as
  follows:

  - The auth_socket plugin will be installed automatically only if it
    is to be activated for the root user.

  - The auth_socket plugin will be activated for the root user:

    + If you had a database before with an empty root password.

    + If you create a new database with an empty root password.

  - The auth_socket plugin will NOT be activated for the root user:

    + If you had a database before with a root password set.

    + If you create a new database with a root password set.

  - The auth_socket plugin will NOT be activated for any other user.

  - If you do not want the new behaviour, set the MySQL root password
    to be non-empty.


  The MySQL server now uses strict mode by default. See
  http://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sql-mode-strict
  for details. See
  http://dev.mysql.com/doc/refman/5.6/en/sql-mode.html#sql-mode-setting
  for details about the default settings in older versions.

 -- Robie Basak <robie.basak@canonical.com>  Fri, 15 Jul 2016 03:15:14 +0200
