3.5.9 (Jun 2026)
Key Enhancements
- CONJ-1223 - cache TLS trust/key managers across connections to reduce SSL connection cost
- CONJ-1314 - add SPI for interactive dialog (PAM) authentication callback
- CONJ-1311 - add dedicated option
useIpForKillQueryfor query cancellation - CONJ-1310 - Add full native image support and CI coverage
Issues Resolved
- CONJ-1320 - PAM (dialog) authentication must require a secure connection (report by fg0x0)
- CONJ-1319 - Use constant-time comparison when validating the server certificate fingerprint (report by jmestwa-coder)
- CONJ-1318 - enforce
allowLocalInfile=falseon the server's local-infile request, so a malicious server cannot read a client file despite the option being disabled - CONJ-1322 - match local infile filename case-sensitively (thanks to jmestwa-coder)
- CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)
- CONJ-1315 - cap BigDecimal/BigInteger string parsing length to prevent CPU exhaustion if MitM (report by tonghuaroot)
- CONJ-1317 - ensure non-UTF8 charset cannot be used for protocol exchanges (report by fg0x0)
- CONJ-1304 - CallableStatement parameter metadata read from mysql.proc, with MySQL info_schema fallback
- CONJ-1299 - keep VALUES literals after the last placeholder when rewriting batches
- CONJ-1313 - race condition in HaMode#getAvailableHostInOrder can cause NPE
- CONJ-1311 - Connection.cancelCurrentQuery fails with SslMode.VERIFY_FULL when client socket IP is set
- CONJ-1264 - handle LocalDateTime as a zoneless wall-clock value
- CONJ-1316 - pin Locale.ROOT on locale-sensitive call sites and date/time/Duration text formatting (fixes
locale-dependent parsing/formatting, e.g. under tr_TR) (thanks to jmestwa-coder) - CONJ-1324 - fix SQL parser to correctly handle '--' in expressions and reset lastChar after block comments
- CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)