Skip to content

Bump org.mariadb.jdbc:mariadb-java-client from 3.5.8 to 3.5.9#533

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/org.mariadb.jdbc-mariadb-java-client-3.5.9
Open

Bump org.mariadb.jdbc:mariadb-java-client from 3.5.8 to 3.5.9#533
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/org.mariadb.jdbc-mariadb-java-client-3.5.9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown
Contributor

Bumps org.mariadb.jdbc:mariadb-java-client from 3.5.8 to 3.5.9.

Changelog

Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.

3.5.9 (Jun 2026)

Full Changelog

Key Enhancements

  • CONJ-1223 - cache TLS trust/key managers across connections to reduce SSL connection cost
  • CONJ-1314 - add SPI for interactive dialog (PAM) authentication callback
  • CONJ-1311 - add dedicated option useIpForKillQuery for query cancellation
  • CONJ-1310 - Add full native image support and CI coverage

Issues Resolved

  • CONJ-1320 - PAM (dialog) authentication must require a secure connection (report by fg0x0)
  • CONJ-1319 - Use constant-time comparison when validating the server certificate fingerprint (report by jmestwa-coder)
  • CONJ-1318 - enforce allowLocalInfile=false on the server's local-infile request, so a malicious server cannot read a client file despite the option being disabled
  • CONJ-1322 - match local infile filename case-sensitively (thanks to jmestwa-coder)
  • CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)
  • CONJ-1315 - cap BigDecimal/BigInteger string parsing length to prevent CPU exhaustion if MitM (report by tonghuaroot)
  • CONJ-1317 - ensure non-UTF8 charset cannot be used for protocol exchanges (report by fg0x0)
  • CONJ-1304 - CallableStatement parameter metadata read from mysql.proc, with MySQL info_schema fallback
  • CONJ-1299 - keep VALUES literals after the last placeholder when rewriting batches
  • CONJ-1313 - race condition in HaMode#getAvailableHostInOrder can cause NPE
  • CONJ-1311 - Connection.cancelCurrentQuery fails with SslMode.VERIFY_FULL when client socket IP is set
  • CONJ-1264 - handle LocalDateTime as a zoneless wall-clock value
  • CONJ-1316 - pin Locale.ROOT on locale-sensitive call sites and date/time/Duration text formatting (fixes locale-dependent parsing/formatting, e.g. under tr_TR) (thanks to jmestwa-coder)
  • CONJ-1324 - fix SQL parser to correctly handle '--' in expressions and reset lastChar after block comments
  • CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)

3.4.3 (Jun 2026)

Full Changelog

Bugs Fixed
  • CONJ-1315 - cap BigDecimal/BigInteger string parsing length to prevent CPU exhaustion if Mitm (report by tonghuaroot)
  • CONJ-1316 - pin Locale.ROOT on locale-sensitive call sites and date/time/Duration text formatting (fixes locale-dependent parsing/formatting, e.g. under tr_TR) (thanks to jmestwa-coder)
  • CONJ-1259 - DatabaseMetaData read-only detection: handle MariaDB 12.0 @@read_only returning ON/OFF instead of 1/0
  • CONJ-1317 - ensure non-UTF8 charset cannot be used for protocol exchanges (report by fg0x0)
  • CONJ-1320 - PAM (dialog) authentication now requires a secure connection (TLS or unix socket), like mysql_clear_password (report by fg0x0)
  • CONJ-1319 - use constant-time comparison when validating the server certificate fingerprint (thanks to jmestwa-coder)
  • CONJ-1322 - match local infile filename case-sensitively (thanks to jmestwa-coder)
  • CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)

3.3.5 (Jun 2026)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.mariadb.jdbc:mariadb-java-client from 3.5.8 to 3.5.9
17e88e6 
Bumps [org.mariadb.jdbc:mariadb-java-client](https://github.com/mariadb-corporation/mariadb-connector-j) from 3.5.8 to 3.5.9.
- [Release notes](https://github.com/mariadb-corporation/mariadb-connector-j/releases)
- [Changelog](https://github.com/mariadb-corporation/mariadb-connector-j/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mariadb-corporation/mariadb-connector-j/commits)

---
updated-dependencies:
- dependency-name: org.mariadb.jdbc:mariadb-java-client
  dependency-version: 3.5.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants