Even updated to version 3.2.2-SNAPSHOT version, this version uses MySQL driver 8.1.0 when we have a new one available (8.2.0) https://mvnrepository.com/artifact/com.mysql/mysql-connector-j/8.2.0 .

Any chance to use 8.2.0 version on 3.2.2 Spring boot version?

Thanks in advance.

Comment From: wilkinsona

Generally speaking, we don't upgrade to a new minor version of a dependency in a maintenance version of Spring Boot. At this time, it's not clear if 8.1.0 is completely end of life so I don't think an exception to this policy is warranted at the moment. We have already upgraded to MySQL driver 8.2.0 for this month's 3.3.0-M1 release. You can use 8.2.0 with Spring Boot 3.2 by overriding the mysql.version property in your pom.xml or build.gradle file.

Comment From: bclozel

Duplicates https://github.com/spring-projects/spring-boot/issues/38423

Comment From: trcoelho

Hi @bclozel , I ask that as we have a security vulnerability in 8.1.0 version as follows:

https://security.snyk.io/vuln/SNYK-JAVA-COMMYSQL-6075938

Which is recommended upgrade to 8.2.0.

Comment From: bclozel

Reopening for team discussion. I'm wondering if we should adopt the same approach as #38901 because the official website says:

Version 8.2.0 is a new GA release version of the MySQL Connector/J. MySQL Connector/J 8.2.0 supersedes the 8.1 series and is recommended for use on production systems.

It sounds like the CVE fix will not be backported and we shouldn't expect maintenance versions in the 8.2.x line.

Comment From: lzysuqianqiu

MySQL 8.3.0 is out !

Comment From: bclozel

We can't consider this now as the release notes state:

Version 8.3.0 has no release notes, or they have not been published because the product version has not been released.

Comment From: lzysuqianqiu

https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/8.3.0/

Comment From: wilkinsona

The release appearing on Maven Central doesn't invalidate what Brian has said. We can't consider an upgrade to 8.3.0 until it has been announced, its content including any CVE fixes has been described, and information about whether or not it supersedes 8.2 has been provided.

Comment From: bclozel

The page is now updated:

Version 8.3.0 is a new GA release version of the MySQL Connector/J. MySQL Connector/J 8.3.0 supersedes 8.2 and is recommended for use on production systems. This release can be used against MySQL Server version 8.0 and beyond. It supports the Java Database Connectivity (JDBC) 4.2 API, and implements the X DevAPI.