MariaDB/MySQL Plugin Needs Updating

Security issues aside, (which I’m sure given its age, there probably are some others by now), the MariaDB/MySQL server plugin is in need of an update. While I can’t speak on behalf of every potential issue, one that is causing me serious concerns right now is the fact that caching_sha2_password isn’t supported on it, (which has been out for quite some time and is now becoming the defacto encryption method in MySQL 8+, and is also now supported by MariaDB). This in itself presents a security concern on a very common, modern MySQL-based server setup because the plugin hasn’t been updated to support this and other methods. Because of this, users utilizing a MySQL 8+ server for their TeamSpeak 3(/5) server, (which again, is relatively common), forces them to use the old mysql_native_password encryption method that MySQL itself is planning to remove, and no longer defaults to for security reasons.

All this being said, is there any chance of us receiving an update to this, (and possibly the other), database plugins? I’m obviously not a TeamSpeak developer, but I’m assuming they likely have repositories for these plugins still saved, so it should just be a matter of updating their dependencies and making minor tweaks to the code to make them compatible. Doing so would be greatly appreciated, and would go a long way toward the safety and stability of TeamSpeak’s future for those that do not wish to host their server databases on the same system as the server files. It would also future-proof the plugins so that MySQL server support is not lost in the near future when the mysql_native_password encryption is completely removed.

(And before anyone says it, no, I don’t want to use Sqlite locally, nor other database server software, and I’m not willing to switch solely to MariaDB for one database configuration, nor waste resources dual-hosting for something that is technically already compatible with both MariaDB and MySQL. I also shouldn’t need to because of the lack of a simple plugin update, so I just want to ward off those arguments now.)

Edit: MySQL 9.0.1 is now out, and mysql_native_password has been officially removed as part of this, furthering the need for TeamSpeak to update the plugin for continued compatibility.

This is embarassing for the teamspeak developers. Please fix.

More software rot

After the response I saw regarding a Mac issue someone else posted, (see here: Mac OS Sonoma not able to install TS5 Software, has to be updated contact the Developer), I highly doubt at this point that they will do anything. The development team obviously does not take security of their products seriously anymore, which is extremely frustrating and upsetting, as I have been using TeamSpeak for many years, and now I have to shut down my server to protect my own community and its users from potential breaches that require such simple fixes to be made by the developers here.

I hate to bump topics, but this is a seriously concerning issue. With MySQL Server 9.x now out, it is impossible to connect to a TeamSpeak server using this version for the database, as the old, insecure encryption method is now removed. Going back to an older version of the server application and switching to an older, insecure authentication method is definitely not an acceptable workaround either for obvious security reasons. As of right now, I cannot utilize my server at all because my options are to either put user information at risk of being stolen, or do nothing and not have a server.

I would not only strongly recommend that the developers update this, but I’d also suggest that they open source the plugin too so others can assist them in developing it further. Since it is just a plugin and a plugin SDK does exist, I can’t imagine that doing such would be too difficult. With the obvious lack of developers currently present, this would definitely be beneficial to both them and the community.

Not that it’ll go anywhere at this point, but this is still a pretty big deal needing attention…