Eric Covener has instructed me to spin this discussion off to another
thread, so here it is.
Way back in 2018, I submitted
https://bz.apache.org/bugzilla/show_bug.cgi?id=62342 (apr_dbd_mysql
Lacks TLS Support). Data exfiltration is a serious threat to
businesses. I found that MySQL connections using APR were exposed and
there was no way to encrypt them via the library. So, I volunteered my
time to offer the necessary patch to close this serious security risk.
New to the APR list and process, I asked for guidance as to how to
submit my work. I followed every instruction provided to me, even when
I was instructed to submit a second patch for a future APR 2.x. Now
going on 5 years later, my contribution is still missing from APR.
I can't state this enough: this is a serious security threat. MySQL
connections need TLS support from APR. This isn't a "feature"; it is a
"security" issue. We should all care very deeply about this.
I'm asking that the next release of APR be held until this important fix
is merged in.
Thank you all very much for your time,
William Kimball, Jr. MBA, MSIS