• Welcome to HiddenMerit - Clyde's Blog
  • Welcome to try the game Torn: Referral Link
  • If you are my relative, friend, or netizen, quickly press Ctrl+D to bookmark Clyde's Blog
  • This site has a like feature. If you read any article, please hit the like button so I know someone has visited
  • Email: hiddenmeritATgmail.com (replace AT with @)
> DBA > HiddenMerit Daily · Issue 7

HiddenMerit Daily · Issue 7

DBA Clyde Jin 2周前 (05-02) 66次浏览 0个评论

📊 HiddenMerit Daily · Issue 7

Focus on Database Frontiers, Practical Insights for DBAs May 3, 2026 | 5 Selected Global Hot Topics

01|Oracle Releases April Critical Patch Update, Fixes 241 CVE Vulnerabilities

On April 21, 2026, Oracle released its second quarterly Critical Patch Update (CPU) of the year, fixing a total of 481 security patches across 28 product families, involving 241 CVE vulnerabilities. In this update, Oracle Communications products were hit hardest (139 vulnerabilities), followed by Financial Services products (75).

Key MySQL Server Vulnerabilities:

CVE ID Affected Component CVSS Score Description CVE-2026-35239 DML — DML resource release defect CVE-2026-35240 Optimizer — High-privilege attacker can cause server crash/hang CVE-2026-22004 InnoDB — Problem-level vulnerability CVE-2026-22005 Optimizer — Optimizer defect can lead to denial of service — Optimizer (another) — Low-privilege attacker can exploit multi-protocol access

Affected MySQL versions include 8.0.45 and earlier, 8.4.8 and earlier, and 9.6.0 and earlier. With MySQL 8.0 officially EOL, these security update risks deserve especially high vigilance.

DBA Perspective MySQL 8.0 officially reached EOL on April 30, but this CPU still includes many security vulnerability fixes for the 8.0 branch. Although Oracle no longer provides routine security patches for the Community Edition after EOL, paid extended support users can still receive these fixes. It is alarming that low-privilege attackers can exploit certain vulnerabilities over the network to cause denial of service — meaning the bar for exploiting high-risk vulnerabilities is lowering.

Three Action Recommendations:

  1. Upgrade as soon as possible: Environments still running MySQL 8.0.45 and below are strongly advised to plan an upgrade to 8.4 LTS. The affected version range covers 8.0.x through 8.0.45 — not upgrading means remaining exposed to vulnerability risks
  2. Pay attention to 9.x stability: Users running the 9.x branch (9.6.0 and below) need to upgrade to 9.6.1 or higher
  3. The April CPU deserves in-depth review: This CPU involves 241 CVEs and 481 security patches. Security teams and DBAs need to review each high-risk vulnerability relevant to their environment and establish a remediation timeline

02|OceanBase Releases Digital Government AI Integrated Solution: One Database for Transactions + Analytics + Training

On April 30, at the 9th Digital China Construction Summit, OceanBase officially launched its AI Integrated Database Solution for Digital Government, centered on an AI database with integrated architecture, integrated storage, and integrated workloads.

Three Major Application Scenarios:

Scenario Capability Description Unified Urban Management Real-time perception of city operations and intelligent dispatch Unified Online Services Optimization of government service processes and intelligent guidance Unified Cross-Department Collaboration Cross-departmental business collaboration and data sharing

Core Proposition: One database simultaneously handles transaction processing, data analysis, and model training, providing a unified data and knowledge intelligence foundation for government intelligence.

Global Business Progress: Concurrently, OceanBase held the Infinity2026 conference in Kuala Lumpur, Malaysia, disclosing its global business progress for the first time — in the fintech sector, it has served over 100 enterprises worldwide, including more than 20 e-wallets and over 50 payment platforms, covering more than 1.3 billion end users cumulatively.

DBA Perspective OceanBase’s government AI solution can be seen as the “official enhanced version” of the provincial government cloud HTAP case from Issue 1:

  1. Government database selection logic is changing: In the early days, domestic replacement aimed for “usable” as the baseline. Now one database needs to handle three types of workloads: transactions, analytics, and model training. This sets higher demands on DBAs — they need to understand HTAP architecture, vector search, and model data management, not just transaction processing
  2. Global expansion after domestic validation: After large-scale validation in finance and government scenarios, OceanBase is now expanding into emerging Southeast Asian markets. For DBAs, this means domestic database skills are moving from “domestic replacement” to “international competition”
  3. Dual capability building: AIOps and vector databases: The “AI integrated storage” and “integrated workload” mentioned in OceanBase’s solution deserve DBA attention, indicating that when enterprises evaluate databases, AI integration capability has risen to the same level of importance as transaction and analytics capabilities

03|Tencent Cloud Sets May 29 Launch: Database and AI Deep Internalization Strategy Revealed

Tencent Cloud Database announced it will hold a “Database + AI” product launch on May 29, 2026, deeply explaining how to go beyond simple “database + AI” tool combinations to achieve deep internalization and native integration (AI-In-Database) of large models with the database kernel.

Core Highlights of the Launch:

· First complete presentation of Tencent Cloud’s technical achievements in AI-In-Database · Moving beyond traditional “database + AI” tool combination thinking · Achieving deep native integration of large model capabilities with the database kernel

Technical Background: Tencent Cloud has previously released TDSQL Boundless, a multi-modal fusion database designed to build a unified architecture for handling multi-modal data, with highly elastic intelligent data infrastructure. This launch will further reveal its latest progress in deep integration of databases and AI.

DBA Perspective After Oracle, IBM, Google Cloud, and other international vendors recently announced their AI database strategies, Tencent Cloud is finally presenting its answer, signaling a trend toward “convergence of AI technology approaches”:

  1. AI-In-Database becomes industry consensus: From Oracle’s vector search + Agent factory, IBM Db2’s direct SQL model invocation, to Tencent Cloud’s upcoming kernel-native integration solution — although the paths differ among mainstream vendors, they all point to “deeply embedding AI capabilities into the database kernel”
  2. DBAs need to understand the pros and cons of different AI technology paths: Oracle takes the Agent route, IBM takes the SQL function route, Tencent Cloud takes the kernel internalization route — each has trade-offs. It is recommended to learn the principles of vector search and AI model integration in advance to quickly adapt to each database’s AI system
  3. The launch preview is worth bookmarking: Pay attention to this launch on May 29, especially the specific technical implementation of “how to integrate large models with the database kernel.” This could be a key technical choice for domestic databases in the AI era and is worth referencing for your team’s technical direction

04|MariaDB Enterprise Platform 2026: Native Vector Search + RAG, Agentic AI Out of the Box

MariaDB Enterprise Platform 2026, the latest major release of the MariaDB enterprise platform, has been officially released, focusing on Agentic AI application development — providing a unified cloud database platform for next-generation intelligent applications through features such as native vector search, built-in RAG, and AI copilot.

Three Core AI Agent Support Capabilities:

· Native Vector Search: Kernel-level vector retrieval support, no external vector database needed · Built-in RAG Pipeline: Large models can directly retrieve context from MariaDB without additional embedding and vector storage · AI Copilot: Intelligent assistance for application development and data analysis

Platform Strategy: A single platform unifying transactional, analytical, and vector AI workloads, eliminating data stack fragmentation. MariaDB acquired GridGain, an in-memory real-time data platform, in March 2026, further strengthening its real-time processing capability at mission-critical scale. The goal is to build an AI-Ready operating system for the Agentic Enterprise and compete against Oracle and large cloud vendors through open ecosystem.

DBA Perspective This is the “second revolution” of traditional open-source databases:

  1. Oracle/IBM go one way, MariaDB goes another: MariaDB chooses to unify transactions, analytics, and vector retrieval at the kernel level rather than through external Agent calls. DBAs need to understand the technical trade-offs behind these two choices in order to make informed selections
  2. Open-source ecosystem’s Agentic pivot: MariaDB’s Agentic AI strategy reflects how the open-source community is responding in the AI era — “becoming an enterprise-grade data operating system” rather than just providing a database kernel
  3. Potential impact on operational models: “Built-in RAG” means AI application developers no longer need to manage additional vector databases, thus simplifying the operations stack. However, if application workload structures change, database tuning difficulty may also increase

05|Financial and Government Domestic Database Procurement Contracts Concentrated, Xinchuang Replacement Moves from “Pilot” to “Full Rollout”

Just before the May Day holiday, multiple financial and government sectors intensively announced winning bids for domestic database procurement and Xinchuang (domestic-tech) transformation projects, involving financial institutions such as Bank of Guizhou, Bank of Zhengzhou, Bank of Inner Mongolia, as well as progress on domestic replacement for multiple government platforms.

Core Procurement/Progress Projects:

Procuring Entity Project Description Amount/Status Keywords Bank of Zhengzhou Cloud commerce platform Xinchuang system transformation Bid winner announcement (May 1-3) Full-stack replacement Guizhou Rural Commercial United Bank Gauss transactional distributed database license 3.8307 million yuan (Beijing Zhongyi won) Transactional Bengang General Hospital (subsidiary of State-owned Assets Supervision Commission) Oracle maintenance service procurement Announced May 2 Xinchuang transition Bank of Inner Mongolia Database software maintenance and on-site service Announced April 30 (budget not yet determined) Financial Xinchuang

Industry insiders indicate that large-scale replacement of domestic databases has already surpassed simple “brand swapping.” User selection of domestic databases has become an active choice driven by comprehensive experience, cost, and security.

DBA Perspective The intensive procurement projects in the financial and government sectors reveal three key signals about the Xinchuang market:

  1. “De-Oracleization” is accelerating: Bengang General Hospital’s procurement of Oracle maintenance is a landmark case. The hospital’s core systems like HIS and LIS have been running Oracle for decades. Although they are still buying maintenance, the maintenance announcement itself precisely indicates that Oracle is being marginalized into a “legacy maintenance” role
  2. Financial core transaction systems begin “heart transplantation”: Guizhou Rural Credit Bank’s procurement of Gauss transactional distributed database licenses indicates that Xinchuang is moving from peripheral systems to genuine financial core
  3. DBAs must accept that “domestic replacement is your responsibility”: With finance and government being the two main forces for Xinchuang replacement, DBAs must build skills for at least one domestic distributed database. Don’t wait until the project lands to start learning

📅 This Week’s Database Events Calendar

Today is May 3, 2026, the last day of the May Day holiday, returning to work tomorrow. Review of this week’s important events:

Date Event Core Highlights April 29-30 Digital China Construction Summit (Fuzhou) Dameng/OceanBase/CETC Kingware intensively released new products and solutions April 30 OceanBase Infinity2026 (Kuala Lumpur) Global achievements: covering 1.3 billion users April 30 Alibaba Cloud RDS 8.0 EOS countdown starts About 90 days until July 31 May 1 IBM Db2 12.1.5 preview announcement AI + high availability dual drive May 1 Multiple Xinchuang procurement projects publicized Bank of Guizhou, Bank of Zhengzhou, etc. awarded May 29 Tencent Cloud “Database + AI” launch preview Worth tracking on the roadmap

Summary of This Issue

Topic Keywords DBA Action Suggestions Oracle April CPU 241 CVEs, MySQL branch affected 8.0 must upgrade, 9.x patch immediately OceanBase Government AI Solution Unified management/unified services/unified collaboration, DB+AI Learn HTAP + AI hybrid architecture Tencent Cloud DB+AI Launch (May 29) AI-In-Database kernel fusion Bookmark in advance, follow industry direction MariaDB Enterprise Platform 2026 Native vector + RAG, Agentic AI Pay attention to open-source database AI trends Financial/Government Xinchuang procurement intensifying Bank tenders, core transaction migration Build skills for at least one domestic distributed DB

📌 Editor’s Note Today is the last day of the May Day holiday. The intensive database news during the holiday reveals several industry themes:

  1. Security alert sounded: Oracle’s April CPU fixed 241 CVEs, involving multiple high-risk MySQL Server vulnerabilities. MySQL 8.0 is already EOL, meaning unupgraded users face serious risks. The first thing DBAs should do upon returning to work is check version and patch status
  2. Xinchuang replacement is moving to core systems: Bank of Guizhou’s procurement of Gauss transactional database, Bank of Zhengzhou’s full Xinchuang transformation — marking financial Xinchuang moving from past “edge pilots” to the deep waters of “core transactions”
  3. “AI-In-Database” – an irreversible trend: From Oracle to IBM to Tencent Cloud, vendors are all doing the same thing — deeply embedding AI capabilities into the database kernel. This is not “icing on the cake” but the main track for mainstream database vendors competing for future competitiveness
  4. Open-source ecosystem pivoting to Agent: MariaDB Enterprise Platform 2026’s kernel-level vector search and RAG capabilities indicate that traditional open-source databases are rewriting the rules of competition

Three Work Suggestions for Returning:

  1. Check if MySQL version is still on 8.0.x. If so, start upgrade evaluation within this week — 8.4 LTS is the migration target
  2. Review the Xinchuang adaptation status of your database projects, plan learning paths for 1-2 domestic databases in advance
  3. Mark the May 29 Tencent Cloud launch on your calendar as a reference for your team’s AI database technology direction

Welcome to leave comments: Have you started your MySQL 8.0 upgrade plan? Are you choosing self-built migration or cloud-native products? First day back to work, see you tomorrow!

绩隐金 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:HiddenMerit Daily · Issue 7
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址