This week, Oracle released a patch for a security issue that was found by Thijs Alkemade, one of our security specialists. Thijs discovered that the MySQL Connector/J allows for an attacker to compromise the system (gain arbitrary code execution) under some conditions. We reported the issue to Oracle, and it was assigned CVE-2017-3523 and patched. The fix was released in February, with a Critical Patch Update including this fix on April 18.
More details can be found in our advisory on