DB Engineering Weekly: June 22–29, 2026
June 29, 2026 · 10:26 AM

DB Engineering Weekly: June 22–29, 2026

This issue frames the week around operational control: Oracle’s CSPU changed Percona’s MySQL release train, lifecycle deadlines are now close enough to force sequencing decisions, and benchmark numbers need workload-specific interpretation.

This week's database signal is operational control. Oracle's new out-of-schedule patch channel has already changed the MySQL release train, Percona had to skip two queued MySQL builds, Weaviate shipped a security fix across active vector lines, and MariaDB 10.6 is days from end of life. The interesting selection question is not "which engine had the longest changelog?" It is which systems let teams absorb security, lifecycle, and workload-shape changes without turning every upgrade into a production incident.
The coverage window is June 22-29, 2026.
Decision areaWhat changed this weekEngineering read
MySQL patchingPercona skipped Percona Server for MySQL 8.4.9 and 9.7.0, and will ship 8.4.10 and 9.7.1 with Oracle June CSPU fixes folded in. 1Treat 8.4.9 and 9.7.0 as non-targets. Plan the next Percona hop directly to 8.4.10 or 9.7.1.
Lifecycle pressureMariaDB 10.6 reaches EOL on July 6, 2026; AWS RDS standard support for MySQL 8.0 ends on July 31, 2026. 2 3If both branches exist in one estate, sequence MariaDB first unless MySQL exposure or compliance policy forces the reverse.
BenchmarksQuestDB showed how ClickBench rankings can change under cold-start, process-lifecycle, and data-loading assumptions; Phoronix reported a Linux Cache Aware Scheduling patch with up to 360.15% MySQL improvement at 64 threads. 4 5Ask whether the benchmark matches your process model, cache state, and scheduler topology before treating the number as portable.
Vector databasesWeaviate 1.38 GA brought HFresh, MCP Server, rebuilt async replication, Boost API preview, and Nested Object Filtering preview; Weaviate 1.38.2 then added an SSRF fix and HFresh repairs. 6 7HFresh is now an evaluation target, but production adoption should start from the patch release, not the headline GA tag.

Patch cadence became part of the product

Percona's MySQL announcement is the week's cleanest operational signal. Percona said Oracle published an out-of-schedule MySQL release with two high-severity CVE fixes, after Percona Server for MySQL 8.4.9 and 9.7.0 had already been queued for packaging. Percona pulled the fixes into the next builds, skipped 8.4.9 and 9.7.0, and said those skipped versions will not appear in package repositories. 1
Oracle's June 2026 Critical Security Patch Update contains 245 new security patches, including 8 for Oracle MySQL products. Four of the MySQL vulnerabilities are remotely exploitable without authentication. 8 The MySQL list includes CVE-2026-46850 in MySQL Shell for VS Code with CVSS 9.9, CVE-2026-46860 in MySQL Router with CVSS 9.8, and CVE-2026-46863 in MySQL Server and Cluster connection handling with CVSS 7.5. 8
The immediate action is boring and important: do not write automation, allow lists, or compliance evidence around the skipped Percona version numbers. Percona's Dennis Kittrell wrote that users should upgrade to the next Percona Server for MySQL releases as they normally would once published, and security-sensitive customers should contact Percona Support for interim options. 1
MongoDB users also have a Percona patch train to track. Percona Server for MongoDB tags appeared for psmdb-7.0.37-20 on June 23, psmdb-6.0.29-23 on June 24, and psmdb-8.0.26-11 on June 25. 9 These builds follow Percona's June 17 advisory for CVE-2026-9740 and CVE-2026-11933, so teams that standardize on Percona packages should reconcile all three supported MongoDB major lines rather than only checking upstream MongoDB release notes. 9
Lifecycle pressure is now close enough to affect sprint planning. MariaDB Enterprise Server Q2 2026 shipped 10.6.27-23, 11.4.12-9, and 11.8.8-5 on June 26; MariaDB 10.6 reaches EOL on July 6, 2026. 2 MySQL 8.0 is already past Oracle Extended Support as of April 30, 2026, and AWS RDS standard support for RDS MySQL 8.0 ends on July 31, 2026. 10 3 MongoDB 8.2 security support also ends on July 31, 2026. 11
The trade-off is sequencing, not awareness. A team with MariaDB 10.6, RDS MySQL 8.0, and MongoDB 8.2 cannot treat all three as equal "later this summer" items. MariaDB has the shortest runway, MySQL has the widest managed-service blast radius, and MongoDB has the clearest branch choice: move to a supported rapid or long-term line before the July 31 cutoff. 2 3 11

Benchmark numbers need a threat model too

QuestDB's ClickBench critique is the benchmark piece to keep. The article argues that a "fair" database benchmark depends on choices that often look like test harness plumbing: whether cloud systems can truly cold-start, whether CLI engines get restarted for every query, and whether engines read Parquet directly or load data into an internal format first. 4 QuestDB reran comparisons on an AMD Ryzen 9 7900 system with 24 threads, 64 MiB L3 cache, and 61 GiB RAM, then showed ranking changes when process lifetime and loading assumptions changed. 4
That matters because this week's most eye-catching performance number is not an engine release at all. Phoronix reported a Hygon Linux kernel patch that extends Cache Aware Scheduling beyond the last-level-cache domain into topology-aware hierarchical task aggregation. The submitted benchmark data showed MySQL improvement of 18.61% at 4 threads, 47.32% at 32 threads, 360.15% at 64 threads, and 136.05% at 128 threads. 5
The right reading is not "MySQL got 360% faster." The reported gain depends on kernel scheduling behavior, hardware topology, thread count, and the benchmark shape. For teams running high-concurrency MySQL on multi-LLC systems, the patch is a reason to watch kernel adoption and retest on staging hardware. For teams bottlenecked on locks, disk, query plans, or connection pool behavior, it is not a substitute for workload profiling. 5
The same caution applies to vector databases. Gen alpha AI's June 22 comparison argues that benchmark speed is a weak buying signal for production RAG stores, because filtering shape, hybrid search, compliance posture, tenancy, and operational skill often dominate raw nearest-neighbor speed. 12 The article's practical thresholds are useful even if teams should validate them locally: Postgres plus pgvector can be a reasonable starting point below roughly 10M-50M vectors, while dedicated vector systems become more compelling when filtered queries scan more than 30% of the corpus, hybrid search becomes central, or tenancy reaches about 10K tenants. 12

Existing databases kept absorbing adjacent work

The strongest engineering case study this week came from PostHog. Robbie Coomber wrote that he used multiple long-running Claude Code sessions in parallel to rewrite PostHog's ANTLR-based C++ SQL parser as a hand-written recursive descent parser. The result was 16K lines of parser code, 5K lines of tooling, additional tests, and an approximately 70x speedup. 13
The decision lesson is narrower than "AI can rewrite parsers." PostHog had an oracle: the old parser. Coomber used property-based testing with Hypothesis to generate SQL cases from the ANTLR grammar and compare old-parser and new-parser behavior. 13 That changes the risk profile. AI-assisted rewrites are more credible when the existing implementation can judge equivalence, the generated surface area is aggressively tested, and performance work is bounded by a measurable compatibility target.
Shopify's MySQL inventory-reservation post returned to Hacker News discussion this week, and it fits the same pattern: the "specialized system" was less important than the correctness boundary. Shopify replaced a Redis inventory-reservation design with MySQL 8 SKIP LOCKED, modeled one row per inventory unit, capped the reserve pool at 1,000 rows per product/location, and kept reservations and the inventory ledger in one ACID transaction. 14 Shopify said the system handled the 2025 Black Friday peak of $5.1M per minute, and the unexpected bottleneck was database connection usage rather than CPU or query performance. 14
The migration takeaway is not that Redis is unnecessary. It is that mutual exclusion, queueing, and reservation problems should first be mapped to the consistency boundary. If the reservation and the ledger must commit together, MySQL's row locks and transaction semantics may be simpler than a faster external coordinator plus compensation logic. If the workload needs ephemeral coordination without ledger coupling, Redis may still be the cleaner system.
MySQL also changed at the governance layer. Oracle announced a new MySQL community engagement model on June 25, with a Contributor to Committer to Project Lead to Core Project Lead ladder and a Steering Committee whose initial members include Oracle, AWS, and Google Cloud. 15 AWS said it holds a Steering Committee seat and plans to contribute engineering work in optimizer development, InnoDB, vector search, and the extension framework. 16
VillageSQL's analysis is the useful counterweight. It calls the model "two steps forward and one step backwards," arguing that Oracle still controls nominations, Core Project Lead has no external path, and the initial Steering Committee lacks independent MySQL community or OurSQL Foundation representation. 17 For users, this is not a reason to avoid MySQL. It is a reason to distinguish contribution visibility from neutral governance when assessing vendor risk.

Vector and release-train notes

Weaviate's 1.38 release finally has a GA blog. The headline features are HFresh, a disk-based vector index inspired by SPFresh; a built-in MCP Server at /v1/mcp; cluster-wide async replication rebuilt around a single scheduler; Boost API preview; and Nested Object Filtering preview. 6 The 1.38.2 patch is more important for early adopters: it raises HFresh searchProbe default to 256, fixes queue recovery and restore behavior, adds generative-deepseek, improves BM25 hot paths, and validates X-*-BaseURL headers to prevent SSRF bypass. 7 Weaviate also backported several fixes to 1.37.10. 18
Milvus v2.6.19 shipped on June 26, but its release detail page still says "coming soon..." for release notes. 19 That makes it a watch item rather than an upgrade recommendation. Teams should wait for disclosed fixes, breaking changes, and migration notes before assigning it a rollout priority.
Chroma is active in development builds but quiet in stable releases. The latest dev build in the package stream is 1.5.10.dev151 from June 28, with multi-sparse-vector-index work; Chroma's last stable release remains 1.5.9 from May 5. 20 21 LanceDB moved quickly through beta builds in the window, with Python v0.34.0-beta.1 through beta.4 and matching Node/Rust v0.31.0 beta releases; beta.2 included blob v2, FM-Index substring search, and table branch support. 22
Outside vector search, Debezium 3.6 added a Debezium Engine Quarkus Extension, Docling SMT, an Amazon SNS sink connector, and OAuth2 support for the HTTP sink. 23 QuestDB Enterprise 3.3.2 added full-table Parquet format support, native ARM64 Linux binaries, replication and backup hardening, and Parquet write-path improvements that reduce file size by about 47%. 24 pg_stat_kcache 2.3.2 added PostgreSQL 19 compatibility and fixed RHEL, Rocky, and Alma Linux install commands. 25 PlanetScale showed how to run multiple isolated applications on one PlanetScale Postgres cluster using logical databases, explicit REVOKE on default PUBLIC connection rights, role-level isolation, and Pulumi automation. 26

What to do this week

  1. Audit MySQL package targets and remove Percona 8.4.9 and 9.7.0 from any planned rollout path, because those builds will not enter package repositories. 1
  2. Rank MariaDB 10.6, RDS MySQL 8.0, and MongoDB 8.2 estates by exposure, support deadline, and downgrade difficulty; the known deadlines are July 6 for MariaDB 10.6 and July 31 for both RDS MySQL 8.0 standard support and MongoDB 8.2 security support. 2 3 11
  3. For benchmark-driven engine selection, record cache state, process lifetime, data loading path, hardware topology, and filter shape before comparing numbers across engines. QuestDB's ClickBench analysis and the Linux CAS MySQL result both show how much those assumptions move the answer. 4 5
  4. Treat Weaviate HFresh as evaluable in 1.38, but start experiments from 1.38.2 or later because that patch contains HFresh fixes and an SSRF mitigation. 6 7
Cover: AI-generated illustration.

Related content

Add more perspectives or context around this Post.

  • Sign in to comment.