.NET Driver release notes for 2025¶

Added OAuth 2.0 Authorization Code flow authentication:

• Added the oauth_authorization_code authenticator.

• Added the oauthScope, oauthClientId, oauthClientSecret, oauthAuthorizationUrl, oauthTokenRequestUrl, and oauthRedirectUri connection parameters to configure the authentication.

• Added the ability to provide oauthClientSecret by setting the SnowflakeDbConnection.OAuthClientSecret property instead of providing it in a connection string.

• Added a cache for OAuth 2.0 tokens.

Added OAuth 2.0 Client Credential flow authentication:

• Added the oauth_client_credentials authenticator.

• Added oauthScope, oauthClientId, oauthClientSecret, and oauthTokenRequestUrl connection parameters to configure the authentication.

• Added the ability to provide oauthClientSecret by setting the SnowflakeDbConnection.OAuthClientSecret property instead of providing it in a connection string.

Added Programmatic Access Token authentication:

• Added the programmatic_access_token authenticator.

• Added the ability to specify the token parameter either in a connection string or by setting the SnowflakeDbConnection.Token property.

Added validations for the scheme, port, and host connection properties.

Added the ability to provide tokens by setting the SnowflakeDbConnection.Token property instead of providing them in a connection string.

None.

None.

Fixed a Time-of-check Time-of-use (TOCTOU) race condition when checking access to Easy Logging configuration file. For more information, see CVE-2025-46326.

Fixed an issue with cancelling connecting with CancellationTokenSource.CancelAsync() that did not decrease the pool usage counter.

Added an SSO token cache for external browser authentication and the client_store_temporary_credential parameter to indicate whether to use the SSO cache.

Fixed case insensitivity for authenticators. Before the fix, the logic for username_password_mfa and oauth was not properly applied if authenticators used uppercase characters.

Fixed an issue with passing null into a query parameter.

Fixed an issue with reading tokens from the Windows Credential Manager, which was used for username_password_mfa authenticator. In some cases the value read from the credential manager could be too long.

Made some small changes to credential manager implementations, such as changing some log levels and issuing a warning for too permissive cache directory permissions on Unix instead of changing the permissions automatically.

Fixed the binding of AnsiString parameters to the TEXT type.

Fixed loading structured or semi-structured data to a DataTable.

Added support for configuring connection parameters in TOML files.

Added an MFA token cache.

Added support for GCP region-specific endpoints.

Made encryption headers for files downloaded by GET be case insensitive.

The driver was tested with .net9 framework.

Extended documentation for checking CRL endpoints for Windows users.

Improved security of intermediary files placed in OS temporary directories, which makes the files no longer world-readable. For more information, see CVE-2025-24788.

Fixed an issue with handling null data in failed responses.

Fixed an issue with logging diagnostic information.

Fixed an issue with handling of spaces in the file path for PUT command with GCS (Google Cloud Storage).

Fixed an issue with handling GCS endpoints without https:// prefix.

Fixed an issue with downloading files with a GET operation that don’t have the SFC_DIGEST property in their metadata.

Fixed the ability to use STDOUT as the log path in Easy Logging feature.