Go Snowflake Driver release notes for 2025¶

This article contains the release notes for the Go Snowflake Driver, including the following when applicable:

Snowflake uses semantic versioning for Go Snowflake Driver updates.

See Go Snowflake Driver for documentation.

Version 1.14.1 (May 28, 2025)¶

Added support for propagating OpenTelemetry contexts to GS.
Added support for default client credentials in the OAuth authorization code flow.
Moved OCSP initialization to the first HTTPS call.

Aligned scan types and actually returned types for NUMBERs.
Fixed an issue with nil dereferencing when an internal timeout happened (for instance for cloud provider call) when the original context was still valid.
Fixed an issue with nil dereferencing during time out or canceling context race.
Fixed encryption bugs where errors were never returned.
Fixed downcast smkId to int, which caused decryption problems for very large stages.
Fixed support for virtual style domains on GCP.
Fixed the validation of the owner of the secure storage lock directory.

Implemented support for OAuth2 authorization code and client credential flows.
Added support for PAT (programmatic access token):
- Added the PROGRAMMATIC_ACCESS_TOKEN parameter for the parameter authenticator.
Added support for virtual endpoints for GCP stages.

Disclaimer:

These features can only be accessed by setting SF_ENABLE_EXPERIMENTAL_AUTHENTICATION environment variable to true.
You should use these features only with non-production data.
These PrPr features are not covered by Support. However, the Product and Engineering teams are available during the PrPr phase.
Please contact your account team for participation and documentation.

Fixed an issue with re-encrypting files for each request retry.
Fixed Time-of-check Time-of-use (TOCTOU) race condition when checking access to Easy Logging configuration file. For more information, see CVE-2025-46327.

Fixed PUT/GET handling when the query begins with a newline.
Added more logging to certificate chain verification.
Falling back to OCSP GET request only if the response for POST request was malformed.
Fixed a memory leak related to not clearing OCSP cache.

Added support for PAT (programmatic access token) in Private Preview.

Added the PROGRAMMATIC_ACCESS_TOKEN parameter for the parameter authenticator.

Disclaimer:

This feature can only be accessed by setting SF_ENABLE_EXPERIMENTAL_AUTHENTICATION environment variable to true.
You should use these features only with non-production data.
These PrPr features are not covered by Support. However, the Product and Engineering teams are available during the PrPr phase.
Please contact your account team for participation and documentation.

The driver now handles UUID as varchars.
The driver honors driver.Valuer/fmt.Stringer interfaces when binding parameters.
The driver detects when a response is JSON-based and runs a regular chunk downloader when Arrow batches mode is enabled to allow fetching response as rows.
Added a timeout configuration for cloud providers calls.
Added support for GCS region-specific endpoints.
Fixed minor documentation formatting.
Added retry when calling HEAD requests to GCP.
Bumped the x/crypto library to version v0.31.0.

Fixed a memory leak in handling Arrow responses that caused leakage of 64 bytes of memory.
Fixed an issue with ignoring the region when us-west-2 is used.
Added a check for empty private key before trying to generate JWT from it.
The driver uses the correct transport for cloud providers calls.
The driver no longer performs OCSP calls for cloud providers when OCSP is disabled.