Snowflake Connector for Python release notes for 2025¶

Bumped the pyOpenSSL dependency upper boundary from <25.0.0 to <26.0.0.

Optimized distribution package lookup to improve import speed.

Added support for iceberg tables to write_pandas.

Added support for File types.

Added a <19.0.0 pin to pyarrow as a workaround to a bug affecting Azure Batch.

Fixed a bug where the privatelink OCSP Cache url could not be determined if the privatelink account name was specified in uppercase.

Fixed base64 encoded private key tests.

Fixed a bug with file permission checks on Windows.

Added the unsafe_file_write connection parameter that restores the previous behavior of saving files downloaded with GET with 644 permissions.

The connector no longer uses scoped temporary objects.

None.

None.

Hardened the snowflake.connector.pandas_tools module against SQL injection. For more information, see CVE-2025-24793.

The local OCSP cache has been updated to use the json module instead of pickle to serialize its contents. For more information, see CVE-2025-24794.

The Linux credential cache file permissions have been updated explicitly to be only be owner readable. For more information, see CVE-2025-24795.

Updated the file permissions for files downloaded with GET to be readable only by the file owner.

Added the iobound_tpe_limit connection parameter to limit the sizes of IO-bound ThreadPoolExecutors during PUT and GET commands. By default, the size is calculated to the lesser of the number of files and the number of CPU cores.

Added the Connection.is_valid() method that verifies whether a connection is stable enough to receive queries.

Updated the log level for cursor’s chunk rowcount from INFO to DEBUG.

Added support for base64-encoded DER private key strings in the private_key authentication type.

Updated README.md to include instructions on how to verify package signatures using cosign.

None.