Snowflake Connector for Python release notes for 2025

This article contains the release notes for the Snowflake Connector for Python, including the following when applicable:

  • Behavior changes

  • New features

  • Customer-facing bug fixes

Snowflake uses semantic versioning for Snowflake Connector for Python updates.

See Snowflake Connector for Python for documentation.

Version 3.15.0 (April 28, 2025)

Private Preview (PrPr) features

Added support for Workflow Identity Federation in the AWS, Azure, GCP and Kubernetes platforms.

Disclaimer:

  • This feature can only be accessed by setting SF_ENABLE_EXPERIMENTAL_AUTHENTICATION environment variable to true.

  • You should use this feature only with non-production data.

  • This PrPr feature is not covered by Support. However, the Product and Engineering teams are available during the PrPr phase.

  • Please contact your account team for participation and documentation.

New features and updates

  • Added new authentication methods support for OAuth 2.0 Authorization Code Flow, OAuth 2.0 Client Credentials Flow, and OAuth Token caching.

    • For OAuth 2.0 Authorization Code Flow:

      • Added the oauth_client_id, oauth_client_secret, oauth_authorization_url, oauth_token_request_url, oauth_redirect_uri, oauth_scope, oauth_disable_pkce, oauth_enable_refresh_tokens and oauth_enable_single_use_refresh_tokens parameters.

      • Added the OAUTH_AUTHORIZATION_CODE value for the parameter authenticator.

    • For OAuth 2.0 Client Credentials Flow:

      • Added the oauth_client_id, oauth_client_secret, oauth_token_request_url, and oauth_scope parameters.

      • Added the OAUTH_CLIENT_CREDENTIALS value for the parameter authenticator.

    • For OAuth Token caching: Passing a username to driver configuration is required, and the client_store_temporary_credential property is to be set to true.

Bug fixes

  • Increased the minimum required boto and botocore versions to 1.24.

  • Fixed an issue with OSCP by terminating a certificate’s chain traversal if a trusted certificate was already reached.

Version 3.14.1 (April 21, 2025)

Private Preview (PrPr) features

  • Added the client_fetch_threads experimental parameter to better utilize threads for fetching query results.

  • Added new experimental authentication methods:

    • OAuth authorization code and client credentials flows.

    • Workflow Identity Federation for AWS, Azure, GCP and Kubernetes platforms.

Disclaimer:

  • These features can only be accessed by setting SF_ENABLE_EXPERIMENTAL_AUTHENTICATION environment variable to true.

  • You should use these features only with non-production data.

  • These PrPr features are not covered by Support. However, the Product and Engineering teams are available during the PrPr phase.

  • Please contact your account team for participation and documentation.

New features and updates

  • Added support for Python 3.13.

    Note

    Windows 64 support is still experimental and should not yet be used for production environments.

  • Dropped support for Python 3.8.

  • Added support for the basic decimal floating-point type.

  • Added support for providing a PAT in the password field.

  • Added support for GCS regional endpoints.

  • Added support for GCS virtual URLs. For more information, see Request endpoints.

  • Added support to allow the connector to inherit a UUID4 generated upstream, provided in statement parameters (field: requestId), rather than automatically generate a UUID4 to use for the HTTP Request ID.

  • Improved logging in the urllib3, boto3, and botocore libraries to assure data masking even after a future migration to the external owned library.

  • Lowered log levels from info to debug for some of the messages to make the output easier to follow.

  • Improved security and robustness for the temporary credentials cache storage.

  • Deprecated the insecure_mode connection property and replaced it with disable_ocsp_checks with the same behavior as the former property.

Bug fixes

  • Improved the error message for client-side query cancellations due to timeouts.

  • Fixed a bug that caused the driver to fail silently on TO_DATE arrow to python conversion when an invalid date was followed by the correct one.

  • Added the check_arrow_conversion_error_on_every_column connection property that can be set to False to restore previous behavior in which driver ignores errors until they occurs in the last column. This option lest you unblock workflows that might be impacted by the bug fix and will be removed in later releases.

  • Fixed an issue with expired S3 credentials update and increment retry when expired credentials are found.

Version 3.14.0 (March 03, 2025)

New features and updates

  • Bumped the pyOpenSSL dependency upper boundary from <25.0.0 to <26.0.0.

  • Optimized distribution package lookup to improve import speed.

  • Added support for iceberg tables to write_pandas.

  • Added support for File types.

Bug fixes

  • Added a <19.0.0 pin to pyarrow as a workaround to a bug affecting Azure Batch.

  • Fixed a bug where the privatelink OCSP Cache url could not be determined if the privatelink account name was specified in uppercase.

  • Fixed base64 encoded private key tests.

  • Fixed a bug with file permission checks on Windows.

  • Added the unsafe_file_write connection parameter that restores the previous behavior of saving files downloaded with GET with 644 permissions.

Version 3.13.2 (January 30, 2025)

New features and updates

  • The connector no longer uses scoped temporary objects.

Bug fixes

  • None.

Version 3.13.1 (January 29, 2025)

New features and updates

  • None.

Bug fixes

  • Hardened the snowflake.connector.pandas_tools module against SQL injection. For more information, see CVE-2025-24793.

  • The local OCSP cache has been updated to use the json module instead of pickle to serialize its contents. For more information, see CVE-2025-24794.

  • The Linux credential cache file permissions have been updated explicitly to be only be owner readable. For more information, see CVE-2025-24795.

  • Updated the file permissions for files downloaded with GET to be readable only by the file owner.

Version 3.13.0 (January 23, 2025)

New features and updates

  • Added the iobound_tpe_limit connection parameter to limit the sizes of IO-bound ThreadPoolExecutors during PUT and GET commands. By default, the size is calculated to the lesser of the number of files and the number of CPU cores.

  • Added the Connection.is_valid() method that verifies whether a connection is stable enough to receive queries.

  • Updated the log level for cursor’s chunk rowcount from INFO to DEBUG.

  • Added support for base64-encoded DER private key strings in the private_key authentication type.

  • Updated README.md to include instructions on how to verify package signatures using cosign.

Bug fixes

  • None.