Snowflake Connector for Python release notes for 2025¶
This article contains the release notes for the Snowflake Connector for Python, including the following when applicable:
Behavior changes
New features
Customer-facing bug fixes
Snowflake uses semantic versioning for Snowflake Connector for Python updates.
See Snowflake Connector for Python for documentation.
Version 3.15.0 (April 28, 2025)¶
Private Preview (PrPr) features¶
Added support for Workflow Identity Federation in the AWS, Azure, GCP and Kubernetes platforms.
Disclaimer:
This feature can only be accessed by setting
SF_ENABLE_EXPERIMENTAL_AUTHENTICATION
environment variable totrue
.You should use this feature only with non-production data.
This PrPr feature is not covered by Support. However, the Product and Engineering teams are available during the PrPr phase.
Please contact your account team for participation and documentation.
New features and updates¶
Added new authentication methods support for OAuth 2.0 Authorization Code Flow, OAuth 2.0 Client Credentials Flow, and OAuth Token caching.
For OAuth 2.0 Authorization Code Flow:
Added the
oauth_client_id
,oauth_client_secret
,oauth_authorization_url
,oauth_token_request_url
,oauth_redirect_uri
,oauth_scope
,oauth_disable_pkce
,oauth_enable_refresh_tokens
andoauth_enable_single_use_refresh_tokens
parameters.Added the
OAUTH_AUTHORIZATION_CODE
value for the parameter authenticator.
For OAuth 2.0 Client Credentials Flow:
Added the
oauth_client_id
,oauth_client_secret
,oauth_token_request_url
, andoauth_scope
parameters.Added the
OAUTH_CLIENT_CREDENTIALS
value for the parameter authenticator.
For OAuth Token caching: Passing a username to driver configuration is required, and the
client_store_temporary_credential property
is to be set totrue
.
Bug fixes¶
Increased the minimum required
boto
andbotocore
versions to 1.24.Fixed an issue with OSCP by terminating a certificate’s chain traversal if a trusted certificate was already reached.
Version 3.14.1 (April 21, 2025)¶
Private Preview (PrPr) features¶
Added the
client_fetch_threads
experimental parameter to better utilize threads for fetching query results.Added new experimental authentication methods:
OAuth authorization code and client credentials flows.
Workflow Identity Federation for AWS, Azure, GCP and Kubernetes platforms.
Disclaimer:
These features can only be accessed by setting
SF_ENABLE_EXPERIMENTAL_AUTHENTICATION
environment variable totrue
.You should use these features only with non-production data.
These PrPr features are not covered by Support. However, the Product and Engineering teams are available during the PrPr phase.
Please contact your account team for participation and documentation.
New features and updates¶
Added support for Python 3.13.
Note
Windows 64 support is still experimental and should not yet be used for production environments.
Dropped support for Python 3.8.
Added support for the basic decimal
floating-point
type.Added support for providing a PAT in the
password
field.Added support for GCS regional endpoints.
Added support for GCS virtual URLs. For more information, see Request endpoints.
Added support to allow the connector to inherit a UUID4 generated upstream, provided in statement parameters (field:
requestId
), rather than automatically generate a UUID4 to use for the HTTP Request ID.Improved logging in the urllib3, boto3, and botocore libraries to assure data masking even after a future migration to the external owned library.
Lowered log levels from
info
todebug
for some of the messages to make the output easier to follow.Improved security and robustness for the temporary credentials cache storage.
Deprecated the
insecure_mode
connection property and replaced it withdisable_ocsp_checks
with the same behavior as the former property.
Bug fixes¶
Improved the error message for client-side query cancellations due to timeouts.
Fixed a bug that caused the driver to fail silently on
TO_DATE
arrow to python conversion when an invalid date was followed by the correct one.Added the
check_arrow_conversion_error_on_every_column
connection property that can be set toFalse
to restore previous behavior in which driver ignores errors until they occurs in the last column. This option lest you unblock workflows that might be impacted by the bug fix and will be removed in later releases.Fixed an issue with expired S3 credentials update and increment retry when expired credentials are found.
Version 3.14.0 (March 03, 2025)¶
New features and updates¶
Bumped the pyOpenSSL dependency upper boundary from <25.0.0 to <26.0.0.
Optimized distribution package lookup to improve import speed.
Added support for iceberg tables to
write_pandas
.Added support for
File
types.
Bug fixes¶
Added a <19.0.0 pin to
pyarrow
as a workaround to a bug affecting Azure Batch.Fixed a bug where the privatelink OCSP Cache url could not be determined if the privatelink account name was specified in uppercase.
Fixed base64 encoded private key tests.
Fixed a bug with file permission checks on Windows.
Added the
unsafe_file_write
connection parameter that restores the previous behavior of saving files downloaded with GET with 644 permissions.
Version 3.13.2 (January 30, 2025)¶
New features and updates¶
The connector no longer uses scoped temporary objects.
Bug fixes¶
None.
Version 3.13.1 (January 29, 2025)¶
New features and updates¶
None.
Bug fixes¶
Hardened the
snowflake.connector.pandas_tools
module against SQL injection. For more information, see CVE-2025-24793.The local OCSP cache has been updated to use the json module instead of pickle to serialize its contents. For more information, see CVE-2025-24794.
The Linux credential cache file permissions have been updated explicitly to be only be owner readable. For more information, see CVE-2025-24795.
Updated the file permissions for files downloaded with GET to be readable only by the file owner.
Version 3.13.0 (January 23, 2025)¶
New features and updates¶
Added the
iobound_tpe_limit
connection parameter to limit the sizes of IO-boundThreadPoolExecutors
during PUT and GET commands. By default, the size is calculated to the lesser of the number of files and the number of CPU cores.Added the
Connection.is_valid()
method that verifies whether a connection is stable enough to receive queries.Updated the log level for cursor’s chunk
rowcount
from INFO to DEBUG.Added support for base64-encoded DER private key strings in the
private_key
authentication type.Updated
README.md
to include instructions on how to verify package signatures usingcosign
.
Bug fixes¶
None.