JDBC Driver release notes for 2025

This article contains the release notes for the JDBC Driver, including the following when applicable:

  • Behavior changes

  • New features

  • Customer-facing bug fixes

Snowflake uses semantic versioning for JDBC Driver updates.

See JDBC Driver for documentation.

Version 3.23.1 (March 13, 2025)

New features and updates

  • None

Bug fixes

  • Fixed a missing dependency version declaration for the nimbusds library.

  • Fixed an issue with creating the file used for caching on Windows environment.

  • Fixed an issue with logging on the debug level when the client-side encryption master key of the target stage during the execution of GET/PUT commands was logged locally. The key by itself does not grant access to any sensitive data. For more information, see CVE-2025-27496.

  • Fixed an issue with prioritizing GCS credentials over the Snowflake credentials during communication with storage. Changed the default value of parameter disableGcsDefaultCredentials to true.

  • Fixed the retry mechanism used in the authentication process using OKTA.

Version 3.23.0 (February 27, 2025)

Private Preview (PrPr) features

Added support for PAT, OAuth 2.0 Authorization Code Flow, OAuth 2.0 Client Credentials Flow, and OAuth Token caching in Private Preview.

  • For PAT: Added the PROGRAMMATIC_ACCESS_TOKEN parameter for the parameter authenticator.

  • For OAuth 2.0 Authorization Code Flow:

    • Added the oauthClientId, oauthClientSecret, oauthAuthorizationUrl, oauthTokenRequestUrl, and oauthScope parameters.

    • Added the OAUTH_AUTHORIZATION_CODE parameter for the parameter authenticator.

  • For OAuth 2.0 Client Credentials Flow:

    • Added the oauthClientId, oauthClientSecret, oauthTokenRequestUrl and oauthScope parameters.

    • Added the OAUTH_CLIENT_CREDENTIALS parameter for the parameter authenticator.

  • For OAuth Token caching: Passing a username to driver configuration is required, and the clientStoreTemporaryCredential property cannot be set to false.

Disclaimer:

  • These features can only be accessed by setting SF_ENABLE_EXPERIMENTAL_AUTHENTICATION environment variable to true.

  • You should use these features only with non-production data.

  • These PrPr features are not covered by Support. However, the Product and Engineering teams are available during the PrPr phase.

  • Please contact your account team for participation and documentation.

New features and updates

  • Improved the exception message when getting query metadata.

  • Added the ENABLE_EXACT_SCHEMA_SEARCH_ENABLED parameter to enable exact schema searches in some DatabaseMetaData methods.

  • Added more explicit error messages when a username or password is missing in the DataSource.

  • Bumped the following dependencies:

    • netty to version 4.1.118.Final

    • json-smart to version 2.5.2

    • asm to version 9.7.1

  • Added the ability to convert the CLIENT_REQUEST_MFA_TOKEN flag from string to boolean.

  • Added the ability to set the query timeout for the server side or client side, not both.

Bug fixes

  • Fixed wrong behavior of setting proxy in global request configurations.

  • Fixed non-empty logs when the log level is set to OFF.

  • Fixed file paths allowing triple slash file prefix (file:///) in the PUT command.

  • Exceptions thrown by uploadFileCallable are now propagated to the main thread instead of failing silently.

Version 3.22.0 (January 29, 2025)

New features and updates

  • Added the following connection parameters:

    • CLEAR_BATCH_ONLY_AFTER_SUCCESSFUL_EXECUTION parameter to clear batches only after successful execution.

    • disableOCSPChecks parameter to replace the deprecated insecureMode parameter.

    • IMPLICIT_SERVER_SIDE_QUERY_TIMEOUT parameter to set timeouts for sychronous queries on both the client and server.

  • Added the SnowflakeStatement.setAsyncQueryTimeout method to timeout asynchronous queries on the server.

  • Added the net.snowflake.jdbc.commons_logging_wrapper java property to configure handling logs from commons-logging.

Bug fixes

  • Fixed handling endpoints without protocol in PUT/GET operations in GCS (Google Cloud Storage).

  • Fixed a performance issue with too frequent calls of toString when fetching results containing structured types.

  • Fixed an issue with createArrayOf case-insensitivity.

  • Fixed an issue where downloadStream could download different files with the same prefix.

  • Fixed the possibility of %PATH% privilege escalation when authentication is set as EXTERNALBROWSER and used in a Windows environment. For more information, see CVE-2025-24789.

  • Fixed the verification of the file permissions and owner created in Linux environments and used for caching tokens when authentication is set to EXTERNALBROWSER or USERNAME_PASSWORD_MFA. For more information, see CVE-2025-24790.