JDBC Driver release notes for 2025¶
This article contains the release notes for the JDBC Driver, including the following when applicable:
Behavior changes
New features
Customer-facing bug fixes
Snowflake uses semantic versioning for JDBC Driver updates.
See JDBC Driver for documentation.
Version 3.23.1 (March 13, 2025)¶
New features and updates¶
None
Bug fixes¶
Fixed a missing dependency version declaration for the nimbusds library.
Fixed an issue with creating the file used for caching on Windows environment.
Fixed an issue with logging on the debug level when the client-side encryption master key of the target stage during the execution of GET/PUT commands was logged locally. The key by itself does not grant access to any sensitive data. For more information, see CVE-2025-27496.
Fixed an issue with prioritizing GCS credentials over the Snowflake credentials during communication with storage. Changed the default value of parameter
disableGcsDefaultCredentials
totrue
.Fixed the retry mechanism used in the authentication process using OKTA.
Version 3.23.0 (February 27, 2025)¶
Private Preview (PrPr) features¶
Added support for PAT, OAuth 2.0 Authorization Code Flow, OAuth 2.0 Client Credentials Flow, and OAuth Token caching in Private Preview.
For PAT: Added the
PROGRAMMATIC_ACCESS_TOKEN
parameter for the parameter authenticator.For OAuth 2.0 Authorization Code Flow:
Added the
oauthClientId
,oauthClientSecret
,oauthAuthorizationUrl
,oauthTokenRequestUrl
, andoauthScope
parameters.Added the
OAUTH_AUTHORIZATION_CODE
parameter for the parameter authenticator.
For OAuth 2.0 Client Credentials Flow:
Added the
oauthClientId
,oauthClientSecret
,oauthTokenRequestUrl
andoauthScope
parameters.Added the
OAUTH_CLIENT_CREDENTIALS
parameter for the parameter authenticator.
For OAuth Token caching: Passing a username to driver configuration is required, and the
clientStoreTemporaryCredential
property cannot be set tofalse
.
Disclaimer:
These features can only be accessed by setting
SF_ENABLE_EXPERIMENTAL_AUTHENTICATION
environment variable totrue
.You should use these features only with non-production data.
These PrPr features are not covered by Support. However, the Product and Engineering teams are available during the PrPr phase.
Please contact your account team for participation and documentation.
New features and updates¶
Improved the exception message when getting query metadata.
Added the
ENABLE_EXACT_SCHEMA_SEARCH_ENABLED
parameter to enable exact schema searches in someDatabaseMetaData
methods.Added more explicit error messages when a username or password is missing in the DataSource.
Bumped the following dependencies:
netty to version 4.1.118.Final
json-smart to version 2.5.2
asm to version 9.7.1
Added the ability to convert the
CLIENT_REQUEST_MFA_TOKEN
flag fromstring
toboolean
.Added the ability to set the query timeout for the server side or client side, not both.
Bug fixes¶
Fixed wrong behavior of setting proxy in global request configurations.
Fixed non-empty logs when the log level is set to
OFF
.Fixed file paths allowing triple slash file prefix (
file:///
) in the PUT command.Exceptions thrown by
uploadFileCallable
are now propagated to the main thread instead of failing silently.
Version 3.22.0 (January 29, 2025)¶
New features and updates¶
Added the following connection parameters:
CLEAR_BATCH_ONLY_AFTER_SUCCESSFUL_EXECUTION
parameter to clear batches only after successful execution.disableOCSPChecks
parameter to replace the deprecatedinsecureMode
parameter.IMPLICIT_SERVER_SIDE_QUERY_TIMEOUT
parameter to set timeouts for sychronous queries on both the client and server.
Added the
SnowflakeStatement.setAsyncQueryTimeout
method to timeout asynchronous queries on the server.Added the
net.snowflake.jdbc.commons_logging_wrapper
java property to configure handling logs fromcommons-logging
.
Bug fixes¶
Fixed handling endpoints without protocol in PUT/GET operations in GCS (Google Cloud Storage).
Fixed a performance issue with too frequent calls of
toString
when fetching results containing structured types.Fixed an issue with
createArrayOf
case-insensitivity.Fixed an issue where
downloadStream
could download different files with the same prefix.Fixed the possibility of
%PATH%
privilege escalation when authentication is set asEXTERNALBROWSER
and used in a Windows environment. For more information, see CVE-2025-24789.Fixed the verification of the file permissions and owner created in Linux environments and used for caching tokens when authentication is set to
EXTERNALBROWSER
orUSERNAME_PASSWORD_MFA
. For more information, see CVE-2025-24790.