|
2 | 2 |
|
3 | 3 | ## [Unreleased] |
4 | 4 |
|
5 | | -### BREAKING CHANGES in 3.4.1 |
6 | | - |
7 | | -#### Metadata JDBC Spec Compliance |
8 | | - |
9 | | -This release unifies metadata behavior across Thrift and SQL Exec API backends |
10 | | -using SQL SHOW commands for all metadata operations on SQL warehouses. Several |
11 | | -non-spec-compliant behaviors have been corrected. Review the changes below before |
12 | | -upgrading. These changes do not affect metadata on All-Purpose Clusters. |
13 | | - |
14 | | -* **`getTables`/`getColumns`/`getSchemas`: Catalog parameter is now treated as |
15 | | - an exact-match identifier per JDBC spec.** Passing `%` or wildcard patterns as |
16 | | - catalog previously returned results across all catalogs. |
17 | | - Use `null` to search all catalogs. |
18 | | - |
19 | | -* **`getTables` with empty types array: Now returns zero rows per JDBC spec.** |
20 | | - Use `null` to return all types. |
21 | | - |
22 | | -* **`getSchemas`: Now includes `information_schema` in results.** Excludes |
23 | | - `global_temp` schema (previously returned by Thrift for all catalogs). |
24 | | - |
25 | | -* **`getPrimaryKeys`/`getImportedKeys`/`getCrossReference` with non-existent |
26 | | - catalog, schema, or table: Now returns empty `ResultSet` instead of throwing |
27 | | - `SQLException`.** |
28 | | - |
29 | | -* **`getImportedKeys` `UPDATE_RULE`/`DELETE_RULE`: Now returns `3` (`NO_ACTION`) |
30 | | - instead of `0` (`CASCADE`) for Thrift, and `3` instead of `null` for SEA.** |
31 | | - This reflects that Unity Catalog foreign keys are informational and non-enforced. |
32 | | - |
33 | | -* **`PreparedStatement.setDate()` now sends parameter type as `DATE` instead of |
34 | | - `TIMESTAMP`.** Previously, `setDate()` incorrectly serialized the parameter |
35 | | - type as TIMESTAMP due to a mapping bug. Server-side behavior is unchanged |
36 | | - (Databricks accepts both), but applications that inspect parameter types may |
37 | | - see the difference. |
38 | | - |
39 | | -#### Default Behavior Changes |
40 | | - |
41 | | -* **Native geospatial type support (`GEOMETRY` and `GEOGRAPHY`) is now enabled |
42 | | - by default.** `getObject()` now returns `IGeometry`/`IGeography` instances |
43 | | - instead of EWKT strings. Set `EnableGeoSpatialSupport=0` to restore the |
44 | | - previous behavior. |
45 | | - |
46 | | -* **`EnableArrow` connection property is deprecated and ignored.** Arrow |
47 | | - serialization is now always enabled. Setting `EnableArrow=0` previously |
48 | | - disabled Arrow and forced columnar/JSON inline results; this value is now |
49 | | - ignored and a deprecation warning is logged. For JSON inline results with |
50 | | - SEA, disable CloudFetch via `EnableQueryResultDownload=0`. Exception: on AIX |
51 | | - platforms and PowerPC architectures (`os.arch` contains `ppc`), `EnableArrow` |
52 | | - is still honoured and defaults to disabled due to known Arrow native library |
53 | | - compatibility issues. |
54 | | - |
55 | 5 | ### Added |
56 | | -- Added result set heartbeat / keep-alive to prevent server-side result expiry during slow consumption. When enabled via `EnableHeartbeat=1`, the driver periodically polls `GetStatementStatus` (SEA) or `GetOperationStatus` (Thrift) to keep the operation alive while the client reads results. Configurable interval via `HeartbeatIntervalSeconds` (default 60s). Heartbeat automatically stops when results are fully consumed, ResultSet is closed, or the server returns a terminal state. Disabled by default due to cost implications (heartbeats keep the warehouse running). |
57 | | -- Metadata operations now use SQL SHOW commands for both Thrift and SEA backends, |
58 | | - ensuring consistent behavior for SQL warehouses regardless of underlying |
59 | | - protocol. To revert to native Thrift metadata RPCs, set `UseQueryForMetadata=0`. |
60 | 6 |
|
61 | 7 | ### Updated |
62 | | -- Bump `databricks-sdk-java` from 0.69.0 to 0.106.0. The driver's own `AgentDetector` injection in `UserAgentManager.setUserAgent` is removed because SDK 0.106 now natively emits the `agent/<name>` User-Agent token via its built-in `UserAgent.agentProvider()`; keeping both layered produced a duplicate token on every SDK-routed request. The bootstrap `buildUserAgentForConnectorService` path retains its own `AgentDetector` call because it bypasses `UserAgent.asString()`. |
63 | | -- `getColumnTypeName()` for DECIMAL columns now preserves precision/scale suffix (e.g., `"DECIMAL(10,2)"`) consistently across both Thrift and SEA backends. |
64 | | -- `EnableGeoSpatialSupport` no longer requires `EnableComplexDatatypeSupport=1`. Geospatial types (GEOMETRY, GEOGRAPHY) can now be enabled independently of complex type support (ARRAY, MAP, STRUCT). |
65 | | -- Arrow schema deserialization failures (Thrift metadata path) now surface a dedicated driver error code `ARROW_SCHEMA_PARSING_ERROR` (vendor code `22000`) and a proper SQLSTATE `22000` (Data Exception) on the thrown `SQLException`, instead of the generic `RESULT_SET_ERROR` (1004) and the enum name as SQLSTATE. The exception message is unchanged. |
66 | | -- When a Statement is re-executed, the previous server-side operation is now explicitly closed before starting the new execution, preventing orphaned server-side operations when Statements are reused. |
67 | | -- Server-side operations are now closed proactively when `ResultSet.close()` is called, improving resource utilization. The client-side Statement remains open and reusable for re-execution. As a result, `getExecutionResult()` after result consumption returns the cached ResultSet instead of making a server RPC. |
68 | 8 |
|
69 | 9 | ### Fixed |
70 | | -- Bump shaded `jackson-core` from 2.18.6 to 2.18.7 to address [SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551) (DoS via oversized JSON documents bypassing size limits). Fixes #1436. |
71 | | -- Bump shaded `httpclient5`/`httpcore5`/`httpcore5-h2` from 5.3.1 to 5.5.2 to address [CVE-2025-8671](https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTSCORE5-15857052) (HTTP/2 stream-reset DoS in `httpcore5-h2`). Fixes #1436. |
72 | | -- Bump shaded `netty-buffer`/`netty-common` from 4.2.12.Final to 4.2.13.Final to clear OWASP scanner reports for the May 2026 batch of netty codec CVEs (CVE-2026-42577/42579/42580/42581/42582/42583/42584/42585/42586/42587, CVE-2026-44248, CVE-2026-41417, CVE-2026-42578). The driver does not use any netty HTTP/codec components — these vulnerabilities are not exploitable in this usage — but the bump silences the false-positive CPE matches. |
73 | | -- Bump shaded `commons-configuration2` from 2.10.1 to 2.15.0 to address [CVE-2026-45205](https://nvd.nist.gov/vuln/detail/CVE-2026-45205) (uncontrolled recursion when parsing untrusted YAML configurations). The driver does not parse untrusted YAML, so the practical risk is negligible. |
74 | | -- Bump `lz4-java` from `org.lz4:lz4-java:1.8.1` to `at.yawk.lz4:lz4-java:1.10.1` to address [CVE-2025-66566](https://nvd.nist.gov/vuln/detail/CVE-2025-66566) (information leak via uncleared output buffers in the safe/unsafe Java decompressors). `org.lz4:lz4-java:1.8.1` is a relocation-only POM that resolves to `at.yawk.lz4:lz4-java:1.8.1`, so the published `databricks-jdbc-thin` artifact previously pulled the vulnerable fork transitively. The upstream `org.lz4` GA is no longer maintained; `at.yawk.lz4` is the fork that received the fix. Fixes #1455. |
75 | | -- Fix `PreparedStatement.getMetaData()` crash (`IllegalArgumentException`) for SQL type aliases (VARCHAR, INTEGER, NUMERIC, DEC, REAL, NVARCHAR, NCHAR) returned by DESCRIBE QUERY |
76 | | -- Fixed `DatabaseMetaData.getTables()` in Thrift mode returning rows when called with an empty `types` array. Per JDBC spec, empty types means "no types selected" and now correctly returns zero rows (matching SEA mode). |
77 | | -- Fixed `?` characters inside SQL comments, string literals, and quoted identifiers being incorrectly counted as parameter placeholders when `supportManyParameters=1`. `SQLInterpolator` now uses `SqlCommentParser` to locate only real placeholders. Fixes #1331. |
78 | | -- Fixed `MetadataOperationTimeout` not being applied when metadata operations use SHOW commands. Operations like `getTables`, `getSchemas`, and `getColumns` now respect the `MetadataOperationTimeout` connection property instead of hanging indefinitely with no timeout. |
79 | | -- Reclassify transient server errors to standard SQL states (08S01, 40001) across all Thrift error sites. This ensures UC unavailability and concurrent modification errors surface consistently for better retry handling. Note: Dashboards and branching logic keyed on legacy XXUCC or 42000 must be updated. |
80 | 10 | - Fixed `setCatalog()` and `setSchema()` producing invalid SQL (e.g. `SET CATALOG ``name``) when the catalog or schema name was passed already wrapped in backticks. Backticks are now stripped before wrapping, and `getCatalog()`/`getSchema()` return the bare identifier name. |
81 | | -- Fixed telemetry HTTP client socket leak that prevented CRaC checkpoint. After `Connection.close()`, delayed telemetry flush tasks could re-create HTTP clients that were never closed, leaking TCP sockets. Fixes #1325. |
82 | | -- Fixed client-side enforcement of `maxRows` limit. When `statement.setMaxRows()` is set, `ResultSet.next()` now returns false once the row limit is reached, even if the server returns more rows. Applies to all result types (Thrift, SEA, inline, CloudFetch). |
83 | | -- Bump shaded `bouncycastle` (`bcprov-jdk18on`, `bcpkix-jdk18on`) from 1.79 to 1.84 to address [CVE-2026-5598](https://github.com/advisories/GHSA-p93r-85wp-75v3) (covert timing channel, severity 8.9) and two related MEDIUM CVEs (GHSA-wg6q-6289-32hp, GHSA-c3fc-8qff-9hwx). All three are unsurfaced by NVD-CPE scanners but visible to GHSA-backed scanners like OSV. |
84 | | -- Bump shaded `libthrift` from 0.19.0 to 0.23.0 to clear the May 2026 Apache Thrift advisory batch (GHSA-7pwc-h2j2-rjgj covering CVE-2026-41603/41604/41605/43869). The libthrift 0.21 release changed `ProcessFunction`'s generic signatures, which required regenerating the project's checked-in Thrift-generated Java sources with the matching compiler. |
85 | 11 |
|
86 | 12 | --- |
87 | 13 | *Note: When making changes, please add your change under the appropriate section |
|
0 commit comments