[13.3.0] Preview Release

Added

• Performance logger and callback handling mechanism #2706
  What was added: Introduced performance logging framework to track critical driver operations such as connection time, prelogin, login, and token acquisition.
  Who benefits: Developers and operators monitoring JDBC driver performance.
  Impact: Enables visibility into driver-level latencies via com.microsoft.sqlserver.jdbc.PerformanceMetrics.Connection logger and extensible callback infrastructure for future metrics.

• Test enhancements #2712
  What changed: Improved unit test coverage for SQLServerConnectionTest, SQLServerDatabaseMetaData and few more classes.
  Who benefits: Contributors and maintainers.
  Impact: Improves code coverage with junit tests.

Changed

• Java 25 (LTS) support and removal of non-LTS versions 22–24 #2821
  What changed: Added official support for Java 25 (LTS) and removed non-LTS Java versions (22–24) from Maven and Gradle build configurations.
  Who benefits: Developers aligning builds with long-term supported Java versions.
  Impact: Ensures continued compatibility and stability with LTS Java releases; simplifies build maintenance.

Fixed

• Bulk insert parsing of isolated quotes in tab-delimited data #2795
  What was fixed: Resolved IndexOutOfBoundsException caused by incorrect quote state handling during tab-delimited bulk copy operations.
  Who benefits: Users performing bulk inserts from tab-delimited data containing isolated quotes.
  Impact: Ensures isolated quotes are treated as literal characters; improves parsing reliability and consistency.

• PreparedStatement INSERT update Count with triggers and multi-Value inserts #2817
  What was fixed: Corrected inaccurate update counts returned by PreparedStatement for multi-value INSERT statements with triggers.
  Who benefits: Developers relying on accurate update counts in batch or trigger-based inserts.
  Impact: Ensures consistent and accurate update count behavior across all INSERT execution scenarios.

• Fix for fatal error handling in DONE tokens #2741
  What was fixed: Corrected TDS message handling to properly detect and propagate fatal severity (25+) errors.
  Who benefits: Applications needing reliable error propagation during critical SQL Server failures.
  Impact: Prevents silent failures and ensures robust TDS stream recovery during fatal error conditions.

• Fix for getParameterMetaData() crash with table-valued parameters #2746
  What was fixed: Prevented SQLServerException when calling getParameterMetaData() on statements using Table-Valued Parameters (TVPs).
  Who benefits: Developers using structured or table-valued parameters.
  Impact: Restores correct metadata extraction for TVP parameters, ensuring full JDBC metadata compatibility.

• supportsIntegrityEnhancementFacility() returns accurate value #2828
  What was fixed: Corrected DatabaseMetaData.supportsIntegrityEnhancementFacility() to return true for SQL Server.
  Who benefits: Applications querying database metadata for integrity constraint support.
  Impact: Accurately reports SQL Server’s full support for primary, foreign key, and check constraints.

• Fix bulk copy for batch insert to support InputStream data #2826
  What was fixed: Enabled setBinaryStream() to work correctly with Bulk Copy for Batch Insert into VARBINARY(MAX) columns.
  Who benefits: Developers inserting large binary data via streams.
  Impact: Prevents “invalid hex format” errors; ensures InputStream-based binary inserts work seamlessly.

• Addressed failure on Azure Synapse serverless SQL pool caused by the unsupported sp_statistics procedure #2839
  What changed: Added a try–catch fallback in getIndexInfoAzureDW() to query sys.indexes, sys.index_columns, sys.columns, and sys.tables when sp_statistics is unavailable.
  Who benefits: Applications retrieving index metadata from Azure Synapse serverless SQL pool or other environments lacking sp_statistics.
  Impact: Ensures reliable metadata retrieval through a sys.indexes fallback, consistent NON_UNIQUE mapping, and aligned behavior with Azure SQL Database.

• Test cleanup #2734
  What changed: Updated tests to clean up temporary objects post-execution.
  Who benefits: Contributors and maintainers.
  Impact: Reduces test flakiness and improves maintainability of the test suite.

[13.2.1] Hotfix & Stable Release

Added

• Enable Vector data type tests on Azure SQL Database #2762
  What was added: Vector data type tests are now enabled to run against Azure SQL Database.
  Who benefits: Developers testing VECTOR functionality in Azure SQL DB environments.
  Impact: Ensures VECTOR data type support test coverage.

• Enable JSON data type tests on Azure SQL Database #2756
  What was added: JSON data type tests are now enabled to run against Azure SQL Database.
  Who benefits: Developers testing JSON functionality in Azure SQL DB environments.
  Impact: Ensures JSON data type support test coverage.

Changed

• Revert function/procedure filtering via sys.all_objects #2751
  What changed: Reverted #2705 change that used sys.all_objects for filtering. Restores previous behavior to maintain consistency across metadata APIs.
  Who benefits: Developers using getProcedures() and getFunctions() in JDBC.
  Impact: Preserves compatibility with numbered procedures and avoids discrepancies between APIs.

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2801
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.
  Impact: This fix closes a security gap, protecting applications from man-in-the-middle attacks and ensuring compliance with security best practices.

• JDK 8 compatibility for vector datatype handling #2750
  What was fixed: Ensured fallback to JVM system property javax.net.ssl.trustStoreType if connection property is unset.
  Who benefits: Users configuring SSL via system properties.
  Impact: Enables proper SSL trust store resolution, improving compatibility with system configurations.

• PreparedStatement getGeneratedKeys() failure with triggers #2742
  What was fixed: Fixed error "The statement must be executed before any results can be obtained" when using insert triggers with generated keys.
  Who benefits: Developers retrieving generated keys from inserts with triggers.
  Impact: Restores correct behavior for both update count accuracy and generated keys retrieval in trigger scenarios.

• Byte Buddy dependency scope #2755
  What was fixed: Corrected Byte Buddy (1.15.11) dependency scope to test instead of compile.
  Who benefits: Developers and users of runtime artifacts.
  Impact: Reduces runtime artifact size (~8 MB) and ensures Byte Buddy is only included for unit tests.

• DatabaseMetaData.getIndexInfo() NON_UNIQUE value inconsistency #2773
  What was fixed: Fixed incorrect NON_UNIQUE values due to mismatched handling of sp_statistics and sys.indexes.
  Who benefits: Applications depending on accurate index metadata.
  Impact: Provides consistent value of NON_UNIQUE field across SQL Server and Azure Synapse Analytics.

• DatabaseMetaData.getIndexInfo() invalid cursor position exception 2763
  What was fixed: Fixed SQLException: Invalid cursor position caused when calling ResultSet.next() after exhaustion due to CachedRowSet strict cursor validation.
  Who benefits: Developers consuming metadata via DatabaseMetaData.getIndexInfo() on SQL Server or Azure Synapse DW.
  Impact: Replaces CachedRowSet merging with a UNION ALL query, ensuring standard JDBC cursor behavior while maintaining columnstore index support.

[12.10.2] Hotfix & Stable Release

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2803
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

[12.8.2] Hotfix & Stable Release

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2804
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

[12.6.5] Hotfix & Stable Release

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2805
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

[12.4.3] Hotfix & Stable Release

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2806
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

[12.2.1] Hotfix & Stable Release

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2798
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

[11.2.4] Hotfix & Stable Release

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2800
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

[10.2.4] Hotfix & Stable Release

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2802
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

[13.2.0] Stable Release

Breaking change

• This release introduces support for native vector types over the previous 12.x GA release. This feature is a breaking change. Previous driver versions receive vector data types from the server as JSON strings. Version 13.2 recognizes the new SQL vector type natively, exposing it to applications as a vector type, by default. To maintain the previous behavior of vector types exposed as JSON strings, set the connection option vectorTypeSupport to off.

Changed

• Use sys.all_objects for accurate function and procedure filtering #2705
  What changed: Differentiated stored procedures and functions using sys.all_objects instead of sp_stored_procedures.
  Who benefits: Developers using getProcedures() and getFunctions() in JDBC.
  Impact: Ensures correct metadata retrieval, preventing confusion from mixed results.

Fixed issues

• Fix trustStoreType JVM property consultation in SSL Connections #2724
  What was fixed: Ensured fallback to JVM system property javax.net.ssl.trustStoreType if connection property is unset.
  Who benefits: Users configuring SSL via system properties.
  Impact: Enables proper SSL trust store resolution, improving compatibility with system configurations.

• Addressed a data integrity and performance issue for bulk copy batch inserts with non-Unicode Strings #2735
  What was fixed: Resolved performance degradation and incorrect string handling in bulk copy batch inserts when useBulkCopyForBatchInsert=true and sendStringParametersAsUnicode=false.
  Who benefits: Applications using SQL Server JDBC Bulk Copy for high-volume inserts, especially with non-Unicode or accented character data.
  Impact: Restores expected string storage, improves bulk insert performance for bulk copy API.

• Handle SQL comments at start of query in getGenerateKeys() method #2731
  What was fixed: Corrected detection of INSERT statements when preceded by SQL comments.
  Who benefits: Developers using getGeneratedKeys() after commented SQL inserts.
  Impact: Fixes previously failing key retrieval when comments are present before the query.

• Fix update count handling for multi-statement queries executed via PreparedStatement execute method. #2737
  What was fixed: Corrected update count handling for multi-statement queries run using PreparedStatement execute method, ensuring accurate counts for INSERT and other DML operations.
  Who benefits: Java applications using SQL Server JDBC with multi-statement PreparedStatement executions.
  Impact: Eliminates inconsistent update counts between Statement and PreparedStatement, improving reliability of result processing logic.

• CodeQL suppression fixes #2728
  What was fixed: Suppressed CodeQL rule [SM05141] with justification for broader usage scenarios.
  Who benefits: Developers maintaining code quality tools like CodeQL.
  Impact: Prevents unnecessary alerts for valid usage in multi-environment libraries.