Releases: exasol/sqlalchemy-exasol
7.0.0
7.0.0 - 2026-04-30
Summary
This major release adds support for DLT and also improves the exceptions to be PEP-249 compliant.
Features
- #671: Added DLT support
- Adds an exception handler for PyExasol errors bubbling up and converts them to proper PEP-249 exceptions.
- Maps sqlalchemy
DATETIMEtype to ExasolTIMESTAMP. - Formats datetime so it works within DLT.
- Binary types such as
UUINT,BLOB,BINARYandVARBINARYnow throw a clear error when used.
Security Issues
This release fixes vulnerabilities by updating dependencies:
| Dependency | Vulnerability | Affected | Fixed in |
|---|---|---|---|
| black | CVE-2026-32274 | 25.12.0 | 26.3.1 |
| cryptography | CVE-2026-34073 | 46.0.5 | 46.0.6 |
| cryptography | CVE-2026-39892 | 46.0.5 | 46.0.7 |
| requests | CVE-2026-25645 | 2.32.5 | 2.33.0 |
| pygments | CVE-2026-4539 | 2.19.2 | 2.20.0 |
| python-dotenv | CVE-2026-28684 | 1.2.1 | 1.2.2 |
- #733: Fixed vulnerabilities by re-locking transitive dependencies
- #736: Fixed vulnerabilities by re-locking transitive dependencies & updated to exasol-toolbox
7.0.0
Dependency Updates
dev
- Updated dependency
exasol-toolbox:6.0.0to7.0.0 - Updated dependency
pytest-exasol-backend:1.2.4to1.4.0
6.1.1
6.1.1 - 2026-03-17
Summary
This update fixes a bug that specifically impacted ORM sessions when flushing values to pass IDs between linked SQLAlchemy tables. We discovered that the internal get_lastrowid function has been off by one since the dialect’s inception (2015) before Exasol's direct involvement, a bug that previously went unnoticed due to a gap in test coverage. If you were affected, this discrepancy caused incorrect ID referencing during data inserts, potentially breaking relational integrity in your sessions. We have now fixed the logic to ensure the returned IDs are accurate and implemented new tests that specifically validate row ID retrieval during ORM flushes.
The error would have only happened for ORM sessions like this example:
with Session(ENGINE) as session:
new_user = User(first_name="Jax", last_name="Doe")
session.add(new_user)
session.flush()
# Here, we use the ID from the post-flush SQLAlchemy object. Before this update,
# this value was off by 1 (ID - 1). Now, this has been corrected (ID).
new_email = EmailAddress(
user_id=new_user.id,
email_address="jax.doe@example.com",
)
session.add(new_email)
session.commit()While this method ensures accurate ID retrieval, it is not the most performant way to
insert data in SQLAlchemy-Exasol. For high-volume inserts, consider using more
efficient bulk processing methods.
Refactoring
- #724: Updated to
exasol-toolbox6.0.0
Bugfix
- #709: Fixed ORM session usage so that session IDs when flushed are not off by one
Dependency Updates
dev
- Updated dependency
exasol-toolbox:5.1.0to6.0.0
6.1.0
6.1.0 - 2026-02-06
Summary
In this minor release, we have greatly added on to the User Guide for SQLAlchemy-Exasol:
- For getting started, check out the remastered Getting Started page.
- Our Configuration pages have been edited to be crisper and provide more information
on forming your connection string and adhering to the best security practices. - We have added a Features page, which gives an overview of benefits of using it.
Many of these entries contain links to our new Examples section and relevant
SQLAlchemy documentation. - All of our code Examples are executed in the CI, so these should stay up-to-date
as future work on SQLAlchemy-Exasol continues.
Additionally, the py.typed file has been added, so type hints can propagate.
Feature
- #693: Added
py.typedfile so type hints can propagate and added CI setup to execute examples
Refactoring
- #681: Updated to
exasol-toolbox4.0.0 - #687: Re-locked the
poetry.lockfor vulnerabilities in the transitive dependencies: filelock, pynacl - #690: Re-locked the
poetry.lockfor vulnerabilities in the transitive dependency: urllib3 - #710: Updated to
exasol-toolbox5.0.0 - #721: Updated to
exasol-toolbox5.1.0
Documentation
- #698: Updated Configuration pages
- #703: Added ORM examples
- #706: Added more single and multiple entry ORM examples
- #712: Added to features information on: autoincremented columns, foreign keys, & automatic indexes
- #714: Added to features information on: caching + more non-ORM examples
- #716: Added to features information on: autocommit
- #718: Added to features information on: object name handling and query method chaining
Dependency Updates
main
- Updated dependency
pyexasol:1.3.0to2.0.0
dev
- Updated dependency
exasol-toolbox:3.0.0to5.1.0 - Added dependency
pydantic:2.12.5 - Added dependency
pydantic-settings:2.12.0 - Updated dependency
pytest:7.4.4to8.4.2 - Updated dependency
pytest-exasol-backend:1.2.3to1.2.4 - Removed dependency
rich:13.9.4
6.0.0
6.0.0 - 2025-12-08
In this major release, sqlachemy-exasol has been migrated to the SQLAlchemy 2.0 API
and conventions. The focus of the migration was preserving existing feature parity.
Thus, new features added in the SQLAlchemy 2.0 API may not work as expected.
If such features are important to your team or if you experience other issues, please open
an issue. Note that this migration
is a breaking change and action will need to be taken by your team to make
your code compatible with sqlalchemy-exasol==6.0.0.
The migration to SQLAlchemy 2.0 allows users to benefit from continued security support, performance
improvements, modern typing support, and additional features. For details
on what SQLAlchemy 2.0 brings and which changes are needed in your projects, please
check out the following links:
Additionally, the ODBC-based dialects pyodbc and Turbodbc, which had been marked as
deprecated, were dropped. Please switch over to using the websocket dialect.
Connection strings should be altered to start with exa+websocket://.
Refactoring
- #621: Added
future=truetocreate_engineto use the 2.0 API - #623: Started switch to
sqlalchemy2.x (CI tested with 2.0.43)- All unit,
exasol, andregressiontests are working - Several tests from
sqlalchemyare failing, have been marked as skipped, and require investigation - Reinstated the ArgSignatureTest which ensures that all visit_XYZ() in
_sql.Compilersubclasses have**kw
- All unit,
- #626: Reinstated
sqlalchemytests:TrueDivTest.test_floordiv_integerandTrueDivTest.test_floordiv_integer_boundby providing an override inEXACompiler.visit_floordiv_binaryTrueDivTest.test_truediv_numericby providingExaDecimalto theEXADialect_pyodbc.colspecslist- a few tests from
ComponentReflectionTestasdefine_reflected_tablesis overridden based on what Exasol supports
- #631: Updated
EXADialect.has_tableto search for both tables and views, fixed passing of schema=None to dialect methods, and reinstatedsqlalchemytests:ReturningGuardsTestare used to indicate that the Exasol dialect, which does not natively support the RETURNING clause, is set up per the API specificationsComponentReflectionTest.test_not_existing_tableis used to indicate that specificEXADialectmethods (i.e.get_columns) check to see if the requested table/view exists and if not, they will now toss aNoSuchTableErrorexception
- #403: Dropped support for Turbodbc
- #404: Dropped support for pyodbc
- #654: Reinstated
sqlalchemytests after minor modifications to work for Exasol:ComponentReflectionTest.test_get_multi_columnsComponentReflectionTest.test_get_multi_foreign_keysComponentReflectionTest.test_get_multi_pk_constraintComponentReflectionTest.test_get_view_definition_does_not_exist
- #652: Reinstated
sqlalchemytests after minor modifications to work for Exasol:HasTableTest.test_has_table_cacheRowCountTest.test_non_rowcount_scenarios_no_raise
- #658: Updated to
exasol-toolbox3.0.0
Documentation
- #660: Updated User Guide
- Added Getting Started, Security, & Engine Configuration pages
- Cleaned up index and README.rst
- #663: Updated developer documentation
- #653: Updated User Guide for accessing Exasol SaaS instances.
Dependency Updates
main
- Updated dependency
pyexasol:1.2.1to1.3.0 - Removed dependency
pyodbc:5.3.0 - Updated dependency
sqlalchemy:1.4.54to2.0.44 - Removed dependency
turbodbc:4.5.4
dev
- Updated dependency
exasol-integration-test-docker-environment:4.3.0to4.4.1 - Updated dependency
exasol-toolbox:1.12.0to3.0.0 - Updated dependency
nox:2025.10.16to2025.11.12 - Removed dependency
pyodbc:5.3.0
5.2.0
5.2.0 - 2025-11-04
This release drops the support for Python 3.9 as this Python version has reached its end-of-life in 2025-10. In consequence, the release also fixes security vulnerabilities by updating the dependencies.
With this release, in the Websocket-based dialect, it is possible for users to pass FINGERPRINT into
the connection URL to take advantage of an additional security feature in PyExasol version
1.x.
from sqlalchemy import create_engine
url = "exa+websocket://A_USER:A_PASSWORD@192.168.1.2..8:1234/my_schema?FINGERPRINT=C70EB4DC0F62A3BF8FD7FF22D2EB2C489834958212AC12C867459AB86BE3A028"
engine = create_engine(url)
query = "select 42 from dual"
with engine.connect() as con:
result = con.execute(sql.text(query)).fetchall()Feature
- #612: Updated CI tests to run against Exasol DB versions 7.1.30, 8.34.0, and 2025.1.0. Dropped support for Python 3.9.
- #637: Added option to
exa-websocket(Websocket-based dialect) to passFINGERPRINTin the connection URL for additional security
Refactoring
- #610: Altered string input into
Connection.execute()to be handled properly withsql.text() - #614: Altered params input into
Connection.execute()to be handled properly withdict - #616: Altered usage of MetaData which was binding to a connection to instead bind in the needed object or function
- #617: Enacted warning for the deprecation of the
autoloadparameter and requirement ofbind - #618: Switched DML & DDL executions from
engine.connect()toengine.begin()usage - #637: Updated dependency declaration to
pyexasol
Internal
- #558: Updated to poetry 2.1.2 & relocked dependencies to resolve CVE-2025-27516
- #548: Replaced pytest-exasol-itde with pytest-backend
- Relocked dependencies to resolve CVE-2025-43859
- #564: Replaced nox test:unit with that from exasol-toolbox
- Reformatted files to meet project specifications
- #588: Updated to exasol-toolbox 1.6.0 and relocked dependencies to resolve CVE-2025-50182, CVE-2025-50181, & CVE-2024-47081
- #605: Removed non-ASCII unicode from templates & relocked dependencies to resolve CVE-2025-8869 (pip -> transitive dependency)
- #640: Re-locked dependencies to resolve CVE-2025-8869 for transitive dependency pip
Dependency Updates
main
- Updated dependency
packaging:24.2to25.0 - Updated dependency
pyexasol:0.27.0to1.2.1 - Updated dependency
pyodbc:5.2.0to5.3.0
dev
- Removed dependency
black:25.1.0 - Updated dependency
exasol-integration-test-docker-environment:3.4.0to4.3.0 - Updated dependency
exasol-toolbox:0.20.0to1.12.0 - Removed dependency
furo:2024.8.6 - Removed dependency
isort:5.13.2 - Removed dependency
mypy:1.15.0 - Updated dependency
nox:2025.2.9to2025.10.16 - Removed dependency
pre-commit:4.1.0 - Removed dependency
pylint:3.3.4 - Updated dependency
pyodbc:5.2.0to5.3.0 - Removed dependency
pytest-cov:6.0.0 - Added dependency
pytest-exasol-backend:1.2.2 - Removed dependency
pytest-exasol-itde:0.2.1 - Removed dependency
pytest-history:0.3.0 - Removed dependency
pyupgrade:3.19.1 - Removed dependency
sphinx:7.4.7 - Removed dependency
sphinx-copybutton:0.5.2 - Removed dependency
urlscan:1.0.6
5.1.0
5.1.0 — 2025-02-14
🗑️ Removed
- Dropped python 3.8 support
- If you still depend on python 3.8 use the 5.x version line
🧰 Internal
- Relocked dependencies
- Removed pyexasol dbapi2 api shim
(Now it is using the dbapi2 shim provided by the pyexasol project) - Remove testing against Exasol 7.0
📚 Documentation
- Added support for multiversion documentation
