[13.4.0] Stable Release

Added

• Add Test Coverage for Mixed-Type Vector Columns (FLOAT32 and FLOAT16) 2907
  What was added: Expanded the vector test suite to validate scenarios where VECTOR(FLOAT32) and VECTOR(FLOAT16) columns coexist in the same schema, including coverage for JDBC operations and bulk copy workflows.
  Who benefits: Developers building vector-based workloads that mix float32 and float16 vector columns within the same database schema.
  Impact: Ensures reliable driver behavior and compatibility for mixed vector types across CRUD operations, bulk copy, metadata, and advanced database objects such as stored procedures and TVPs.

Added

• Add VECTOR(FLOAT16) Subtype Support #2899
  What was added: Introduced support for the VECTOR(FLOAT16) subtype, including feature negotiation and IEEE-754 compliant serialization/deserialization between Java Float[] and half-precision wire format.
  Who benefits: Applications building AI, embeddings, and vector search workloads that require reduced memory footprint and network payload.
  Impact: Enables efficient float16 vector storage and transmission while preserving backward compatibility and the existing Java programming model.

• Add prepareMethod=none Execution Path#2890
  What was added: New prepareMethod=none option that forces literal parameter substitution with SQL batch execution, bypassing server-side prepared statement handles (sp_prepexec / sp_prepare).
  Who benefits: Applications preferring SQL Server–managed plan caching without driver-managed prepared handle reuse.
  Impact: Executes prepared statements as plain SQL batches, maintaining connection-level temp tables and providing a simplified alternative execution model while leaving the default behavior unchanged.

• Statement-Level Performance Logger Metrics#2885
  What was added: Extended Performance Logger to capture detailed execution metrics for Statement and PreparedStatement (REQUEST_BUILD, FIRST_SERVER_RESPONSE, PREPARE, PREPEXEC, EXECUTE).
  Who benefits: Developers and performance engineers analyzing execution timing and driver behavior.
  Impact: Provides granular observability across all statement execution paths with minimal overhead.

• StateMachineTest Framework for JUnit 5#2887
  What was added: Lightweight, seed-reproducible state-machine testing framework for randomized JDBC state exploration.
  Who benefits: Driver maintainers and CI stability efforts.
  Impact: Improves edge-case detection with reproducible failures without third-party dependencies.

• Add AI-Assisted Development Context Files#2882
  What was added: ARCHITECTURE.md, GLOSSARY.md, and PATTERNS.md to guide AI-assisted development.
  Who benefits: Contributors using AI coding assistants.
  Impact: Improves code consistency and productivity by documenting architecture and established design patterns.

• Enhance Code Coverage (CallableStatement, DatabaseMetaData, PreparedStatement)#2875
  What was added: Expanded unit and integration test coverage for key driver components including SQLServerCallableStatement, SQLServerDatabaseMetaData, and SQLServerPreparedStatement.
  Who benefits: Driver maintainers and users relying on stable metadata, statement execution, and callable behavior.
  Impact: Improves regression detection and long-term stability.

• New Bug Regression Tests in JUnit#2888
  What was added: Migrated legacy FX regression tests (37 scenarios) covering statement execution, ResultSet behavior, batching, cursors, and transaction flows into JUnit with full behavioral parity.
  Who benefits: Contributors and CI validation pipelines.
  Impact: Achieves complete FX regression coverage with reproducible execution paths and improved long-term reliability.

Changed

• Remove ADAL Dependency – Migrate Windows AAD Integrated Auth to MSQA APIs#2864
  What was changed: Replaced deprecated ADAL-based adalsql.dll flow with MSQA (mssql-auth.dll, MSAL C++).
  Who benefits: Users of Windows Active Directory Integrated Authentication.
  Impact: Fully removes legacy ADAL dependency, aligns with Microsoft deprecation guidance, and modernizes authentication architecture.

• Refactor DatabaseMetaData.getColumns() to use sp_columns_170 with fallback#2883
  What was changed: getColumns() now prefers sp_columns_170 (SQL Server 2025) for accurate metadata on newer types such as VECTOR and enhanced JSON, with automatic fallback to sp_columns_100.
  Who benefits: Applications performing schema discovery against SQL Server 2025 and Azure environments.
  Impact: Ensures correct metadata for new engine features while preserving backward compatibility with older SQL Server versions.

• Version Bumps to Address CVEs in Transitive Dependencies#2894
  What was changed: Upgraded azure-identity to 1.18.2 and msal4j to 1.23.1, which in turn update transitive dependencies including Netty (4.1.130.Final), Reactor Netty (1.2.13), and Nimbus JOSE JWT (10.0.1).
  Who benefits: Applications using Azure Active Directory authentication and Azure Identity–based connection flows.
  Impact: Resolves security vulnerabilities in transitive dependencies, including CVE-2025-67735, CVE-2025-53864, CVE-2025-58056, CVE-2025-58057, CVE-2025-55163, CVE-2025-24970, CVE-2025-22227, and CVE-2025-25193, with no breaking API changes.

Fixed

• Fix Cross-Database Stored Procedure Execution with Named Parameters#2895
  What was fixed: Ensured sp_sproc_columns is fully qualified with database.sys to avoid context errors.
  Who benefits: Applications calling procedures across databases with named parameters.
  Impact: Resolves metadata lookup failures and eliminates schema name-squatting security risks.

• Exception Chaining for Nested Stored Procedure Errors#2886
  What was fixed: Multiple nested RAISERROR calls now surface correctly via SQLException.getNextException.
  Who benefits: Applications invoking nested stored procedures.
  Impact: Aligns driver behavior with SQL Server semantics while preserving backward compatibility through lazy exception chaining.

• Remove Outdated Regex Delimiter Comment (Bulk CSV)#2880
  What was fixed: Updated comment to clarify delimiters are treated as literal text in SQLServerBulkCSVFileRecord.
  Who benefits: Users of bulk CSV ingestion.
  Impact: Aligns documentation with actual driver behavior.

Added

• Introduce prepareMethod=scopeTempTablesToConnection for PreparedStatements with temp tables #2844
  What was added: New prepareMethod option that scopes temporary tables created in prepared statements to the connection by using literal parameter substitution instead of server-side prepared handles.
  Who benefits: Developers using temporary tables (#temp) inside PreparedStatement executions.
  Impact: Ensures temporary tables remain visible across executions of different prepared statements/statements within the same connection.

• Send User Agent Information via TDS Feature Extension #2848
  What was added: User agent telemetry is sent to SQL Server using a new LOGIN7 TDS Feature Extension (USERAGENT).
  Who benefits: Platform owners and maintainers analyzing driver usage patterns and runtime environments.
  Impact: Improves telemetry accuracy and enables data-driven testing and support decisions without affecting application behavior.

• Enable Vector and JSON Tests on SQL Server 2025 #2846
  What was added: Test coverage for vector and JSON features on SQL Server 2025 with a new xSQLv17 test tag.
  Who benefits: Contributors validating driver compatibility with the latest SQL Server release.
  Impact: More testing coverage increases confidence in SQL Server 2025 vector and JSON functionality.

• Enhance Code Coverage for SQLServerResultSet #2870
  What was added: Expanded unit test coverage for SQLServerResultSet.
  Who benefits: Driver maintainers and contributors.
  Impact: Improves long-term stability and regression detection.

Changed

• Update bundle-version in Manifest to Include JRE Suffix #2876
  What changed: Bundle-Version in the manifest now includes the jre8 / jre11 suffix to match the JAR file name.
  Who benefits: Users and tooling relying on OSGi metadata consistency.
  Impact: Aligns manifest metadata with published artifacts and avoids ambiguity.

Fixed

• SQL Server Integrity Enhancement Support in supportsIntegrityEnhancementFacility #2745
  What was fixed: Corrected metadata reporting to reflect SQL Server’s support for integrity constraints.
  Who benefits: Applications relying on JDBC metadata to determine database capabilities.
  Impact: Ensures accurate reporting of primary key, foreign key, check, unique, and NOT NULL constraint support.

• Fix Geography Coordinate Parsing with Scientific Notation #2837
  What was fixed: Prevented NumberFormatException when parsing Geography coordinates expressed in scientific notation.
  Who benefits: Applications working with very small spatial coordinate values.
  Impact: Enables correct handling of negative exponents in WKT parsing.

• Bulk Copy Batch Insert: Proper Fallback for SQL Functions #2845
  What was fixed: Automatic fallback to standard batch execution when SQL functions are used in bulk copy batch inserts.
  Who benefits: Users executing PreparedStatement.executeBatch() with expressions like len(?) or encryption functions.
  Impact: Prevents bulk copy failures while preserving performance for compatible statements.

• Fix Bulk Copy Batch Insert with Persisted Computed Columns #2855
  What was fixed: Corrected destination column validation logic to ignore computed persisted columns in bulk copy batch insert.
  Who benefits: Users performing bulk inserts into tables with computed columns.
  Impact: Prevents false “invalid column mapping” errors and restores bulk copy compatibility.

• Fix DatabaseMetaData.getIndexInfo() Collation Conflict in UNION ALL #2867
  What was fixed: Resolved collation conflicts when server and database collations differ in the query executed by getIndexInfo call.
  Who benefits: Applications querying index metadata in mixed-collation environments.
  Impact: Ensures reliable metadata retrieval by applying COLLATE DATABASE_DEFAULT consistently.

• Fix getSchemas() Returning NULL TABLE_CATALOG for Built-in Schemas #2872
  What was fixed: Corrected catalog resolution logic for built-in schemas like dbo, sys etc.
  Who benefits: Applications consuming schema metadata.
  Impact: Ensures JDBC-compliant catalog reporting for all schemas.

• Fix Statement.execute() Skipping Update Count After Batch Error #2866
  What was fixed: Prevented loss of valid update counts following an error in mixed batch execution.
  Who benefits: Applications using Statement.execute() with mixed DML and query batches.
  Impact: Restores correct JDBC result traversal semantics after exceptions.

• Support IP Address Validation in Certificate SAN #2873
  What was fixed: Added RFC 5280–compliant IP address validation in SSL certificate SAN checks.
  Who benefits: Users connecting via IP address over TLS.
  Impact: Removes need for hostname workarounds while preserving strict security guarantees.

• Fix TVP Type Name Collision in CallableStatement Tests #2869
  What was fixed: Eliminated test failures caused by table-valued parameter type name collisions.
  Who benefits: Contributors and CI pipelines.
  Impact: Improves test reliability without affecting runtime behavior.

Added

• Performance logger and callback handling mechanism #2706
  What was added: Introduced performance logging framework to track critical driver operations such as connection time, prelogin, login, and token acquisition.
  Who benefits: Developers and operators monitoring JDBC driver performance.
  Impact: Enables visibility into driver-level latencies via com.microsoft.sqlserver.jdbc.PerformanceMetrics.Connection logger and extensible callback infrastructure for future metrics.

• Test enhancements #2712
  What changed: Improved unit test coverage for SQLServerConnectionTest, SQLServerDatabaseMetaData and few more classes.
  Who benefits: Contributors and maintainers.
  Impact: Improves code coverage with junit tests.

Changed

• Java 25 (LTS) support and removal of non-LTS versions 22–24 #2821
  What changed: Added official support for Java 25 (LTS) and removed non-LTS Java versions (22–24) from Maven and Gradle build configurations.
  Who benefits: Developers aligning builds with long-term supported Java versions.
  Impact: Ensures continued compatibility and stability with LTS Java releases; simplifies build maintenance.

Fixed

• Bulk insert parsing of isolated quotes in tab-delimited data #2795
  What was fixed: Resolved IndexOutOfBoundsException caused by incorrect quote state handling during tab-delimited bulk copy operations.
  Who benefits: Users performing bulk inserts from tab-delimited data containing isolated quotes.
  Impact: Ensures isolated quotes are treated as literal characters; improves parsing reliability and consistency.

• PreparedStatement INSERT update Count with triggers and multi-Value inserts #2817
  What was fixed: Corrected inaccurate update counts returned by PreparedStatement for multi-value INSERT statements with triggers.
  Who benefits: Developers relying on accurate update counts in batch or trigger-based inserts.
  Impact: Ensures consistent and accurate update count behavior across all INSERT execution scenarios.

• Fix for fatal error handling in DONE tokens #2741
  What was fixed: Corrected TDS message handling to properly detect and propagate fatal severity (25+) errors.
  Who benefits: Applications needing reliable error propagation during critical SQL Server failures.
  Impact: Prevents silent failures and ensures robust TDS stream recovery during fatal error conditions.

• Fix for getParameterMetaData() crash with table-valued parameters #2746
  What was fixed: Prevented SQLServerException when calling getParameterMetaData() on statements using Table-Valued Parameters (TVPs).
  Who benefits: Developers using structured or table-valued parameters.
  Impact: Restores correct metadata extraction for TVP parameters, ensuring full JDBC metadata compatibility.

• supportsIntegrityEnhancementFacility() returns accurate value #2828
  What was fixed: Corrected DatabaseMetaData.supportsIntegrityEnhancementFacility() to return true for SQL Server.
  Who benefits: Applications querying database metadata for integrity constraint support.
  Impact: Accurately reports SQL Server’s full support for primary, foreign key, and check constraints.

• Fix bulk copy for batch insert to support InputStream data #2826
  What was fixed: Enabled setBinaryStream() to work correctly with Bulk Copy for Batch Insert into VARBINARY(MAX) columns.
  Who benefits: Developers inserting large binary data via streams.
  Impact: Prevents “invalid hex format” errors; ensures InputStream-based binary inserts work seamlessly.

• Addressed failure on Azure Synapse serverless SQL pool caused by the unsupported sp_statistics procedure #2839
  What changed: Added a try–catch fallback in getIndexInfoAzureDW() to query sys.indexes, sys.index_columns, sys.columns, and sys.tables when sp_statistics is unavailable.
  Who benefits: Applications retrieving index metadata from Azure Synapse serverless SQL pool or other environments lacking sp_statistics.
  Impact: Ensures reliable metadata retrieval through a sys.indexes fallback, consistent NON_UNIQUE mapping, and aligned behavior with Azure SQL Database.

• Test cleanup #2734
  What changed: Updated tests to clean up temporary objects post-execution.
  Who benefits: Contributors and maintainers.
  Impact: Reduces test flakiness and improves maintainability of the test suite.

Added

• Enable Vector data type tests on Azure SQL Database #2762
  What was added: Vector data type tests are now enabled to run against Azure SQL Database.
  Who benefits: Developers testing VECTOR functionality in Azure SQL DB environments.
  Impact: Ensures VECTOR data type support test coverage.

• Enable JSON data type tests on Azure SQL Database #2756
  What was added: JSON data type tests are now enabled to run against Azure SQL Database.
  Who benefits: Developers testing JSON functionality in Azure SQL DB environments.
  Impact: Ensures JSON data type support test coverage.

Changed

• Revert function/procedure filtering via sys.all_objects #2751
  What changed: Reverted #2705 change that used sys.all_objects for filtering. Restores previous behavior to maintain consistency across metadata APIs.
  Who benefits: Developers using getProcedures() and getFunctions() in JDBC.
  Impact: Preserves compatibility with numbered procedures and avoids discrepancies between APIs.

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2801
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.
  Impact: This fix closes a security gap, protecting applications from man-in-the-middle attacks and ensuring compliance with security best practices.

• JDK 8 compatibility for vector datatype handling #2750
  What was fixed: Ensured fallback to JVM system property javax.net.ssl.trustStoreType if connection property is unset.
  Who benefits: Users configuring SSL via system properties.
  Impact: Enables proper SSL trust store resolution, improving compatibility with system configurations.

• PreparedStatement getGeneratedKeys() failure with triggers #2742
  What was fixed: Fixed error "The statement must be executed before any results can be obtained" when using insert triggers with generated keys.
  Who benefits: Developers retrieving generated keys from inserts with triggers.
  Impact: Restores correct behavior for both update count accuracy and generated keys retrieval in trigger scenarios.

• Byte Buddy dependency scope #2755
  What was fixed: Corrected Byte Buddy (1.15.11) dependency scope to test instead of compile.
  Who benefits: Developers and users of runtime artifacts.
  Impact: Reduces runtime artifact size (~8 MB) and ensures Byte Buddy is only included for unit tests.

• DatabaseMetaData.getIndexInfo() NON_UNIQUE value inconsistency #2773
  What was fixed: Fixed incorrect NON_UNIQUE values due to mismatched handling of sp_statistics and sys.indexes.
  Who benefits: Applications depending on accurate index metadata.
  Impact: Provides consistent value of NON_UNIQUE field across SQL Server and Azure Synapse Analytics.

• DatabaseMetaData.getIndexInfo() invalid cursor position exception 2763
  What was fixed: Fixed SQLException: Invalid cursor position caused when calling ResultSet.next() after exhaustion due to CachedRowSet strict cursor validation.
  Who benefits: Developers consuming metadata via DatabaseMetaData.getIndexInfo() on SQL Server or Azure Synapse DW.
  Impact: Replaces CachedRowSet merging with a UNION ALL query, ensuring standard JDBC cursor behavior while maintaining columnstore index support.

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2803
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2804
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2805
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2806
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2798
  What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
  Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.