An asterisk (*) indicates support that was added in a hotfix or software patch subsequent to a release.

Refer to the following resources for additional information:

• Product Compatibility Guide: Provides the latest data source and platform support information. 
• Fixes: Describes the issues resolved since general availability.  

Version 8.0.0

Enhancements

• For Linux platforms only, the ICU library files that are installed with the product have been upgraded to version 74.1. In addition, the ICU library file names have changed for Linux platforms. For the 32-bit driver on Linux, the ICU file name has changed from libivicu28.so to libivicu.so. For the 64-bit driver on Linux, the ICU file name has changed from libddicu28.so to libddicu.so. This upgrade does not apply to UNIX platforms.
  This upgrade is available starting in build 08.02.0965 of the ICU library files.*
• The curl library files that are installed with the product have been upgraded to version 8.4.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.

  This upgrade is available starting in build 08.02.0921 of the curl library files. *

• The default version of the OpenSSL library has been upgraded to version 3.0.9, which fixes the security vulnerabilities listed on the following page: https://www.openssl.org/news/vulnerabilities-3.0.html.*

  Notes:

  • The driver supports the following OpenSSL 3.0 providers: Default and FIPS.
  • The FIPS provider is supported only on the following platforms: Windows 64-bit, Linux 64-bit, and AIX 64-bit.
  • When installing a new version of the product, the installer program will automatically replace the OpenSSL 1.1.1 library files with the OpenSSL 3.0 library files in the install directory, which will impact all the DataDirect ODBC drivers installed on a machine. Therefore:
    • If you are using multiple 8.0 drivers, upgrade all your drivers to the latest version.
    • If you are using both 8.0 and 7.1 versions of the driver, copy the xxtls27.dll/libxxtls27.so[.sl] file to a different location before installing a new version of the 8.0 driver. Copy it back to the install directory once the installation is complete.
• The default version of the OpenSSL library has been upgraded to version 1.1.1t, which fixes the following security vulnerabilities:*
  • X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
  • Use-after-free following BIO_new_NDEF (CVE-2023-0215)
  • Double free after calling PEM_read_bio_ex (CVE-2022-4450)
  • Timing Oracle in RSA Decryption (CVE-2022-4304)

  Version 1.1.1t also addresses vulnerabilities resolved by earlier versions of the library. For more information on the installed library files, refer to the readme.
  For more information on the OpenSSL vulnerabilities resolved by this upgrade, refer to the corresponding OpenSSL announcements at https://www.openssl.org/news/vulnerabilities-1.1.1.html.

• The curl library files that are installed with the product have been upgraded to version 7.88.1, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.
  This upgrade is available starting in build 08.02.0693 of the curl library files.
• The curl library files that are installed with the product have been upgraded to version 7.84.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html. This upgrade is available starting in build 08.02.0435 of the curl library files.*
• OpenSSL library 1.1.1n has been replaced with version 1.1.1t. In addition to fixing multiple new vulnerabilities, version 1.1.1t also addresses the vulnerabilities resolved by version 1.1.1n:*
  • Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
  • BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)
• The curl library files that are installed with the product have been upgraded to version 7.80.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.*
  This upgrade is available starting in build 08.02.0278 of the curl library files.
• A Password Encryption Tool, called ddencpwd, is now included with the product package. It encrypts passwords for secure handling in connection strings and odbc.ini files. At connection, the driver decrypts these passwords and passes them to the data source as required. See Password Encryption Tool (UNIX/Linux only) for details.*
• The driver has been enhanced to support Azure Active Directory (Azure AD) authentication. It allows administrators to centrally manage user permissions to Amazon Redshift. When Azure AD authentication is enabled, all communications to Amazon Redshift are encrypted. Refer to Azure Active Directory authentication for details.
• The curl library files that are installed with the product have been upgraded to version 7.75.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.
  This upgrade is available starting in build 08.02.0239 of the curl library files.
• OpenSSL library 1.1.1l has been replaced with version 1.1.1n. In addition to fixing multiple new vulnerabilities, version 1.1.1n also addresses the vulnerabilities resolved by version 1.1.1l:* 
  • SM2 Decryption Buffer Overflow (CVE-2021-3711)
  • Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
• OpenSSL library 1.1.1k has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1k:* 
  • CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
  • NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
  • Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
  • Integer overflow in CipherUpdate (CVE-2021-23840) 
• OpenSSL library 1.1.1i has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerability resolved by version 1.1.1i: Incorrect behavior of the GENERAL_NAME_cmp function (CVE-2020-1971).*
• OpenSSL library 1.1.1g has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1g:*
  • Segmentation fault in SSL_check_chain (CVE-2020-1967)
  • rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)  
• The driver has been enhanced to support the following data types: Float, Tinyint, Wchar, and Wvarchar.
• The drivers using base version B0649 and later have been enhanced to include timestamp in the internal packet logs by default. If you want to disable the timestamp logging in packet logs, set PacketLoggingOptions=1. The internal packet logging is not enabled by default. To enable it, set EnablePacketLogging=1.*
• OpenSSL library 1.0.2r has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2r.*
  Version 1.0.2u of the OpenSSL library fixes the following security vulnerabilities:
  • x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1563)
  • Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
  • Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547)
  • Installation paths in diverse Windows builds (CVE-2019-1552)

  Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2.

• The Driver Manager for UNIX/Linux has been enhanced to support setting the Unicode encoding type for applications on a per connection basis. By passing a value for the SQL_ATTR_APP_UNICODE_TYPE attribute using SQLSetConnectAttr, your application can specify the encoding at connection. This allows your application to pass both UTF-8 and UTF-16 encoded strings with a single environment handle.*
  The valid values for the SQL_ATTR_APP_UNICODE_TYPE attribute are SQL_DD_CP_UTF8 and SQL_DD_CP_UTF16. The default value is SQL_DD_CP_UTF8.
  This enhancement is available in build 08.02.0449 of the driver manager.
• The curl library files that are installed with the product have been upgraded to version 7.66.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.

  This upgrade is available starting in build 08.02.0116 of the curl library files.*

• The default OpenSSL library version has been updated to 1.1.1d.*
• The new AllowedOpenSSLVersions option determines which version of the OpenSSL library file the driver uses for data encryption when multiple versions are installed with the product. For example, when specifying a value of 1.1.1 (AllowedOpenSSLVersions=1.1.1) the driver uses the 1.1.1 version of the library that is installed with the driver.*
• The default OpenSSL library version has been updated to 1.0.2r.*    
• The default OpenSSL library version has been updated to 1.0.2n.*
• The driver is now compiled using Visual Studio 2015 for improved security.
• Support for connecting to a proxy server through an HTTP connection. HTTP proxy support is configurable with five new connection options: Proxy Host, Proxy Mode, Proxy password, Proxy Port, and Proxy User.  Refer to Connection option descriptions for details.
• The driver has been enhanced to support the TimestampTZ data type. Refer to Data types and Fetch TSWTZ as Timestamp for details.
• The new Fetch TSWTZ as Timestamp option allows you to determine whether the driver returns column values of the TimestampTZ data type as the ODBC data type SQL_TYPE_TIMESTAMP or SQL_VARCHAR. Refer to Fetch TSWTZ as Timestamp for details.
• The driver has been enhanced to support the HOUR, MINUTE, MONTH, QUARTER, SECOND, WEEK, and YEAR ODBC functions for improved support of third-party applications such as Tableau.
• The driver includes a new Tableau data source file (Windows only) that provides improved functionality when accessing your data with Tableau. Refer to Accessing data in Tableau (Windows only) for details.
• The driver and Driver Manager have been enhanced to support UTF-8 encoding in the odbc.ini and odbcinst.ini files. Refer to Character encoding in the odbc.ini and odbcinst.ini files for details.

Changed Behavior

• The product package no longer includes the ODBC Cursor library file (odbccurs.so) because it has some known security vulnerabilities that could potentially expose you to security risks.*
  Note: The installer program cannot remove the ODBC Cursor library file automatically while installing a new version of the driver. Remove it manually.
• The product no longer includes version 1.1.1 of the OpenSSL library. The library will reach the end of its product life cycle in September 2023 and will not receive any security updates after that. Note that continuing to use the library after September 2023 can potentially expose you to security vulnerabilities.*

  Note: As a result of this change, when installing a new version of the product, the installer program will automatically remove version 1.1.1 of the library from the install directory, which will impact all the DataDirect ODBC drivers installed on a machine.

• The product no longer includes version 1.0.2 of the OpenSSL library. The library has reached the end of its product life cycle and is not receiving security updates anymore. Note that continuing to use the library could potentially expose you to security vulnerabilities.*
  Note: As a result of this change, when installing a new version of the driver, the installer program will automatically remove version 1.0.2 of the library from the install directory.
• The default value for Crypto Protocol Version has been updated to

  TLSv1.2,TLSv1.1,TLSv1. This change improves the security of the driver by employing only the most secure cryptographic protocols as the default behavior. Refer to Crypto Protocol Version for details.

Version 7.1.6

Enhancements

• The driver has been updated with OpenSSL library version 1.0.2k.*
  Note: OpenSSL library 1.0.2k has been replaced with version 1.0.2n.

Version 7.1.5

Enhancements

• The driver has been enhanced to optimize the performance of batch inserts.
• The OpenSSL library was upgraded to version 1.0.0r.
  Note: OpenSSL library 1.0.0r has been replaced with version 1.0.2n.
• The new CryptoProtocolVersion connection option allows you to specify the cryptographic protocols used when SSL is enabled. This option can be used to avoid vulnerabilities associated with SSLv3 and SSLv2, including the POODLE vulnerability.

Version 7.1.4

Features

• The driver supports Amazon Web Services API.
• The driver supports all ODBC Core and Level 1 functions.
• The driver supports the core SQL 92 grammar.
• The driver supports DataDirect Connection Pooling.
• The driver supports advanced security features, including SSL data encryption.
• The driver supports configurable connection failover protection.