An asterisk (*) indicates support that was added in a hotfix or software patch subsequent to a release.

Refer to the following resources for additional information:

• Product Compatibility Guide: Provides the latest data source and platform support information. 
• Fixes: Describes the issues resolved since general availability.  

Version 7.1.6

Enhancements

• The default version of the OpenSSL library has been upgraded to version 3.0.9, which fixes the security vulnerabilities listed on the following page: https://www.openssl.org/news/vulnerabilities-3.0.html.*

  Notes:

  • The driver supports the following OpenSSL 3.0 providers: Default and FIPS.
  • The FIPS provider is supported only on the following platforms: Windows 64-bit, Linux 64-bit, and AIX 64-bit.
  • When installing a new version of the product, the installer program will automatically replace the OpenSSL 1.1.1 library files with the OpenSSL 3.0 library files in the install directory, which will impact all the DataDirect ODBC drivers installed on a machine. Therefore, if you are using multiple 7.1 drivers, upgrade all your drivers to the latest version.

  Refer to TLS/SSL Server Authentication and TLS/SSL Client Authentication for details.
  

• OpenSSL library 1.1.1l has been replaced with version 3.0.9. In addition to fixing multiple new vulnerabilities, version 3.0.9 also addresses the vulnerabilities resolved by version 1.1.1l:*
  • SM2 Decryption Buffer Overflow (CVE-2021-3711)
  • Read buffer overruns processing ASN.1 strings (CVE-2021-3712)

  Version 1.1.1l also addresses vulnerabilities resolved by earlier versions of the library. For more information on the installed library files, refer to the readme.
  For more information on the OpenSSL vulnerabilities resolved by this upgrade, refer to the corresponding OpenSSL announcements at https://www.openssl.org/news/vulnerabilities-1.1.1.html.

• OpenSSL library 1.1.1k has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1k:* 
  • CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
  • NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
  • Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
  • Integer overflow in CipherUpdate (CVE-2021-23840) 
• OpenSSL library 1.1.1i has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerability resolved by version 1.1.1i: Incorrect behavior of the GENERAL_NAME_cmp function (CVE-2020-1971).*
• OpenSSL library 1.1.1g has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1g:*
  • Segmentation fault in SSL_check_chain (CVE-2020-1967)
  • rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)  
• The drivers using base version B0649 and later have been enhanced to include timestamp in the internal packet logs by default. If you want to disable the timestamp logging in packet logs, set PacketLoggingOptions=1. The internal packet logging is not enabled by default. To enable it, set EnablePacketLogging=1.*
• OpenSSL library 1.0.2r has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2r.*
  Version 1.0.2u of the OpenSSL library fixes the following security vulnerabilities:
  • x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1563)
  • Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
  • Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547)
  • Installation paths in diverse Windows builds (CVE-2019-1552)

  Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2.

• The Driver Manager for UNIX/Linux has been enhanced to support setting the Unicode encoding type for applications on a per connection basis. By passing a value for the SQL_ATTR_APP_UNICODE_TYPE attribute using SQLSetConnectAttr, your application can specify the encoding at connection. This allows your application to pass both UTF-8 and UTF-16 encoded strings with a single environment handle.*
  The valid values for the SQL_ATTR_APP_UNICODE_TYPE attribute are SQL_DD_CP_UTF8 and SQL_DD_CP_UTF16. The default value is SQL_DD_CP_UTF8.
  This enhancement is available in build 07.16.0398 of the driver manager.
• The default OpenSSL library version has been updated to 1.1.1d.*
• The default OpenSSL library version has been updated to 1.0.2r:*
• The default OpenSSL library version has been updated to 1.0.2n.*
• The Batch Mechanism connection option has been added to the driver. When BatchMechanism is set to 2 (MultiRowInsert), the driver executes a single insert for all the rows contained in a parameter array. MultiRowInsert is the default setting and provides substantial performance gains when performing batch inserts. Refer to Batch Mechanism for details.
  
• The driver has been enhanced to support SSL encryption, which can be configured using the following new connection options: Crypto Protocol Version, CrypoLibName, Encryption Method, Host Name in Certificate, Key Password, Key Store, Key Store Password, SSLLibName, Trust Store, Trust Store Password, Validate Server Certificate. SSL support was formally certified against driver version 07.16.0317 (B0386, U0249). Refer to TLS/SSL Server Authentication and TLS/SSL Client Authentication for details.
  
• The driver has been certified with Apache Sentry for Impala 1.1 and higher. Sentry enables administrators to control access to data and metadata stored on an Hadoop cluster by defining user roles and permissions. Refer to Apache Sentry for details.
  
• The driver has been enhanced to support Kerberos Authentication. Refer to Kerberos Authentication for details.
  
• The driver has been enhanced to support the Char, Decimal, and Varchar data types when connected to Impala 2.0 and higher. Refer to Data Types for details.
  
• The Array Size connection option has been refreshed to allow specifying the number of cells retrieved instead of rows. By determining the fetch size based on the number of cells, the driver can avoid out of memory errors when
  fetching from tables containing a large number of columns. Refer to Array Size for details.
  

Changed Behavior

• The product no longer includes version 1.1.1 of the OpenSSL library. The library will reach the end of its product life cycle in September 2023 and will not receive any security updates after that. Note that continuing to use the library after September 2023 can potentially expose you to security vulnerabilities.*

  Note: As a result of this change, when installing a new version of the product, the installer program will automatically remove version 1.1.1 of the library from the install directory, which will impact all the DataDirect ODBC drivers installed on a machine.

• The product no longer includes version 1.0.2 of the OpenSSL library. The library has reached the end of its product life cycle and is not receiving security updates anymore. Note that continuing to use the library could potentially expose you to security vulnerabilities.*
  Note: As a result of this change, when installing a new version of the driver, the installer program will automatically remove version 1.0.2 of the library from the install directory.
• The Allowed OpenSSL Versions (AllowedOpenSSLVersions) connection option has been deprecated as the driver currently supports only version 3.0 of the OpenSSL library.
• The crypto protocol versions prior to TLSv1 are no longer supported.
• The AuthenticationMethod connection option has been refreshed with a new valid value for enabling Kerberos Authentication. To use Kerberos  authentication with the driver, set AuthenticationMethod=4. Refer to Authentication Method for details.
  

Version 7.1.5

No features introduced 

Version 7.1.4

Enhancements

• The new KeepAlive connection option allows you to use TCP Keep Alive to maintain idle TCP connections.

Version 7.1.3

No features introduced 

Version 7.1.2

Supported with the following Apache Hive versions:

• Cloudera Impala database server and formally certified with the following File formats and storage handlers:
  • File Formats: Parquet, Text File
  • Storage Handlers: HBase

Features

• Returns result set metadata for parameterized statements
  that have been prepared but not yet executed.
• Supports parameter arrays, processing the arrays as a series of
  executions, one execution for each row in the array.
• Provides a connection option that allows you to configure
  the driver to report that it supports transactions, although
  Hive does not support transactions. This provides a workaround
  for applications that do not operate with a driver that reports
  transactions are not supported.
• Provides a connection option that allows you to set a default limit for
  the number of rows returned when an ORDER BY clause is submitted. This
  provides a workaround for applications that are not compatible with
  Impala's requirement that ORDER BY clauses limit the number of rows returned.
•  The driver provides support for the following standard SQL
  functionality:
  • Create Index, Create Table, and Create View
  • Insert, Update, and Delete
  • Drop Index and Drop Table