An asterisk (*) indicates support that was added in a hotfix or software patch subsequent to a release.

Refer to the following resources for additional information:

• Product Compatibility Guide: Provides the latest data source and platform support information. 
• Fixes: Describes the issues resolved since general availability.  

Version 8.0.2

Enhancements

• The default version of the OpenSSL library has been upgraded to version 3.0.9, which fixes the security vulnerabilities listed on the following page: https://www.openssl.org/news/vulnerabilities-3.0.html.*

  Notes:

  • The driver supports the following OpenSSL 3.0 providers: Default and FIPS.
  • The FIPS provider is supported only on the following platforms: Windows 64-bit, Linux 64-bit, and AIX 64-bit.
  • When installing a new version of the product, the installer program will automatically replace the OpenSSL 1.1.1 library files with the OpenSSL 3.0 library files in the install directory, which will impact all the DataDirect ODBC drivers installed on a machine. Therefore:
    • If you are using multiple 8.0 drivers, upgrade all your drivers to the latest version.
    • If you are using both 8.0 and 7.1 versions of the driver, copy the xxtls27.dll/libxxtls27.so[.sl] file to a different location before installing a new version of the 8.0 driver. Copy it back to the install directory once the installation is complete.
• The default version of the OpenSSL library has been upgraded to version 1.1.1t, which fixes the following security vulnerabilities:*
  • X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
  • Use-after-free following BIO_new_NDEF (CVE-2023-0215)
  • Double free after calling PEM_read_bio_ex (CVE-2022-4450)
  • Timing Oracle in RSA Decryption (CVE-2022-4304)

  Version 1.1.1t also addresses vulnerabilities resolved by earlier versions of the library. For more information on the installed library files, refer to the readme.
  For more information on the OpenSSL vulnerabilities resolved by this upgrade, refer to the corresponding OpenSSL announcements at https://www.openssl.org/news/vulnerabilities-1.1.1.html.

• The curl library files that are installed with the product have been upgraded to version 7.88.1, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.
  This upgrade is available starting in build 08.02.0693 of the curl library files.
• The curl library files that are installed with the product have been upgraded to version 7.84.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to:  https://curl.haxx.se/docs/vulnerabilities.html. This upgrade is available starting in build 08.02.0435 of the curl library files.*
• The driver has been enhanced to support the Windows certificate store for TLS/SSL server authentication. Refer to the user's guide for details.*
• The driver has been enhanced to support TLS/SSL server authentication for the applications deployed in a serverless environment. The driver stores the TLS/SSL certificates in memory and lets applications use TLS/SSL server authentication without storing the truststore file on the disk. To use this enhancement, specify the content of the certificate in the refreshed Trust Store (Truststore) connection option or the new SQL_COPT_INMEMORY_TRUSTSTORECERT pre-connection attribute. Refer to the user's guide for details.*
• OpenSSL library 1.1.1n has been replaced with version 1.1.1t. In addition to fixing multiple new vulnerabilities, version 1.1.1t also addresses the vulnerabilities resolved by version 1.1.1n:*
  • Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
  • BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)
• Version 7.80.0 of the curl library files have been replaced with version 7.84.0. In addition to fixing multiple new vulnerabilities, version 7.84.0 also addresses the vulnerabilities resolved by version 7.80.0.*
• OpenSSL library 1.1.1l has been replaced with version 1.1.1n. In addition to fixing multiple new vulnerabilities, version 1.1.1n also addresses the vulnerabilities resolved by version 1.1.1l:* 
  • SM2 Decryption Buffer Overflow (CVE-2021-3711)
  • Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
• On Windows, the driver has been enhanced to support connecting to servers using aliases created by the SQL Server Configuration Manager. To support this feature, the Host Name (HostName) connection option has been refreshed to accept alias names as valid values. The driver uses the server name and port number provided by the alias when establishing a connection.*
• The driver has been updated to return the server name to which you are connected for the value of SQL_SERVER_NAME when executing SQLGetInfo. In earlier versions of the driver, the value returned for SQL_SERVER_NAME would be the setting of the Host Name (HostName) connection option. The driver will now return the server name string that it receives from the server when connecting to the database as the value for SQLGetInfo(SQL_SERVER_NAME).*
• The driver has been enhanced with the new Keep Connection Active (KeepConnectionActive) and Socket Idle Time (SocketIdleTimeCheckInterval) connection options. Together, these options provide you with a method to keep active idle connections to Azure SQL Database, Azure Synapse Analytics through Azure SQL Gateway, or to databases that enforce timeouts for inactivity.*
• Version 7.75.0 of the curl library files have been replaced with version 7.84.0. In addition to fixing multiple new vulnerabilities, version 7.84.0 also addresses the vulnerabilities resolved by version 7.75.0.*
• OpenSSL library 1.1.1k has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1k:* 
  • CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
  • NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
  • Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
  • Integer overflow in CipherUpdate (CVE-2021-23840) 
• The driver has been enhanced to support inserts into SQL Server IDENTITY columns in replication scenarios. Either the Enable Replication User (EnableReplicationUser) connection option or the SQL_COPT_REPLICATION_USER connection attribute (numeric value 1080) can be used to allow inserts into IDENTITY columns. When the replication user feature is set to 1 (Enabled), explicit values can be inserted into IDENTITY columns defined as NOT FOR REPLICATION. If different values are specified for the Enable Replication User option and the SQL_COPT_REPLICATION_USER attribute, driver behavior is determined by the value of the SQL_COPT_REPLICATION_USER attribute.*
• The driver has been enhanced to support access token authentication 
  programmatically with the use of a pre-connection attribute 
  SQL_COPT_SS_ACCESS_TOKEN. Refer to the user's guide for more information.*
• The driver has been enhanced to use sp_describe_undeclared_parameters, a SQL 
  Server system stored procedure, to fetch parameter metadata. With this 
  enhancement, the driver can return more accurate parameter metadata for both 
  simple and complex queries. However, it cannot determine if a parameter allows 
  NULL values; hence, it returns SQL_NULLABLE_UNKNOWN for the nullable fields.
  Note that the driver does not call sp_describe_undeclared_parameters to fetch 
  parameter metadata when Always Encrypted functionality is enabled 
  (ColumnEncryption=Enabled).*
• OpenSSL library 1.1.1i has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerability resolved by version 1.1.1i: Incorrect behavior of the GENERAL_NAME_cmp function (CVE-2020-1971).*
• OpenSSL library 1.1.1g has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1g:*
  • Segmentation fault in SSL_check_chain (CVE-2020-1967)
  • rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)  
• The drivers using base version B0649 and later have been enhanced to include timestamp in the internal packet logs by default. If you want to disable the timestamp logging in packet logs, set PacketLoggingOptions=1. The internal packet logging is not enabled by default. To enable it, set EnablePacketLogging=1.*
• OpenSSL library 1.0.2r has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2r.*
  Version 1.0.2u of the OpenSSL library fixes the following security vulnerabilities:
  • x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1563)
  • Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
  • Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547)
  • Installation paths in diverse Windows builds (CVE-2019-1552)

  Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2.

• Version 7.66.0 of the curl library files have been replaced with version 7.84.0. In addition to fixing multiple new vulnerabilities, version 7.84.0 also addresses the vulnerabilities resolved by version 7.66.0.*
• The driver has been enhanced to support the Always Encrypted feature. Beginning with SQL Server 2016, Azure SQL and SQL Server databases support Always Encrypted, which allows sensitive data to be stored on the server in an encrypted state such that the data can only be decrypted by an authorized application. The following are highlights of this enhancement:
  • The driver detects all supported native data types in encrypted columns and transparently encrypts values bound to SQL parameters or decrypts values returned in results and output parameters.
  • The driver supports configurable caching of column encryption keys for improved performance.
  • The driver supports using Windows Certificate Store and Azure Key Vault as keystore providers.
  You can enable support for Always Encrypted using the new Column Encryption, Key Store Principal, Key Store Secret, and Key Cache Time To Live connection options.
• The default OpenSSL library version has been updated to 1.1.1d.*
• The new AllowedOpenSSLVersions option determines which version of the OpenSSL library file the driver uses for data encryption when multiple versions are installed with the product. For example, when specifying a value of 1.1.1 (AllowedOpenSSLVersions=1.1.1) the driver uses the 1.1.1 version of the library that is installed with the driver.*
• The default OpenSSL library has been updated to version 1.0.2r.*     
• The driver has been enhanced to transparently connect to Microsoft Azure Synapse Analytics and Microsoft Analytics Platform System data sources.
• The driver has been enhanced to support connecting to a proxy server through an HTTP connection. HTTP proxy support is configurable with the new Proxy Host, Proxy Mode, Proxy Password, Proxy Port, and Proxy User connection options.
• The new Enable Server Side Cursors connection option allows you to determine which server-side cursors are enabled for the data source.
• The driver is enhanced to support Azure Active Directory (Azure AD) authentication. Azure AD authentication is an alternative to SQL Server Authentication for Azure SQL Database that allows you to centrally manage identities of database users.
• The driver has been enhanced to support Always On Availability Groups. 
   Introduced in SQL Server 2012, Always On Availability Groups is a 
   replica-database environment that provides a high-level of data availability,
   protection, and recovery. To support this enhancement, the following updates
   have been made to the driver:
  • The Host Name option has been updated to support the virtual network name (VNN) of the availability group listener as a valid value. To connect to an Always On Availability group, you must specify the VNN using this option.
  • The new Application Intent option allows you to control whether the driver requests read-only routing, thereby improving efficiency by reducing the workload on read-write nodes. For details, refer to the readme installed with the product.
  • The new MultiSubnetFailover option allows the driver to attempt parallel connections to all the IP addresses associated with an availability group when the primary listener is unavailable. This offers improved response time over traditional failover, which attempts connections to alternate servers one at a time. For details, refer to the readme installed with the product.
• The driver and Driver Manager have been enhanced to support UTF-8 encoding in the odbc.ini and odbcinst.ini files.
• The OpenSSL library has been updated to version 1.0.2n.

Changed Behavior

• The product no longer includes version 1.1.1 of the OpenSSL library. The library will reach the end of its product life cycle in September 2023 and will not receive any security updates after that. Note that continuing to use the library after September 2023 can potentially expose you to security vulnerabilities.*

  Note: As a result of this change, when installing a new version of the product, the installer program will automatically remove version 1.1.1 of the library from the install directory, which will impact all the DataDirect ODBC drivers installed on a machine.

• The product no longer includes version 1.0.2 of the OpenSSL library. The library has reached the end of its product life cycle and is not receiving security updates anymore. Note that continuing to use the library could potentially expose you to security vulnerabilities.*
  Note: As a result of this change, when installing a new version of the driver, the installer program will automatically remove version 1.0.2 of the library from the install directory.
• The new CryptoLibName and SSLLibName connection options allow you to designate the OpenSSL libraries used when SSL is enabled.

Version 7.1.6

Enhancements

• The driver has been updated with OpenSSL library version 1.0.2k.*
  Note: OpenSSL library 1.0.2k has been replaced with version 1.0.2n.
• The default OpenSSL library version has been updated to 1.0.2j.*
  Note: OpenSSL library 1.0.2j has been replaced with version 1.0.2n.
• The default OpenSSL library version has been updated to 1.0.2h.*
  Note: OpenSSL library 1.0.2h has been replaced with version 1.0.2n.
• The default OpenSSL library version has been updated to 1.0.2g.*
  Note: OpenSSL library 1.0.2g has been replaced with version 1.0.2n.
• The default OpenSSL library version has been updated to 1.0.2f.
  Note: OpenSSL library 1.0.2f has been replaced with version 1.0.2n.
• The new CryptoLibName and SSLLibName connection options allow you to designate the OpenSSL libraries used when SSL is enabled.

Version 7.1.5

Enhancements

• The OpenSSL library was upgraded to version 1.0.0r, which fixes the
  CVE‐2015‐0204 (FREAK) vulnerability. See "RSA silently downgrades
  to EXPORT_RSA [Client] (CVE‐2015‐0204)" at
  https://www.openssl.org/news/secadv_20150108.txt for more
  information.
• The driver has been enhanced to support NTLMv2 authentication, which can be
  enabled using the AuthenticationMethod connection option.
• The new PRNGSeedSource connection option allows you to specifies whether the
  driver uses a file or the RAND_poll function as the seed source for SSL key generation.
• The new PRNGSeedFile connection option allows you to specify the entropy‐source file or device used as a seed for SSL key generation.
• The new Crypto Protocol Version connection option allows you to specify the cryptographic protocols used when SSL is enabled. This option can be used to avoid vulnerabilities associated with SSLv3 and SSLv2, including the POODLE vulnerability.

Version 7.1.4

Enhancements

• The new KeepAlive connection option allows you to use TCP Keep Alive to maintain idle TCP connections.

Version 7.1.3

No features introduced 

Version 7.1.2

No features introduced 

Version 7.1.1

No features introduced 

Version 7.1.0

No features introduced