Progress DataDirect for ODBC for Oracle Wire Protocol Driver

    An asterisk (*) indicates support that was added in a hotfix or software patch subsequent to a release.

    Refer to the following resources for additional information:

    • Product Compatibility Guide: Provides the latest data source and platform support information. 
    • Fixes: Describes the issues resolved since general availability.  

    Version 8.0.2

      Enhancements
      • The curl library files that are installed with the product have been upgraded to version 8.4.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.
        This upgrade is available starting in build 08.02.0921 of the curl library files. *
      • The default version of the OpenSSL library has been upgraded to version 3.0.9, which fixes the security vulnerabilities listed on the following page: https://www.openssl.org/news/vulnerabilities-3.0.html.*

        Notes:

        • The driver supports the following OpenSSL 3.0 providers: Default and FIPS.
        • The FIPS provider is supported only on the following platforms: Windows 64-bit, Linux 64-bit, and AIX 64-bit.
        • The following Oracle Advanced Security algorithms are not supported with OpenSSL 3.0:
          • Data Integrity algorithms: MD5 and SHA1
          • Encryption algorithms: RC4_128, RC4_256, RC4_40, and RC4_56
        • When installing a new version of the product, the installer program will automatically replace the OpenSSL 1.1.1 library files with the OpenSSL 3.0 library files in the install directory, which will impact all the DataDirect ODBC drivers installed on a machine. Therefore:
          • If you are using multiple 8.0 drivers, upgrade all your drivers to the latest version.
          • If you are using both 8.0 and 7.1 versions of the driver, copy the xxtls27.dll/libxxtls27.so[.sl] file to a different location before installing a new version of the 8.0 driver. Copy it back to the install directory once the installation is complete.
        • The driver is currently unable to establish a Kerberos connection with Oracle 18c servers.

        Refer to TLS/SSL Server Authentication and TLS/SSL Client Authentication for details.

      • OpenSSL library 1.1.1l has been replaced with version 3.0.9. In addition to fixing multiple new vulnerabilities, version 3.0.9 also addresses the vulnerabilities resolved by version 1.1.1l:*
        • X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
        • Use-after-free following BIO_new_NDEF (CVE-2023-0215)
        • Double free after calling PEM_read_bio_ex (CVE-2022-4450)
        • Timing Oracle in RSA Decryption (CVE-2022-4304)

        Version 1.1.1t also addresses vulnerabilities resolved by earlier versions of the library. For more information on the installed library files, refer to the readme.
        For more information on the OpenSSL vulnerabilities resolved by this upgrade, refer to the corresponding OpenSSL announcements at https://www.openssl.org/news/vulnerabilities-1.1.1.html.

      • The curl library files that are installed with the product have been upgraded to version 7.88.1, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.
        This upgrade is available starting in build 08.02.0693 of the curl library files.
      • The curl library files that are installed with the product have been upgraded to version 7.84.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html. This upgrade is available starting in build 08.02.0435 of the curl library files.*
      • The driver has been enhanced to support the Windows certificate store for TLS/SSL server authentication. Refer to the TLS/SSL server authentication for details.*
      • The driver has been enhanced to support TLS/SSL server authentication for the applications deployed in a serverless environment. The driver stores the TLS/SSL certificates in memory and lets applications use TLS/SSL server authentication without storing the truststore file on the disk. To use this enhancement, specify the content of the certificate in the refreshed Trust Store (Truststore) connection option or the new SQL_COPT_INMEMORY_TRUSTSTORECERT pre-connection attribute. Refer to the Trust Store and Using SQL_COPT_INMEMORY_TRUSTSTORECERT for details.*
      • OpenSSL library 1.1.1n has been replaced with version 1.1.1t. In addition to fixing multiple new vulnerabilities, version 1.1.1t also addresses the vulnerabilities resolved by version 1.1.1n:*
        • Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
        • BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)
      • The curl library files that are installed with the product have been upgraded to version 7.80.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.*
        This upgrade is available starting in build 08.02.0278 of the curl library files.
      • The driver has been enhanced with the new BatchFailureReturnsError option, which determines the behavior of the driver when encountering an error in a parameter array insert with bulk load disabled. Refer to Batch Failure Returns Error for details.*
      • A Password Encryption Tool, called ddencpwd, is now included with the product package. It encrypts passwords for secure handling in connection strings and odbc.ini files. At connection, the driver decrypts these passwords and passes them to the data source as required. See Password Encryption Tool (UNIX/Linux only) for details.*
      • The curl library files that are installed with the product have been upgraded to version 7.75.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.*
        This upgrade is available starting in build 08.02.0239 of the curl library files.
      • OpenSSL library 1.1.1l has been replaced with version 1.1.1n. In addition to fixing multiple new vulnerabilities, version 1.1.1n also addresses the vulnerabilities resolved by version 1.1.1l:* 
        • SM2 Decryption Buffer Overflow (CVE-2021-3711)
        • Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
      • OpenSSL library 1.1.1k has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1k:* 
        • CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
        • NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
        • Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
        • Integer overflow in CipherUpdate (CVE-2021-23840) 
      • OpenSSL library 1.1.1i has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerability resolved by version 1.1.1i: Incorrect behavior of the GENERAL_NAME_cmp function (CVE-2020-1971).*
             
      • The driver has been enhanced to support extended connection failover for the connections established using the TNSNAMES.ORA file. Refer to the Configuring failover using the TNSNAMES.ORA file for details.*
      • OpenSSL library 1.1.1g has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1g:*
        • Segmentation fault in SSL_check_chain (CVE-2020-1967)
        • rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)  
      • The drivers using base version B0649 and later have been enhanced to include timestamp in the internal packet logs by default. If you want to disable the timestamp logging in packet logs, set PacketLoggingOptions=1. The internal packet logging is not enabled by default. To enable it, set EnablePacketLogging=1.*
      • The driver has been enhanced to support Oracle Wallet Password Stores. When this feature is enabled, the driver retrieves database credentials from an Oracle Wallet to be used for authentication to the server. The driver has also been enhanced with the new Credentials Wallet Entry (CredentialsWalletEntry), Credentials Wallet Path (CredentialsWalletPath), Wallet Password (CredentialsWalletPassword) options, which are used to configure this feature. Refer to Oracle Wallet Password Store for details.
      • The driver has been enhanced to support connecting using the connection information stored in an LDAP entry. You can configure the driver to use LDAP with the new LDAP Distinguished Name (LDAPDistinguishedName) option and refreshed Host (HostName) and Port Number (PortNumber) options. Refer to Using LDAP for details.
      • OpenSSL library 1.0.2r has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2r.* 
        Version 1.0.2u of the OpenSSL library fixes the following security vulnerabilities:
        • x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1563)
        • Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
        • Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547)
        • Installation paths in diverse Windows builds (CVE-2019-1552)

        Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2.

      • The Driver Manager for UNIX/Linux has been enhanced to support setting the Unicode encoding type for applications on a per connection basis. By passing a value for the SQL_ATTR_APP_UNICODE_TYPE attribute using SQLSetConnectAttr, your application can specify the encoding at connection. This allows your application to pass both UTF-8 and UTF-16 encoded strings with a single environment handle. *
        The valid values for the SQL_ATTR_APP_UNICODE_TYPE attribute are SQL_DD_CP_UTF8 and SQL_DD_CP_UTF16. The default value is SQL_DD_CP_UTF8. Refer to Driver Manager and Unicode encoding on UNIX/Linux in Progress DataDirect for ODBC Drivers Reference for details.
        This enhancement is available in build 08.02.0449 of the driver manager.
      • The curl library files that are installed with the product have been upgraded to version 7.66.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.

        This upgrade is available starting in build 08.02.0116 of the curl library files.*

      • The driver has been enhanced to support connecting through Oracle Connection Manager using the TNSNAMES.ORA file. Refer to Oracle Connection Manager for details.*
      • The default OpenSSL library version has been updated to 1.1.1d.*
      • The driver has been updated with OpenSSL library version 1.0.2r.*
        Note: A newer version of the OpenSSL library, 1.1.1d, is now installed with the
        product. 
      • The driver has been enhanced to support connecting to a proxy server through an HTTP connection. HTTP proxy support is configurable with the new Proxy Host, Proxy Mode, Proxy Password, Proxy Port, and Proxy User connection options. Refer to Connecting through a proxy server for details.*
        Note: The driver does not currently support SSL data encryption for HTTP proxy connections.
      • Support has been added for Oracle Database Vault.*
      • The driver has been enhanced with the new Impersonate User connection option that allows you to specify the proxy user ID used for impersonation. The user ID specified using this option determines your permissions and identity when executing queries. Refer to Impersonate User for details.*
      • The driver has been enhanced to support using the default Service Name or SID specified in the server-side listener.ora file. Refer to Service Name, SID, and TNSNames File for details.*
      • The setting of the Array Size option can now be overridden by specifying the number of rows to fetch using the SQL_ATTR_ROW_ARRAY_SIZE statement attribute. Refer to Array Size for details.*
      • Support for Oracle Database Exadata Cloud Service* 
      • The default OpenSSL library version has been updated to 1.0.2n.*
      • Support for Oracle Wallet, including:
        • Oracle Wallet SSL Authentication
        • Using Oracle Wallet as a keystore or truststore for SSL data encryption.
        Refer to Oracle Wallet SSL Authentication and Using Oracle Wallet as a keystore for details.
      • The driver has been certified to use Oracle Internet Directory as a means to store authentication information. Refer to Oracle Internet Directory (OID) for details.
      • The Oracle driver has been enhanced to support the following new data integrity algorithms for Oracle 12c and higher: SHA256, SHA384, SHA512. To use these algorithms, specify their values using the Data Integrity Types connection option and enable data integrity checks with the Data Integrity Level connection option. Refer to Data Integrity Types and Data Integrity Level for details.
      • The maximum supported length of identifiers has been increased to 128 bytes when connecting to Oracle 12c R2 (12.2) databases. This change has been implemented to reflect the new maximum length supported by the server.
      Changed Behavior 
      • The product package no longer includes the ODBC Cursor library file (odbccurs.so) because it has some known security vulnerabilities that could potentially expose you to security risks.*
        Note: The installer program cannot remove the ODBC Cursor library file automatically while installing a new version of the driver. Remove it manually.
      • The valid value for the Authentication Method (AuthenticationMethod) option for retrieving credential information from Oracle Wallet password stores has been changed from 14 to 16. To support existing configurations of the driver, the original value, 14, will continue to be supported for this version of the driver. See for Authentication Method for details.
      • The product no longer includes version 1.1.1 of the OpenSSL library. The library will reach the end of its product life cycle in September 2023 and will not receive any security updates after that. Note that continuing to use the library after September 2023 can potentially expose you to security vulnerabilities.*

        Note: As a result of this change, when installing a new version of the product, the installer program will automatically remove version 1.1.1 of the library from the install directory, which will impact all the DataDirect ODBC drivers installed on a machine.

      • The product no longer includes version 1.0.2 of the OpenSSL library. The library has reached the end of its product life cycle and is not receiving security updates anymore. Note that continuing to use the library could potentially expose you to security vulnerabilities.*
        Note: As a result of this change, when installing a new version of the driver, the installer program will automatically remove version 1.0.2 of the library from the install directory.
      • The default value for the Data Integrity Types connection option has changed to the following: MD5,SHA1,SHA256,SHA384,SHA512. Refer to Data Integrity Types for details.

      Version 8.0.1

        Enhancements
        • The driver has been updated with OpenSSL library version 1.0.2k.*
          Note: OpenSSL library 1.0.2k has been replaced with version 1.0.2n.
        • Support for the Oracle 12 and 12a authentication protocols, which provide improved security.
        • Support for returning implicit result sets from stored procedures.
        • The driver is now compiled using Visual Studio 2015 for improved security.
        • The new SDU Size connection option allows you to specify the size in bytes of the Session Data Unit (SDU) that the driver requests when connecting to the server.
        • The new Support Binary XML connection option enables the driver to support XMLType with binary storage on servers running Oracle 12c and higher. 
        • The new LOB Prefetch Size connection option allows you to specify the size of prefetch data the driver returns for BLOBs and CLOBs for Oracle database versions 12.1.0.1 and higher. With LOB prefetch enabled, the driver can return LOB meta-data and the beginning of LOB data along with the LOB locator during a fetch operation. This can have significant performance impact, especially for small LOBs which can potentially be entirely prefetched, because the data is available without having to go through the LOB protocol.
        Changed Behavior 
        • The Enable N-CHAR Support connection option has been deprecated, and the driver behavior has been updated to always provide support for the N-types NCHAR, NVARCHAR2 and NCLOB. For compatibility purposes, the EnableNcharSupport attribute can still be manually specified for this release, but will be deprecated in subsequent versions of the product. 
        • The Enable Timestamp with Timezone connection option has been deprecated, and the driver behavior has been updated to always expose timestamps with timezones to the application. For compatibility purposes, the EnableTimestampwithTimezone attribute can still be manually specified for this release, but it will be deprecated in subsequent versions of the product.
        • The default value for the Data Integrity Level connection option has been updated to 1 (Accepted). By default, a data integrity check can now be made on data sent between the driver and the database server, if the server request or requires it. This change allows the driver to connect to servers requiring Oracle Advanced Security data integrity checks using the default configuration.
        • The default value for the Encryption Level connection option has been updated to 1 (Accepted). By default, encryption is now used on data sent between the driver and the database server if the database server requests or requires it. This change allows the driver to connect to servers requiring Oracle Advanced Security encryption using the default configuration.  

        Version 7.1.6

        Enhancements
        • The default OpenSSL library version has been updated to 1.0.2j.*
          Note: OpenSSL library 1.0.2j has been replaced with version 1.0.2n.
        • The default OpenSSL library version has been updated to 1.0.2h.*
          Note: OpenSSL library 1.0.2h has been replaced with version 1.0.2n.
        • The default OpenSSL library version has been updated to 1.0.2g.*
          Note: OpenSSL library 1.0.2g has been replaced with version 1.0.2n.
        • The default OpenSSL library version has been updated to 1.0.2f.
          Note: OpenSSL library 1.0.2f has been replaced with version 1.0.2n.
        • The new CryptoLibName and SSLLibName connection options allow you to 
           designate the OpenSSL libraries used when SSL is enabled.

        Version 7.1.5

          Enhancements
          • The OpenSSL library was upgraded to version 1.0.0r, which fixes the
            CVE‐2015‐0204 (FREAK) vulnerability. See "RSA silently downgrades
            to EXPORT_RSA [Client] (CVE‐2015‐0204)" at
            https://www.openssl.org/news/secadv_20150108.txt for more
            information.
          • The new PRNGSeedSource connection option allows you to specifies whether the
            driver uses a file or the RAND_poll function as the seed source for SSL key generation.
          • The new PRNGSeedFile connection option allows you to specify the entropy‐source file or device used as a seed for SSL key generation.
          • The new Crypto Protocol Version connection option allows you to specify the cryptographic protocols used when SSL is enabled. This option can be used to avoid vulnerabilities associated with SSLv3 and SSLv2, including the POODLE vulnerability.

          Version 7.1.4

            Enhancements
            • The new KeepAlive connection option allows you to use TCP Keep Alive to maintain idle TCP connections.

            Version 7.1.3

              Enhancements
              • Modified to support all Oracle 11gR2 Kerberos encryption algorithms.

              Version 7.1.2

              No features introduced 

                Version 7.1.1

                No features introduced

                  Version 7.1.0

                  Enhancements
                  • Support for Oracle Advanced Security (OAS).

                Connect any application to any data source anywhere

                Explore all DataDirect Connectors

                A product specialist will be glad to get in touch with you

                Contact Us