microsoft/mssql-python v1.1.0

on GitHub

Release Notes - Version 1.1.0

Enhancements

• Thread-Safe Encoding/Decoding (#342)

  What changed: Introduced re-entrant lock to protect encoding and decoding settings across all connection methods (setencoding, setdecoding, getencoding, getdecoding). Enforced strict validation allowing only utf-16le and utf-16be for SQL_WCHAR types, explicitly rejecting utf-16 with BOM due to byte order ambiguity. Added security validation to ensure encoding names contain only safe characters and reasonable lengths.
  Who benefits: Multi-threaded applications with concurrent connections, applications processing Unicode data from SQL Server, security-conscious deployments preventing encoding-based attacks
  Impact: Prevents race conditions in encoding/decoding configuration, eliminates encoding-related data corruption in concurrent scenarios, and blocks potential denial-of-service attacks through malicious encoding specifications

  Fixes #250

• Comprehensive Linting and Code Quality (#331)

  What changed: Added GitHub Actions workflow for automated Python (flake8) and C++ (clang-format) linting. Introduced .flake8 and updated .clang-format configuration files. Applied comprehensive formatting to all Python and C++ files following project style guidelines.
  Who benefits: All contributors, code reviewers, maintainers ensuring consistent code quality
  Impact: Enforces consistent code style across the codebase, catches style violations early in CI, improves code readability and maintainability.

  Fixes #22

Bug Fixes

• Segmentation Fault on Linux During Garbage Collection (#361)

  What changed: Fixed critical double-free issue in SqlHandle::free() by preventing handle cleanup during Python interpreter shutdown for both statement (SQL_HANDLE_STMT) and database connection (SQL_HANDLE_DBC) handles
  Who benefits: All Linux users, long-running applications with frequent connection cycles, applications experiencing crashes during shutdown
  Impact: Eliminates segmentation faults during Python garbage collection, improves application stability and reliability on Linux platforms

  Fixes #341

• Connection Pooling Isolation Level Leak (#343)

  What changed: Transaction isolation level now explicitly reset to READ COMMITTED when pooled connections are reused. Added logic to Connection::reset() method to prevent isolation level settings from leaking between connection usages, addressing limitation of SQL_ATTR_RESET_CONNECTION which does not reset isolation level.
  Who benefits: Applications using connection pooling with different isolation level requirements, multi-tenant applications sharing connection pools, systems requiring predictable transaction isolation behavior
  Impact: Prevents unexpected transaction behavior from inherited isolation levels, ensures consistent database state across pooled connection reuse, eliminates hard-to-debug isolation level conflicts

  Fixes #337

• UTF-16 String Decoding from SQL Server (#340)

  What changed: Enhanced getinfo()method to properly decode UTF-16LE strings from SQL Server with fallback to UTF-8 encoding. Added comprehensive test coverage for string encoding validation.
  Who benefits: Applications retrieving driver or connection metadata, systems processing non-ASCII characters in connection info, developers troubleshooting encoding issues
  Impact: Eliminates data corruption when retrieving string metadata from SQL Server, ensures proper character encoding across all platforms, prevents silent encoding failures

  Fixes #318

• Improved UTF-16/UTF-32 Conversion Performance (#365)

  What changed: Replaced deprecated std::wstring_convert with optimized direct UTF-16 to UTF-32 conversion. Implemented explicit surrogate pair handling, removed intermediate buffers, and streamlined conversion logic for better performance and branch prediction. Added robust handling for invalid surrogate pairs and code points.
  Who benefits: All macOS/Linux users processing Unicode data, applications handling characters outside Basic Multilingual Plane (BMP), performance-sensitive workloads
  Impact: Greater than 10x performance improvement for UTF-8/16 conversions, eliminates deprecation warnings from modern compilers, improves robustness with malformed Unicode input

• Connection String Escaping Rules (#364)

  What changed: Fixed parser and builder to correctly handle ODBC connection string curly brace escaping rules. Only closing braces inside curlies require escaping (e.g., {pw}}d} for literal pw}d). Opening braces don't require escaping when wrapped in curlies.
  Who benefits: Users with special characters in passwords or connection string values, applications migrating from other database drivers, developers troubleshooting connection string issues
  Impact: Enables correct handling of passwords and values containing curly braces, aligns with official ODBC specification (MS-ODBCSTR), prevents connection failures due to incorrect escaping

  Fixes #363

• IntegrityError Detection with OUTPUT Clause (#338)

  What changed: Fixed error handling in fetchall() method to properly check and handle errors from DDBCSQLFetchAll. Added explicit check_error call after fetch operation.
  Who benefits: Applications using INSERT statements with OUTPUT clause and multiple VALUES entries, developers expecting proper IntegrityError exceptions on constraint violations
  Impact: Ensures errors are properly detected and raised during batch inserts with OUTPUT clause, improves error handling reliability and debugging experience

  Fixes #333

• Query Timeout During Cursor Creation (#348)

  What changed: Refactored timeout handling by introducing _set_timeout() method to set query timeout attribute during cursor initialization rather than on each execute() call. Centralizes timeout management in cursor lifecycle following performance best practices.
  Who benefits: Applications with strict query timeout requirements, performance-sensitive workloads executing many queries, developers experiencing timeout-related issues
  Impact: Improves consistency of timeout application, reduces overhead by setting timeout once during cursor creation, ensures timeout is active for entire cursor lifecycle

  Fixes #291

• NULL Parameter Array Handling (#332)

  What changed: Added logic to BindParameterArray in ddbc_bindings.cpp to handle SQL_C_DEFAULT type for arrays containing only NULL values. Validates that all values are NULL and throws exception if any non-NULL value is detected. Added comprehensive test coverage.
  Who benefits: Applications using executemany() with NULL values, batch insert operations with nullable columns, data migration scenarios
  Impact: Enables correct insertion of rows with all NULL values via executemany(), prevents type inference errors, improves batch operation reliability

• Sensitive Parameter Filtering (#368)

  What changed: Updated remove_sensitive_params function in authentication module to exclude Trusted_Connection instead of Encrypt and TrustServerCertificate when filtering connection parameters
  Who benefits: Applications using integrated authentication, security auditing systems, compliance frameworks tracking authentication methods
  Impact: Correctly filters sensitive authentication parameters while preserving encryption settings, improves security parameter handling accuracy

  Fixes #362

• CMake Build Warnings and Errors (#353)

  What changed: Enforced CMake warnings and deprecated features as errors (CMAKE_ERROR_DEPRECATED, CMAKE_WARN_DEPRECATED). Added strict compiler flags for GCC/Clang (-Werror, -Wattributes, -Wint-to-pointer-cast). Suppressed visibility attribute warnings for ParamInfo struct on Linux. Improved type casting safety in parameter binding using reinterpret_cast and static_cast.
  Who benefits: Build system maintainers, developers contributing C++ code, CI/CD pipelines ensuring code quality
  Impact: Catches deprecated API usage and build warnings early, improves code safety through strict type casting, ensures cross-platform build quality