Progress DataDirect for ODBC for PostgreSQL Wire Protocol Driver

    An asterisk (*) indicates support that was added in a hotfix or software patch subsequent to a release.

    Refer to the following resources for additional information:

    • Product Compatibility Guide: Provides the latest data source and platform support information. 
    • Fixes: Describes the issues resolved since general availability.  

    Version 8.0.2

    Enhancements
    • The default version of the OpenSSL library has been upgraded to version 3.0.15, which fixes the security vulnerabilities described on the following page: https://www.openssl.org/news/vulnerabilities-3.0.html.*
      Available: 11/12/2024 | 08.02.1015 (library version)
    • The driver is enhanced to support Microsoft Entra ID authentication using user names and passwords. You can configure this feature using the updated Authentication Method (AuthenticationMethod), User Name (LogonID), and Password (Password) options, and the new Azure Tenant ID (AzureTenantID) option. Refer to  Microsoft Entra ID authentication for more information.
      Available: 8/26/2024 |  08.02.2829 
    • The driver has been enhanced to support Microsoft Entra ID authentication using service principal users. You can configure this feature using the updated Authentication Method (AuthenticationMethod), User Name (LogonID), and Password (Password) options, and the new Azure Tenant ID (AzureTenantID) option. Refer to  Microsoft Entra ID authentication for more information.
      Available: 8/26/2024 |  08.02.2829 
    • For AIX platforms, the ICU library files that are installed with the product have been upgraded to version 74.1. As a part of this upgrade, the ICU library file names have changed. For the 32-bit driver, the ICU file name has changed from libivicu28.a to libivicu.a. For the 64-bit driver, the ICU file name has changed from libddicu28.a to libddicu.a. This upgrade does not apply to the other UNIX platforms. This upgrade is available starting in build 08.02.1072 of the ICU library files.*
    • For Windows platforms, the ICU library files that are installed with the product have been upgraded to version 74.1. As a part of this upgrade, the ICU library file names have changed. For the 32-bit driver, the ICU file name has changed from ivicu28.dll to ivicu.dll. For the 64-bit driver, the ICU file name has changed from ddicu28.dll to ddicu.dll. This upgrade is available starting in build 08.02.1072 of the ICU library files.*
    • The driver has been enhanced to support the TLSv1.3 cryptographic protocol. As part of this enhancement, the default cryptographic protocols enabled by the driver have been updated to TLSv1.3 and TLSv1.2. Refer to Crypto Protocol Version for more information.
      Available: 7/4/2024 | 08.02.2745
    • For Linux platforms, the ICU library files that are installed with the product have been upgraded to version 74.1. In addition, the ICU library file names have changed for Linux platforms. For the 32-bit driver on Linux, the ICU file name has changed from libivicu28.so to libivicu.so. For the 64-bit driver on Linux, the ICU file name has changed from libddicu28.so to libddicu.so. This upgrade does not apply to UNIX platforms.
      This upgrade is available starting in build 08.02.0965 of the ICU library files.*
    • The curl library files that are installed with the product have been upgraded to version 8.4.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html
      This upgrade is available starting in build 08.02.0921 of the curl library files. *
    • The driver has been enhanced to support MERGE against PostgreSQL 15 and later. MERGE is a SQL command that modifies rows in the target table using the data from the source table. It can conditionally INSERT, UPDATE or DELETE rows in a single statement, eliminating the need to write multiple procedural statements.
    • The default version of the OpenSSL library has been upgraded to version 3.0.9, which fixes the security vulnerabilities listed on the following page: https://www.openssl.org/news/vulnerabilities-3.0.html.*

      Notes:

      • The driver supports the following OpenSSL 3.0 providers: Default and FIPS.
      • The FIPS provider is supported only on the following platforms: Windows 64-bit, Linux 64-bit, and AIX 64-bit.
      • When installing a new version of the product, the installer program will automatically replace the OpenSSL 1.1.1 library files with the OpenSSL 3.0 library files in the install directory, which will impact all the DataDirect ODBC drivers installed on a machine. Therefore:
        • If you are using multiple 8.0 drivers, upgrade all your drivers to the latest version.
        • If you are using both 8.0 and 7.1 versions of the driver, copy the xxtls27.dll/libxxtls27.so[.sl] file to a different location before installing a new version of the 8.0 driver. Copy it back to the install directory once the installation is complete.
      Refer to TLS/SSL server authentication and TLS/SSL client authentication for details.
    • The installer program has been enhanced to support Azul Zulu JRE 11. As a result of this change, the installer has ended support for platforms that do not support Java SE 8 or higher. The installer supports the following operating systems after the enhancement:
      • Windows 8.1 or higher
      • Windows Server 2012 RC2 or higher
      • UNIX/Linux: Any operating system on a machine using a JRE that is Java SE 8 or higher (LTS version), including Oracle JDK, OpenJDK, and IBM SDK (Java) distributions.
      Important: These changes do not affect the operating system requirements of the driver.*
    • The default version of the OpenSSL library has been upgraded to version 1.1.1t, which fixes the following security vulnerabilities:*
      • X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
      • Use-after-free following BIO_new_NDEF (CVE-2023-0215)
      • Double free after calling PEM_read_bio_ex (CVE-2022-4450)
      • Timing Oracle in RSA Decryption (CVE-2022-4304)

      Version 1.1.1t also addresses vulnerabilities resolved by earlier versions of the library. For more information on the installed library files, refer to the readme.
      For more information on the OpenSSL vulnerabilities resolved by this upgrade, refer to the corresponding OpenSSL announcements at https://www.openssl.org/news/vulnerabilities-1.1.1.html.

    • The curl library files that are installed with the product have been upgraded to version 7.88.1, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.
      This upgrade is available starting in build 08.02.0693 of the curl library files.*
    • The curl library files that are installed with the product have been upgraded to version 7.84.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html. This upgrade is available starting in build 08.02.0435 of the curl library files.*
    • The driver has been enhanced to support the Windows certificate store for TLS/SSL server authentication. Refer to the TLS/SSL server authentication for details.*
    • The driver has been enhanced to support TLS/SSL server authentication for the applications deployed in a serverless environment. The driver stores the TLS/SSL certificates in memory and lets applications use TLS/SSL server authentication without storing the truststore file on the disk. To use this enhancement, specify the content of the certificate in the refreshed Trust Store (Truststore) connection option or the new SQL_COPT_INMEMORY_TRUSTSTORECERT pre-connection attribute. Refer to Trust Store and Using SQL_COPT_INMEMORY_TRUSTSTORECERT for details.*
    • The Batch Mechanism (BatchMechanism) connection option has been enhanced to support the native batch protocol for batch inserts. When BatchMechanism is set to 4 (NativeBatch), the driver uses the native batch protocol for the insert operation of all batched parameters. For update and delete batch operations, the driver uses the native batch mechanism by default to handle the request. Refer to Batch Mechanism for details.*
    • OpenSSL library 1.1.1n has been replaced with version 1.1.1t. In addition to fixing multiple new vulnerabilities, version 1.1.1t also addresses the vulnerabilities resolved by version 1.1.1n:*
      • Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
      • BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)
    • The curl library files that are installed with the product have been upgraded to version 7.80.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html.*
      This upgrade is available starting in build 08.02.0278 of the curl library files. 
    • The Use Declare Fetch (UseDeclareFetch) and Fetch Size (FetchSize) connection options have been added to the driver. The Use Declare Fetch option determines whether the driver attempts to return a result set in a single fetch or across multiple fetches. If multiple fetches are used, the setting of the Fetch Size option determines the size of each fetch. For large result sets, retrieving rows in multiple fetches can improve response time and thereby prevent possible timeouts. Refer to the user's guide for details. See Use Declare Fetch and Fetch Size for details.*
    • A Password Encryption Tool, called ddencpwd, is now included with the product package. It encrypts passwords for secure handling in connection strings and odbc.ini files. At connection, the driver decrypts these passwords and passes them to the data source as required. See Password Encryption Tool (UNIX/Linux only) for details.*
    • OpenSSL library 1.1.1l has been replaced with version 1.1.1n. In addition to fixing multiple new vulnerabilities, version 1.1.1n also addresses the vulnerabilities resolved by version 1.1.1l:* 
      • SM2 Decryption Buffer Overflow (CVE-2021-3711)
      • Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
    • The driver has been enhanced to support stored procedures for PostgreSQL 11 and later.
    • The Call Escape Behavior (CallEscapeBehavior) connection option has been added to the driver. The driver determines whether to call a user-defined function or a stored procedure based on the value specified for this option. Refer to Call Escape Behavior for details. 
    • The driver has been enhanced to support certificate-based authentication. It uses TLS/SSL protocol for authentication and authenticates the client to the server if the TLS/SSL client certificate is issued by a trusted Certificate Authority (CA) and the Common Name (cn) attribute of the TLS/SSL client certificate matches the database user name. Two new connection options, Client SSL Certificate and Client SSL Key, have been added to support this authentication method. Refer to the Certificate-based authentication for details.
    • The Show Selectable Tables (ShowSelectableTables) connection option has been added to the driver. It determines whether the driver returns metadata for all tables or only for the tables for which the user has Select privileges. It can help the users with restricted Select privileges retrieve metadata for the required tables. Refer to Show Selectable Tables for details.
    • The driver has been enhanced to support the SCRAM-SHA-256-PLUS authentication method, which uses channel binding for establishing a secure connection with PostgreSQL (v11.0 and higher).
    • The driver has been enhanced with the new Batch Mechanism (BatchMechanism) connection option, which specifies the preferred mechanism for executing batch insert operations. By setting Batch Mechanism to 2 (MultiRowInsert) or 3 (Copy), the driver can achieve substantial performance gains when performing batch inserts. Refer to the Batch Mechanism for details. 
    • The driver has been enhanced to support the following data types: Citext, Float, and Tinyint. See Data Types for details.
    • The drivers using base version B0649 and later have been enhanced to include timestamp in the internal packet logs by default. If you want to disable the timestamp logging in packet logs, set PacketLoggingOptions=1. The internal packet logging is not enabled by default. To enable it, set EnablePacketLogging=1.
    • The Driver Manager for UNIX/Linux has been enhanced to support setting the Unicode encoding type for applications on a per connection basis. By passing a value for the SQL_ATTR_APP_UNICODE_TYPE attribute using SQLSetConnectAttr, your application can specify the encoding at connection. This allows your application to pass both UTF-8 and UTF-16 encoded strings with a single environment handle.
      The valid values for the SQL_ATTR_APP_UNICODE_TYPE attribute are SQL_DD_CP_UTF8 and SQL_DD_CP_UTF16. The default value is SQL_DD_CP_UTF8.
      This enhancement is available in build 07.16.0398 of the driver manager.
    • A Power BI connector is now included with the product package. You can use this connector to access your PostgreSQL data with Power BI. Refer to the Power BI (Windows only) for details.
    • The driver has been enhanced to support Select queries with parameterized arrays.
    • The driver has been enhanced to support md5 and scram-sha-256 authentication methods.
    • The driver has been enhanced to support materialized views and foreign tables.
    Changed Behavior
    • The installer program now requires you to install a JRE that is Java SE 11 or higher before running the installer. In earlier versions, the JRE used by the installer program was included in the product. However, to avoid potential security vulnerabilities, the installer program no longer includes a JRE. Instead, the installer program uses the JRE in your environment to allow for the most secure version of a JRE to be used.

      Notes:

      • This change does not affect the JVM requirements for the driver. For the latest driver requirements, refer to the Product Compatibility Guide.
      • The installer program cannot remove the already installed JRE files from the install directory automatically. Remove them manually.
    • The product package no longer includes the ODBC Cursor library file (odbccurs.so) because it has some known security vulnerabilities that could potentially expose you to security risks.*
      Note: The installer program cannot remove the ODBC Cursor library file automatically while installing a new version of the driver. Remove it manually.
    • The product no longer includes version 1.1.1 of the OpenSSL library. The library will reach the end of its product life cycle in September 2023 and will not receive any security updates after that. Note that continuing to use the library after September 2023 can potentially expose you to security vulnerabilities.*

      Note: As a result of this change, when installing a new version of the product, the installer program will automatically remove version 1.1.1 of the library from the install directory, which will impact all the DataDirect ODBC drivers installed on a machine.

    • The product no longer includes version 1.0.2 of the OpenSSL library. The library has reached the end of its product life cycle and is not receiving security updates anymore. Note that continuing to use the library could potentially expose you to security vulnerabilities.*
      Note: As a result of this change, when installing a new version of the driver, the installer program will automatically remove version 1.0.2 of the library from the install directory.
    • For PostgreSQL 9.0 and later, the driver behavior has been updated to support executing multiple prepared statements in a single query that contain inserts for BYTEA values. However, for versions earlier than PostgreSQL 9.0, this functionality is not supported and the driver returns an error.
    • The default value for the Batch Mechanism (BatchMechanism) connection option has been changed to 3 (Copy). The driver now, by default, uses the PostgreSQL COPY command to insert rows into the target table. It allows the driver to achieve substantial performance improvements over 1 (SingleRowInsert) when performing batch inserts. Refer to the user's guide for details. Refer to Batch Mechanism for details.

    Version 7.1.6

      Enhancements
      • The default version of the OpenSSL library has been upgraded to version 1.1.1k, which fixes the following security vulnerabilities:*
        • CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
        • NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
        • Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
        • Integer overflow in CipherUpdate (CVE-2021-23840)

        Version 1.1.1k also addresses vulnerabilities resolved by earlier versions of the library. For more information on the installed library files, refer to the readme.
        For more information on the OpenSSL vulnerabilities resolved by this upgrade, refer to the corresponding OpenSSL announcements at https://www.openssl.org/news/vulnerabilities-1.1.1.html.

      • OpenSSL library 1.1.1i has been replaced with version 1.1.1k. In addition to fixing multiple new vulnerabilities, version 1.1.1k also addresses the vulnerability resolved by version 1.1.1i: Incorrect behavior of the GENERAL_NAME_cmp function (CVE-2020-1971).*
      • OpenSSL library version 1.1.1g has been replaced with version 1.1.1k. In addition to fixing multiple new vulnerabilities, version 1.1.1k also addresses the vulnerabilities resolved by version 1.1.1k:*
        • Segmentation fault in SSL_check_chain (CVE-2020-1967)
        • rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) 
      • OpenSSL library 1.0.2r has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2r.*
        Version 1.0.2u of the OpenSSL library fixes the following security vulnerabilities:
        • x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1563)
        • Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
        • Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547)
        • Installation paths in diverse Windows builds (CVE-2019-1552)

        Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2.

      • The default OpenSSL library version has been updated to 1.1.1d.*
      • The default OpenSSL library version has been updated to 1.0.2r:*
      • The default OpenSSL library version has been updated to 1.0.2n.*
      • The default OpenSSL library version has been updated to 1.0.2k.*
      • The default OpenSSL library version has been updated to 1.0.2j.*
      • The default OpenSSL library version has been updated to 1.0.2h.*
      • The default OpenSSL library version has been updated to 1.0.2g.*
      • The default OpenSSL library version has been updated to 1.0.2f.
      • Support for Kerberos Authentication.
      • The new CryptoLibName and SSLLibName connection options allow you to 
         designate the OpenSSL libraries used when SSL is enabled.

      Version 7.1.5

      Enhancements
      • The OpenSSL library was upgraded to version 1.0.0r, which fixes the
        CVE‐2015‐0204 (FREAK) vulnerability. See "RSA silently downgrades
        to EXPORT_RSA [Client] (CVE‐2015‐0204)" at
        https://www.openssl.org/news/secadv_20150108.txt for more
        information.
      • The new Crypto Protocol Version connection option allows you to specify
        the cryptographic protocols used when SSL is enabled. This option can be
        used to avoid vulnerabilities associated with SSLv3 and SSLv2, including
        the POODLE vulnerability.
      • The new Unbounded Numeric Precision connection option allows you to
        define the precision for unbounded NUMERIC columns described
        within the column, parameter, result set, or table metadata.
      • The new Unbounded Numeric Scale connection option allows you to
        define the scale for unbounded NUMERIC columns described within
        the column, parameter, result set, or table metadata.

      Version 7.1.4

        Enhancements
        • The new KeepAlive connection option allows you to use TCP Keep Alive to maintain idle TCP connections.

        Version 7.1.3

          Changed Behavior
          • The EncryptionMethod connection option now supports Request SSL
            functionality. When Request SSL is enabled, login requests and data are
            encrypted if the server is configured for SSL. If the server is not
            configured for SSL, an unencrypted connection is established.

          Version 7.1.2

          No features introduced 

            Version 7.1.1

            No features introduced

              Version 7.1.0

              No features introduced 

            Connect any application to any data source anywhere

            Explore all DataDirect Connectors

            A product specialist will be glad to get in touch with you

            Contact Us