Skip to content

chore(deps): bump com.databricks:databricks-jdbc from 3.4.1 to 3.4.2#2926

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/com.databricks-databricks-jdbc-3.4.2
Open

chore(deps): bump com.databricks:databricks-jdbc from 3.4.1 to 3.4.2#2926
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/com.databricks-databricks-jdbc-3.4.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps com.databricks:databricks-jdbc from 3.4.1 to 3.4.2.

Release notes

Sourced from com.databricks:databricks-jdbc's releases.

v3.4.2

Added

  • Added UseBoundedSeaApi connection property (default 0/off). When enabled, the driver uses the bounded SEA API contract for CloudFetch: sends row_offset on GetResultData requests and uses next_chunk_index for chunk discovery instead of total_chunk_count. Requires server support.
  • OAuth M2M (client credentials) connections can now supply the client secret via the JDBC password/PWD property and the client id via the JDBC user/UID property, instead of embedding OAuth2Secret/OAuth2ClientId in the connection URL. This lets BI tools (e.g. DBeaver) mask the OAuth secret in their password field rather than exposing it in the clear-text JDBC URL. Explicit OAuth2ClientId/OAuth2Secret still take precedence when present, so existing URLs are unaffected.

Updated

  • Bumped the Databricks SDK for Java dependency from 0.106.0 to 0.118.0.

Fixed

  • Fixed telemetry misattribution when multiple connections (e.g. Thrift and SEA) are used on the same thread. Per-statement telemetry events could be tagged with another connection's context (e.g. transport mode); each connection's telemetry now uses its own context instead of a shared thread-local value.
  • Hardened the OAuth U2M token cache at rest (encryption key derivation and file permissions).
  • Fixed DatabaseMetaData.getURL() exposing credentials embedded in the connection URL; secret parameters are now masked (the URL is otherwise unchanged).
  • Fixed presigned URL credentials not being fully redacted in logs.
  • Fixed access token exposure in DEBUG logs.
  • Fixed StackOverflowError / hang when closing a ResultSet or Statement with closeOnCompletion() enabled.
  • Fixed SQL injection vulnerability in binary parameter handling.
  • Fixed setCatalog() and setSchema() producing invalid SQL (e.g. SET CATALOG ``name``) when the catalog or schema name was passed already wrapped in backticks. Backticks are now stripped before wrapping, and getCatalog()/getSchema()` return the bare identifier name.
  • Fixed metadata SQL generation for catalog, schema, and table identifiers containing backticks.
  • Fixed SEA result truncation when direct results are disabled. Large, highly-compressible results that span multiple chunks were delivered inline via the old hybrid path and truncated to the first chunk. The SQL Execution path now uses an async (0s) wait timeout when direct results are disabled, so results are returned via external links and fetched in full.
  • Fixed getColumns() flooding the DriverManager log writer with caught-and-recovered Invalid column index stack traces.
  • Fixed timezone-shifted TIMESTAMP values when retrieving nested complex types (STRUCT/ARRAY/MAP) with EnableComplexDatatypeSupport=1.
  • Fixed MAP columns whose values are themselves complex types (e.g. MAP<INT,ARRAY<BIGINT>>) rendering their values as empty (e.g. SELECT MAP(0, ARRAY(34277,0)) returned {0:} instead of {0:[34277,0]}) when fetched via Arrow (EnableArrow=1) with EnableComplexDatatypeSupport disabled.
  • Fixed DatabricksDatabaseMetaData.supportsBatchUpdates() always returning false, which caused batch-aware JDBC clients (e.g. Apache Hop) to skip executeBatch() and fall back to one INSERT per row. It now returns true when EnableBatchedInserts=1, so those clients use the optimized multi-row INSERT path.
  • Fixed Connection.setReadOnly(true) throwing DatabricksSQLFeatureNotSupportedException, which broke clients (e.g. Trino/Starburst GenericJDBC, HikariCP, DBCP) that call it during connection initialization. Per the JDBC spec, setReadOnly is a hint the driver may ignore; it is now a no-op and isReadOnly() continues to return false.
  • Fixed ResultSetMetaData.getColumnTypeName() returning TIMESTAMP for TIMESTAMP_NTZ columns (e.g. SELECT MIN(ntz_col) ...), a regression from 3.0.7. By default the driver now preserves the TIMESTAMP_NTZ type name across the SEA, Thrift, and describe-query metadata paths; getColumnType() continues to report java.sql.Types.TIMESTAMP. Set the new connection property EnableTimestampNtzTypeName=0 to restore the previous behavior (report TIMESTAMP), which matches the legacy (v2.x.x) driver. (#1495)
  • Fixed SQLException.getErrorCode() being inconsistent between transports for statement-execution failures: the Thrift path returned 0 while the SEA path returned 1003 for the same server error. Thrift statement errors now report the EXECUTE_STATEMENT_FAILED (1003) vendor code, matching SEA. The SQLState and error message are unchanged.
Changelog

Sourced from com.databricks:databricks-jdbc's changelog.

[v3.4.2] - 2026-07-14

Added

  • Added UseBoundedSeaApi connection property (default 0/off). When enabled, the driver uses the bounded SEA API contract for CloudFetch: sends row_offset on GetResultData requests and uses next_chunk_index for chunk discovery instead of total_chunk_count. Requires server support.
  • OAuth M2M (client credentials) connections can now supply the client secret via the JDBC password/PWD property and the client id via the JDBC user/UID property, instead of embedding OAuth2Secret/OAuth2ClientId in the connection URL. This lets BI tools (e.g. DBeaver) mask the OAuth secret in their password field rather than exposing it in the clear-text JDBC URL. Explicit OAuth2ClientId/OAuth2Secret still take precedence when present, so existing URLs are unaffected.

Updated

  • Bumped the Databricks SDK for Java dependency from 0.106.0 to 0.118.0.

Fixed

  • Fixed telemetry misattribution when multiple connections (e.g. Thrift and SEA) are used on the same thread. Per-statement telemetry events could be tagged with another connection's context (e.g. transport mode); each connection's telemetry now uses its own context instead of a shared thread-local value.
  • Hardened the OAuth U2M token cache at rest (encryption key derivation and file permissions).
  • Fixed DatabaseMetaData.getURL() exposing credentials embedded in the connection URL; secret parameters are now masked (the URL is otherwise unchanged).
  • Fixed presigned URL credentials not being fully redacted in logs.
  • Fixed access token exposure in DEBUG logs.
  • Fixed StackOverflowError / hang when closing a ResultSet or Statement with closeOnCompletion() enabled.
  • Fixed SQL injection vulnerability in binary parameter handling.
  • Fixed setCatalog() and setSchema() producing invalid SQL (e.g. SET CATALOG ``name``) when the catalog or schema name was passed already wrapped in backticks. Backticks are now stripped before wrapping, and getCatalog()/getSchema()` return the bare identifier name.
  • Fixed metadata SQL generation for catalog, schema, and table identifiers containing backticks.
  • Fixed SEA result truncation when direct results are disabled. Large, highly-compressible results that span multiple chunks were delivered inline via the old hybrid path and truncated to the first chunk. The SQL Execution path now uses an async (0s) wait timeout when direct results are disabled, so results are returned via external links and fetched in full.
  • Fixed getColumns() flooding the DriverManager log writer with caught-and-recovered Invalid column index stack traces.
  • Fixed timezone-shifted TIMESTAMP values when retrieving nested complex types (STRUCT/ARRAY/MAP) with EnableComplexDatatypeSupport=1.
  • Fixed MAP columns whose values are themselves complex types (e.g. MAP<INT,ARRAY<BIGINT>>) rendering their values as empty (e.g. SELECT MAP(0, ARRAY(34277,0)) returned {0:} instead of {0:[34277,0]}) when fetched via Arrow (EnableArrow=1) with EnableComplexDatatypeSupport disabled.
  • Fixed DatabricksDatabaseMetaData.supportsBatchUpdates() always returning false, which caused batch-aware JDBC clients (e.g. Apache Hop) to skip executeBatch() and fall back to one INSERT per row. It now returns true when EnableBatchedInserts=1, so those clients use the optimized multi-row INSERT path.
  • Fixed Connection.setReadOnly(true) throwing DatabricksSQLFeatureNotSupportedException, which broke clients (e.g. Trino/Starburst GenericJDBC, HikariCP, DBCP) that call it during connection initialization. Per the JDBC spec, setReadOnly is a hint the driver may ignore; it is now a no-op and isReadOnly() continues to return false.
  • Fixed ResultSetMetaData.getColumnTypeName() returning TIMESTAMP for TIMESTAMP_NTZ columns (e.g. SELECT MIN(ntz_col) ...), a regression from 3.0.7. By default the driver now preserves the TIMESTAMP_NTZ type name across the SEA, Thrift, and describe-query metadata paths; getColumnType() continues to report java.sql.Types.TIMESTAMP. Set the new connection property EnableTimestampNtzTypeName=0 to restore the previous behavior (report TIMESTAMP), which matches the legacy (v2.x.x) driver. (#1495)
  • Fixed SQLException.getErrorCode() being inconsistent between transports for statement-execution failures: the Thrift path returned 0 while the SEA path returned 1003 for the same server error. Thrift statement errors now report the EXECUTE_STATEMENT_FAILED (1003) vendor code, matching SEA. The SQLState and error message are unchanged.
Commits
  • 724c217 Bump to version 3.4.2 (#1551)
  • 43ea6c4 Align Thrift statement-error vendor code with SEA (EXECUTE_STATEMENT_FAILED) ...
  • ca1889b Fix MAP with complex value type rendering as empty via Arrow (#1505) (#1546)
  • e647399 Stream CloudFetch chunk decompression to bound memory and prevent OOM on larg...
  • 276f634 Add bounded SEA API support for CloudFetch (UseBoundedSeaApi) (#1468)
  • 602faea Preserve TIMESTAMP_NTZ type name in ResultSetMetaData (#1495) (#1519)
  • bcdb6c2 Bump anthropics/claude-code-action from 1.0.79 to 1.0.166 (#1538)
  • a9cc4c7 Bump actions/setup-java from 4.8.0 to 5.4.0 (#1542)
  • f51bfa3 Bump peter-evans/create-pull-request from 7.0.11 to 8.1.1 (#1541)
  • 4710305 Bump actions/cache/save from 4.3.0 to 6.1.0 (#1540)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.databricks:databricks-jdbc](https://github.com/databricks/databricks-jdbc) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/databricks/databricks-jdbc/releases)
- [Changelog](https://github.com/databricks/databricks-jdbc/blob/main/CHANGELOG.md)
- [Commits](databricks/databricks-jdbc@v3.4.1...v3.4.2)

---
updated-dependencies:
- dependency-name: com.databricks:databricks-jdbc
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants