mssql-python 1.8.0: friendlier Row access, Bulk Copy with MSI, and a refreshed ODBC driver
We just shipped mssql-python 1.8.0, the official Microsoft SQL Server driver for Python. This release focuses on day-to-day ergonomics, a long-requested authentication option for Bulk Copy, and a refresh of the bundled ODBC driver. pip install --upgrade mssql-python Highlights Row objects now support string-key indexing Row already supported integer indexing and attribute access. In 1.8.0 you can also index by column name, which is the pattern most users reach for first: cursor.execute("SELECT id, display_name FROM users WHERE id = ?", [42]) row = cursor.fetchone() row[0] # 42 - by index row.display_name # 'Ada' - by attribute row["display_name"] # 'Ada' - new in 1.8.0 If you set cursor.lowercase = True, string-key lookups become case-insensitive too, matching the casing behavior of attribute access. ActiveDirectoryMSI authentication for Bulk Copy Bulk Copy operations now support Authentication=ActiveDirectoryMSI, so workloads running with a managed identity (Azure VMs, App Service, Functions, Container Apps, AKS) can stream bulk inserts to Azure SQL without provisioning a separate credential. Bundled ODBC driver upgraded to 18.6.2.1 We've upgraded the bundled Microsoft ODBC Driver for SQL Server from 18.5.1.1 to 18.6.2.1. You pick up the upstream fixes and TLS/cert improvements just by upgrading the wheel. No separate ODBC install step. Bug fixes worth calling out Deferred connect-attribute use-after-free. Values passed to connection attributes set before connect are now stored in member buffers, so the driver no longer reads freed memory in some attribute-set paths. Connection string parsed multiple times in the auth path. The auth code path was reparsing the connection string several times per connect. It now operates on the already-parsed parameter dictionary, which is both faster and easier to reason about. Sensitive parameters (UID, PWD, Trusted_Connection, Authentication) are sanitized through a single canonical path before the ODBC handoff. executemany type annotation regression. seq_of_parameters now uses a covariant Sequence, so passing a list of tuples (or any covariant sequence type) type-checks cleanly again. Upgrading For most users, pip install --upgrade mssql-python is all you need. Nothing in this release is intentionally breaking. If you have type stubs or mypy pins that depended on the previous invariant seq_of_parameters annotation, you can drop the workaround. Thanks Thanks to everyone who filed issues, sent repros, and reviewed PRs in this cycle. The Row indexing and connection-string parsing work came directly from user-reported scenarios. Full changelog and PR list: microsoft/mssql-python releases.
Security Update for SQL Server 2022 RTM
The Security Update for SQL Server 2022 RTM GDR is now available for download at the Microsoft Download Center and Microsoft Update Catalog sites. This package cumulatively includes all previous security fixes for SQL Server 2022 RTM, plus it includes the new security fixes detailed in the KB Article. Security Bulletins: CVE-2026-40370 - Security Update Guide - Microsoft - SQL Server Remote Code Execution Vulnerability Security Update of SQL Server 2022 RTM GDR KB Article: KB5091158 Microsoft Download Center: https://www.microsoft.com/download/details.aspx?familyid=9edbb614-c56a-4c5a-b4dc-157d4036f44c Microsoft Update Catalog: https://www.catalog.update.microsoft.com/Search.aspx?q=5091158 Latest Updates for Microsoft SQL Server: https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updatesSecurity Update for SQL Server 2022 RTM CU24
The Security Update for SQL Server 2022 RTM CU24 is now available for download at the Microsoft Download Center and Microsoft Update Catalog sites. This package cumulatively includes all previous security fixes for SQL Server 2022 RTM CUs, plus it includes the new security fixes detailed in the KB Article. Security Bulletins: CVE-2026-40370 - Security Update Guide - Microsoft - SQL Server Remote Code Execution Vulnerability Security Update of SQL Server 2022 RTM CU24 KB Article: KB5089900 Microsoft Download Center: https://www.microsoft.com/download/details.aspx?familyid=34ec989d-5c02-41b7-99ec-f2c35c7a4cdf Microsoft Update Catalog: https://www.catalog.update.microsoft.com/Search.aspx?q=5089900 Latest Updates for Microsoft SQL Server: https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updatesAnnouncing the release of Microsoft OLE DB Driver 19.4.2 for SQL Server
We're pleased to announce the general availability (GA) release of Microsoft OLE DB Driver 19.4.2 for SQL Server. This is a maintenance update to the 19.4 line that improves TLS handling, raises a long-standing connection redirection limit, refreshes the bundled authentication library, and fixes accessibility issues in the UDL dialog. Download x64 / Arm64 installer x86 installer The 64-bit MSI continues to install the appropriate binary (x64 or Arm64) automatically based on the OS platform. MSOLEDBSQL 19 installs side by side with MSOLEDBSQL 18. Prerequisite: the Microsoft Visual C++ Redistributable must be installed before running the driver installer. What's new in 19.4.2 Features added Feature Details SSL/TLS improvements Improved SSL/TLS handling for better security and performance. 10 redirects per connection The driver no longer caps connection redirections at 2, which removes a long-standing failure mode for workloads that hit redirection-heavy topologies (for example, certain Azure SQL routing scenarios). Bugs fixed Fix Details UDL accessibility defects Fixed accessibility issues in the Universal Data Link (UDL) dialog. Updated authentication library Microsoft SQL Driver Authentication library (mssql-auth.dll) updated to version 1.1.3. mssql-auth.dll is the ADAL replacement introduced in 19.4.1 and is installed as part of the driver setup. Supported languages 19.4.2 is available in: Chinese (Simplified), Chinese (Traditional), Czech, English (United States), French, German, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Russian, Spanish, and Turkish. Direct per-language download links are available in the Release notes and the Download page. Upgrading If you're on 19.4.1 or earlier in the 19.x line, an in-place upgrade is supported. As always, we recommend validating in a non-production environment first, especially if your application depends on the redirection or TLS behaviors touched in this release. Feedback Please file issues and feature requests on the Microsoft OLE DB Driver for SQL Server feedback site or via your usual support channel. Thanks to everyone who reported the UDL accessibility and redirection-limit issues that drove this release.Cumulative Update #25 for SQL Server 2022 RTM
The 25th cumulative update release for SQL Server 2022 RTM is now available for download at the Microsoft Downloads site. Please note that registration is no longer required to download Cumulative updates. To learn more about the release or servicing model, please visit: CU25 KB Article: https://learn.microsoft.com/troubleshoot/sql/releases/sqlserver-2022/cumulativeupdate25 Starting with SQL Server 2017, we adopted a new modern servicing model. Please refer to our blog for more details on Modern Servicing Model for SQL Server Microsoft® SQL Server® 2022 RTM Latest Cumulative Update: https://www.microsoft.com/download/details.aspx?familyid=105013 Update Center for Microsoft SQL Server: https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updatesMicrosoft ODBC Driver 17.11.1 for SQL Server Released
We are pleased to announce the general availability of Microsoft ODBC Driver 17.11.1 for SQL Server, released on April 30, 2026. This servicing update delivers important bug fixes and expands Linux platform support. Key Highlights Stability and correctness fixes for parameter array processing, including accurate updates to SQL_ATTR_PARAMS_PROCESSED_PTR and improved row counting when SQL_PARAM_IGNORE is used in parameter arrays. Fixed a connection error that could occur when processing Data Classification metadata in ODBC asynchronous mode. Updated RPM packaging rules to allow installation of multiple driver versions side by side. Corrected XA recovery to ensure proper computation of transaction IDs and recovery of missing transactions. Debian package installation now honors license acceptance for successful completion. New Platform Support Platform Versions macOS 14, 15, 26 Debian 13 Red Hat Enterprise Linux 10 Oracle Linux 9, 10 SUSE Linux Enterprise Server 16 Ubuntu 24.04, 25.10 Alpine Linux 3.21, 3.22, 3.23 Download The driver is available for download from the Microsoft ODBC Driver for SQL Server documentation page. Linux Installation Install or update using your distribution's package manager: Debian/Ubuntu: sudo apt-get update sudo apt-get install msodbcsql17 Red Hat/Oracle Linux: sudo yum install msodbcsql17 SUSE: sudo zypper install msodbcsql17 Alpine: sudo apk add msodbcsql17 Feedback We welcome your feedback. Please report issues on the SQL Server feedback site or open an issue on the ODBC Driver GitHub repository.go-mssqldb v1.10.0: Better Reliability, Developer Experience, and Standards Compliance
We're excited to announce the release of go-mssqldb v1.10.0, the official Microsoft Go driver for SQL Server and Azure SQL Database. This release brings significant reliability improvements, better standards compliance, and a smoother developer onboarding experience. Highlights Detect Server-Aborted Transactions (XACT_ABORT) One of the most impactful fixes in this release addresses a subtle but dangerous bug: when SQL Server aborts a transaction due to XACT_ABORT ON, the driver now correctly detects this state. Previously, a silently aborted transaction could lead to subsequent statements being auto-committed outside the intended transaction boundary, potentially causing data integrity issues. The driver now returns a clear error when you attempt to use a connection whose transaction was server-aborted. (#370) Implement driver.DriverContext Interface The driver now implements Go's driver.DriverContext interface, enabling sql.OpenDB-style usage and better integration with connection pool configuration via sql.DB.SetConnMaxLifetime, SetMaxOpenConns, etc. This brings the driver in line with modern Go database/sql conventions. (#365) Surface Errors from Rows.Close() Previously, server errors that occurred during the token drain phase of Rows.Close() were silently swallowed. Now these errors are properly surfaced to callers, making it much easier to diagnose issues like permission errors or constraint violations that manifest during result set cleanup. (#361) Nullable Civil Types for Date/Time Parameters New nullable types (civil.NullDate, civil.NullTime, civil.NullDateTime) allow you to pass nullable date/time parameters without resorting to *time.Time or raw interface{} values. These integrate cleanly with the database/sql scanner and valuer interfaces. (#325) DevContainer for Instant Development Getting started with go-mssqldb development is now as simple as opening the repo in VS Code or GitHub Codespaces. The new devcontainer configuration includes a SQL Server instance, pre-configured environment variables, and all required tooling. (#317) All Changes Features Add devcontainer for VS Code and GitHub Codespaces (#317) Add FailoverPartnerSPN connection string parameter (#327) Add NewConnectorWithProcessQueryText for mssql driver compatibility (#341) Add nullable civil types for date/time parameters (#325) Bug Fixes Allow named pipe protocol support for ARM64 Windows (#232) Detect server-aborted transactions to prevent silent auto-commit with XACT_ABORT (#370) Expose TrustServerCertificate in msdsn.Config and URL round-trip (#312) Handle COLINFO and TABNAME TDS tokens returned by tables with triggers (#343) Implement driver.DriverContext interface (#365) Make readCancelConfirmation respect context cancellation (#359) Return interface{} scanType for sql_variant instead of nil (#362) Sanitize credentials from connection string parsing errors (#319) Surface server errors from Rows.Close() during token drain (#361) Upgrade go get github.com/microsoft/go-mssqldb@v1.10.0 This release requires Go 1.21+ and is fully compatible with SQL Server 2012 through 2022 and Azure SQL Database. Contributing We welcome contributions! The new devcontainer makes it easier than ever to get started. Open the repo in VS Code, reopen in the container, and you'll have a full development environment with SQL Server ready to go. GitHub Repository Documentation Report IssuesAnnouncing Microsoft.Data.SqlClient 6.1.5
We are pleased to announce the release of Microsoft.Data.SqlClient 6.1.5, the latest servicing update to the 6.1 line. This update focuses on connection performance, error propagation, and vector type metadata correctness. Install or update from NuGet: dotnet add package Microsoft.Data.SqlClient --version 6.1.5 Full release notes: 6.1.5 Release Notes What's in this release Faster connection opens for non-integrated authentication on native SNI A regression caused SPN (Service Principal Name) generation to run for non-integrated authentication modes, such as SQL authentication, on the native SNI path. That triggered unnecessary DNS lookups and could significantly slow down connection opens. This fix restores the expected behavior for affected .NET applications on Windows. (#3523, #3946) ExecuteScalar now propagates post-row server errors ExecuteScalar could previously hide errors when SQL Server returned row data followed by an error token. In those cases, errors such as conversion failures during WHERE clause evaluation were consumed during SqlDataReader.Close() instead of being thrown to the caller, which could leave transactions unexpectedly zombied. This fix ensures the error is surfaced correctly to application code. (#3736, #3947) Correct metadata type for vector float32 columns SqlDataReader.GetFieldType() and GetProviderSpecificFieldType() now return the correct type, SqlVector<float>, for vector float32 columns. Previously these APIs returned metadata that did not match the type-resolution behavior used by GetValue(). (#4104, #4151) Getting started If you are new to Microsoft.Data.SqlClient, check out the introduction documentation. For users of System.Data.SqlClient, please move migrate to Microsoft.Data.SqlClient now. See the porting cheat sheet. If you encounter any issues, please report them on the GitHub repository.Announcing Microsoft Drivers 5.13.1 for PHP for SQL Server
Announcing Microsoft Drivers 5.13.1 for PHP for SQL Server We have released Microsoft Drivers 5.13.1 for PHP for SQL Server (sqlsrv and pdo_sqlsrv). This patch release addresses several important bug fixes, including a security fix for access token handling in pooled connections and multiple stability improvements. Bug Fixes Access token identity leaking across pooled connections When using access token authentication with connection pooling, connections with different tokens could share the same pool entry, causing identity cross-contamination and use-after-free. This release properly incorporates the access token into the connection pool key, ensuring connections are only reused when the token matches. (#1592, fixes #1396) Prepared statement silently failing on insert A prepared INSERT statement could silently fail when triggers or SET NOCOUNT OFF produce extra result sets, causing an implicit transaction rollback with MARS enabled. The driver now correctly handles this scenario. (#1590) Fatal error re-executing prepared statements with varying result sets Re-executing a prepared statement that returns multiple result sets with different column layouts could cause a fatal error. Metadata entries are now properly freed, and the internal vector is cleared between executions. (#1596) sqlsrv_errors() returning null after failed connection When a connection attempt failed and ODBC provided no diagnostic records, sqlsrv_errors() would return null instead of surfacing the error. Connection failures now consistently report the underlying error. (#1595) Stream becoming invalid when statement goes out of scope A binary stream could become invalid when the originating statement went out of scope, leading to undefined behavior or crashes. The driver now properly invalidates streams when their parent statement is destroyed. (#1598, fixes #1443) Installation PECL (Linux/macOS) sudo pecl install sqlsrv sudo pecl install pdo_sqlsrv Windows Download the prebuilt binaries from the GitHub Releases page and follow the loading instructions. Prerequisites ODBC Driver: Microsoft ODBC Driver 17 or 18 for SQL Server PHP: 8.3, 8.4, or 8.5 For detailed platform-specific installation steps, see the Linux and macOS installation guide. Upgrading from 5.13.0 This is a drop-in hotfix release. No API changes, no configuration changes. Update via PECL or replace the DLLs on Windows. If you are using access token authentication with connection pooling, we strongly recommend upgrading to this release. Resources GitHub Repository Official Documentation PECL sqlsrv PECL pdo_sqlsrv Release Notes (CHANGELOG) Report Issues Feedback We welcome your feedback and contributions. Please file issues, feature requests and pull requests on our GitHub Issues page.Announcing Microsoft.Data.SqlClient 7.0.1
We are pleased to announce the release of Microsoft.Data.SqlClient 7.0.1, the first servicing update to the 7.0 line. This patch addresses several compatibility fixes reported by the community after the 7.0.0 GA release. Install or update from NuGet: dotnet add package Microsoft.Data.SqlClient --version 7.0.1 Full release notes: 7.0.1 Release Notes What's in this release SqlBulkCopy fixes for SQL Server 2016 and Azure Synapse Two separate issues affected SqlBulkCopy on older or specialized SQL Server engines: SQL Server 2016 compatibility -- SqlBulkCopy operations failed with Invalid column name 'graph_type' because the column metadata query referenced a column introduced in SQL Server 2017. The query now uses dynamic SQL so the graph_type reference is not compiled on versions that lack the column. (#3714) Azure Synapse dedicated SQL pools -- The column-list query used a variable-assignment pattern that Synapse does not support. The driver now detects Synapse (engine edition 6) and uses STRING_AGG instead, while preserving the variable-assignment fallback for SQL Server 2016 compatibility. (#4149) Vector column type metadata SqlDataReader.GetFieldType() and GetProviderSpecificFieldType() previously returned typeof(byte[]) for vector float32 columns instead of typeof(SqlVector<float>). These methods now follow the same type-determination logic as GetValue(), returning the correct vector type. (#4104) Missing System.Data.Common dependency on .NET Framework The inbox System.Data.Common assembly on .NET Framework predates APIs such as IDbColumnSchemaGenerator. Without the NuGet package dependency, consumers hit CS0012 compilation errors when using these types through Microsoft.Data.SqlClient. The package now explicitly depends on System.Data.Common v4.3.0 for .NET Framework targets. (#4063) User Agent TDS extension enabled unconditionally The Switch.Microsoft.Data.SqlClient.EnableUserAgent AppContext switch has been removed. The driver now always sends User Agent information during login. (#4124) Type forwards for extracted Azure authentication types Type forwards have been added from the core Microsoft.Data.SqlClient assembly to public types that moved to the Microsoft.Data.SqlClient.Extensions.Abstractions package in 7.0.0: SqlAuthenticationMethod, SqlAuthenticationParameters, SqlAuthenticationProvider, SqlAuthenticationProviderException, and SqlAuthenticationToken. This ensures binary compatibility for assemblies compiled against earlier versions of Microsoft.Data.SqlClient. (#4067) Community contributions Both of the SqlBulkCopy fixes in this release were driven by community contributor edwardneal: SQL Server 2016 fix -- Edward authored the original PR (#3719) that rewrote the column metadata query to use dynamic SQL, preventing the graph_type column reference from being compiled on servers that lack it. The fix was recreated on an internal branch (#4092) to enable CI pipeline testing against SQL Server 2016 and 2017. Azure Synapse fix -- Edward identified and fixed (#4176) the incompatibility with Azure Synapse dedicated SQL pools, where the variable-assignment concatenation pattern used to build the column list is not supported. His fix detects Synapse via SERVERPROPERTY('EngineEdition') and switches to STRING_AGG, while preserving the variable-assignment fallback for SQL Server 2016. He manually validated the fix against SQL Server 2016, SQL Server 2025, and an Azure Synapse dedicated SQL pool. We are grateful for Edward's continued contributions to SqlClient. Community involvement like this directly improves the experience for all SqlClient users. Getting started If you are new to Microsoft.Data.SqlClient, check out the documentation. For users of System.Data.SqlClient, see the porting cheat sheet. If you encounter any issues, please report them on the GitHub repository.