JDBC Driver release notes for 2026

This article contains the release notes for the JDBC Driver, including the following when applicable:

  • Behavior changes
  • New features
  • Customer-facing bug fixes

Snowflake uses semantic versioning for JDBC Driver updates.

See JDBC Driver for documentation.

Version 4.2.0 (May 06, 2026)

New features and updates

  • Added support for attaching the SPCS service-identifier token (SPCS_TOKEN) to login requests when running inside an SPCS container.
  • Extended SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION to bypass permission checks on connections.toml and the credential cache file, unblocking SPCS environments where strict 0600/0700 ownership can’t be guaranteed.
  • Added IPv6 support for cloud metadata services so Workload Identity Federation and platform detection work on IPv6-only instances.
  • Added the enableCopyResultSet connection property to expose the COPY INTO per-file metadata result set via getResultSet().
  • Added the workloadIdentityAwsExternalId connection property to support AWS STS external ID in Workload Identity Federation role-chaining flows.
  • Updated BouncyCastle to 1.84 to address CVE-2026-0636 (https://nvd.nist.gov/vuln/detail/CVE-2026-0636), CVE-2026-5588 (https://nvd.nist.gov/vuln/detail/CVE-2026-5588), and CVE-2026-5598 (https://nvd.nist.gov/vuln/detail/CVE-2026-5598).
  • Updated grpc-java to 1.81.1 and Netty to 4.1.133.Final to address several CVEs.

Bug fixes

  • Fixed connections.toml auto-configuration to default to port 443 instead of 80, and to no longer ignore configuration from the JDBC connection string when auto-configuration values are also present.
  • Fixed the protocol field in connections.toml being ignored, which caused connections to always use HTTPS.
  • Fixed a NullPointerException during file transfer (for example, PUT) caused by a missing URI scheme on endpointOverride.
  • Fixed a NullPointerException in OCSP revocation checks when the cache contained a non-successful response, so cache eviction and fail-open behavior now run correctly.
  • Fixed a NullPointerException in HTTP error telemetry when the session URL was not yet set, so the original HTTP error is now surfaced to the caller.
  • Fixed a SecurityException on the credential cache file ownership check in containers where the JVM returns ? for user.name.
  • Fixed credential cache delete operations ignoring the clientStoreTemporaryCredential=false setting.
  • Fixed an S3 transfer thread pool leak during repeated PUT/GET operations that could cause OOM.

Version 4.1.0 (Apr 08, 2026)

New features and updates

  • Added warning when using plain HTTP endpoints for OAuth authentication.
  • Added getRole, getWarehouse, and getDatabase API extension methods.
  • Removed the io.netty.tryReflectionSetAccessible system property setting, as it is no longer needed with modern Arrow/Netty versions.

Bug fixes

  • Fixed ObjectMapper initialization when DATE_OUTPUT_FORMAT is specified.
  • Fixed Netty native library conflict in thin JAR packaging.
  • Bumped Netty to 4.1.132.Final to address CVE-2026-33870 (https://nvd.nist.gov/vuln/detail/CVE-2026-33870) and CVE-2026-33871 (https://nvd.nist.gov/vuln/detail/CVE-2026-33871).
  • Fixed driver failure when a security manager prohibits access to system properties, environment variables, or security provider modifications.
  • Fixed crash in getColumns when a table contained an unrecognized column type.
  • Fixed session expiration when multiple sessions have different heartbeat intervals.
  • Fixed query context not being merged from failed query responses.

Version 4.0.2 (Mar 12, 2026)

New features and updates

Bug fixes

  • Fixed expired session token renewal when polling results.
  • Fixed missing minicore async initialization that was dropped during public API restructuring in v4.0.0.
  • Adjusted the level of logging during driver initialization.
  • Added sanitization for nonProxyHosts regex patterns.
  • Fixed a bug with a malformed file during S3 upload.
  • Added periodic closure of sockets closed by the remote end.
  • Restored the S3 client’s multipart threshold to 16 MB.
  • Fixed the fat jar with S3 iteration where the software.amazon.awssdk.transfer.s3.internal.ApplyUserAgentInterceptor class could not be found.
  • Removed Conscrypt from shading to prevent a failed to find class org/conscrypt/CryptoUpcalls native error.
  • Fixed a NullPointerException when the HOME directory cache is not available.
  • Fixed proxy authentication when connecting to GCP.
  • Fixed a bug where a caller-provided schema was ignored in getStreams().
  • Fixed S3 error handling that manifested with a NullPointerException.

Version 4.0.1 (Feb 09, 2026)

New features and updates

  • None.

Bug fixes

  • Fixed incorrect encryption algorithm selection when uploading a file to S3 with the client_encryption_key_size account parameter set to 256.
  • Fixed a software.amazon.awssdk.transfer.s3.internal.ApplyUserAgentInterceptor class could not be found issue in the fat jar.
  • Removed Conscrypt from shading to prevent a native error when the org/conscrypt/CryptoUpcalls class could not be found.
  • Fixed external browser authentication after an enum name change that caused an “Invalid connection URL: Invalid SSOUrl found” error.
  • Rolled back the external browser authenticator name to externalbrowser.
  • Updated BouncyCastle dependencies to address CVE-2025-8916 (https://nvd.nist.gov/vuln/detail/CVE-2025-8916) and CVE-2025-8885 (https://nvd.nist.gov/vuln/detail/CVE-2025-8885).

Version 4.0.0 (Jan 27, 2026)

Important

Due to some underlying issues, Snowflake recommends that AWS and Azure customers do not upgrade to this version if you use PUT or GET queries. Instead, Snowflake recommends that you upgrade directly to version 4.0.1. If you have already upgraded to this version, please upgrade to version 4.0.1 as soon as possible.

BCR (Behavior Change Release) changes

  • The public API was restructured, and all public APIs were moved to the net.snowflake.client.api.* package hierarchy:

    • Deprecated net.snowflake.client.jdbc.SnowflakeDriver. You should now use net.snowflake.client.api.driver.SnowflakeDriver instead.
    • Added a unified QueryStatus class in public API that replaces the deprecated QueryStatus enum and QueryStatusV2 class.
    • Added new DownloadStreamConfig and UploadStreamConfig public API interfaces for stream upload/download configuration.
    • Added SnowflakeDatabaseMetaData interface to public API for database metadata operations.
    • Added SnowflakeAsyncResultSet interface to public API for async query operations.
    • Added SnowflakeResultSetSerializable interface to public API.
    • Moved internal classes to net.snowflake.client.internal.* package hierarchy.

    For more information, see Migrating from JDBC Driver 3.x to JDBC Driver 4.x.

  • Renamed BouncyCastle JVM property from net.snowflake.jdbc.enableBouncyCastle to net.snowflake.jdbc.useBundledBouncyCastleForPrivateKeyDecryption.

  • Removed previously deprecated classes and methods:

    • Removed the deprecated com.snowflake.client.jdbc.SnowflakeDriver class.
    • Removed the deprecated QueryStatus enum from the net.snowflake.client.core package.
    • Removed the deprecated QueryStatusV2 class from the net.snowflake.client.jdbc package.
    • Removed the deprecated SnowflakeType enum from the net.snowflake.client.jdbc package.

New features and updates

  • Migrated from AWS SDK v1 to AWS SDK v2 for improved performance and modern API support.
  • Upgraded Azure Storage SDK from version 5 to version 12.
  • Upgraded nimbus-jose-jwt OAuth2 dependency to version 11.30.1.
  • Bumped netty to version 4.1.130.Final to address CVE-2025-67735 (https://nvd.nist.gov/vuln/detail/CVE-2025-67735).

Bug fixes

  • Fixed the column_size value in database metadata commands to match the JDBC specification.
  • Fixed a NullPointerException when in-band telemetry is sent without an HTTP response.