Progress DataDirect for ODBC for Greenplum Wire Protocol Driver

    An asterisk (*) indicates support that was added in a hotfix or software patch subsequent to a release.

    Refer to the following resources for additional information:

    • Product Compatibility Guide: Provides the latest data source and platform support information. 
    • Fixes: Describes the issues resolved since general availability.  

    Version 8.0.2

    Enhancements
    • The driver has been enhanced to support the TLSv1.3 cryptographic protocol for TLS encryption. You can configure the cryptographic protocols used by the driver with the Crypto Protocol Version (CryptoProtocolVersion) option.
    • For Windows platforms, the ICU library files that are installed with the product have been upgraded to version 74.1. In addition, the ICU library file names have changed for Windows platforms:
      • For the 32-bit driver: From ivicu28.dll to ivicu.dll
      • For the 64-bit driver: From ddicu28.dll to ddicu.dll
      This upgrade is available starting in build 08.02.1072 of the ICU library files.
    • For AIX platforms, the ICU library files that are installed with the product have been upgraded to version 74.1. In addition, the ICU library file names have changed for AIX platforms:
      • For the 32-bit driver: From libivicu28.a to libivicu.a
      • For the 64-bit driver: From libddicu28.a to libddicu.a
      This upgrade is available starting in build 08.02.1072 of the ICU library files.
    • For Linux platforms, the ICU library files that are installed with the product have been upgraded to version 74.1. In addition, the ICU library file names have changed for Linux platforms:
      • For the 32-bit driver: From libivicu27.so to libivicu.so
      • For the 64-bit driver: From libddicu27.so to libddicu.so
      This upgrade is available starting in build 08.02.0965 of the ICU library files.
    • A Password Encryption Tool, called ddencpwd, is now included with the product package. It encrypts passwords for secure handling in connection strings and odbc.ini files. At connection, the driver decrypts these passwords and passes them to the data source as required. See Password Encryption Tool (UNIX/Linux only) for details.
    • The driver has been enhanced to support connecting to a proxy server through an HTTP connection. HTTP proxy support is configurable with five new connection options: Proxy Host (ProxyHost), Proxy Mode (ProxyMode), Proxy Password (ProxyPassword), Proxy Port (ProxyPort), and Proxy User (ProxyUser). Refer to the user's guide for details.
    • The default version of the OpenSSL library has been upgraded to version 3.0.9, which fixes the security vulnerabilities listed on the following page: https://www.openssl.org/news/vulnerabilities-3.0.html.

      Notes:

      • The driver supports the following OpenSSL 3.0 providers: Default and FIPS.
      • The FIPS provider is supported only on the following platforms: Windows 64-bit, Linux 64-bit, and AIX 64-bit.
      • When installing a new version of the product, the installer program will automatically replace the OpenSSL 1.1.1 library files with the OpenSSL 3.0 library files in the install directory, which will impact all the DataDirect ODBC drivers installed on a machine. Therefore:
        • If you are using multiple 8.0 drivers, upgrade all your drivers to the latest version.
        • If you are using both 8.0 and 7.1 versions of the driver, copy the xxtls27.dll/libxxtls27.so[.sl] file to a different location before installing a new version of the 8.0 driver. Copy it back to the install directory once the installation is complete.

      Refer TLS/SSL Server Authentication and TLS/SSL Client Authentication for details. 

    • The driver has been enhanced to support TLS/SSL server authentication for the applications deployed in a server-less environment. The driver stores the TLS/SSL certificates in memory and lets applications use TLS/SSL server authentication without storing the truststore file on the disk. To use this enhancement, specify the content of the certificate in the updated Trust Store (Truststore) connection option or the new SQL_COPT_INMEMORY_TRUSTSTORECERT pre-connection attribute.
    • The driver has been enhanced to support the following data types: Citext, Float, and Tinyint. Refer to Data Types for details.*
    • The Driver Manager for UNIX/Linux has been enhanced to support setting the Unicode encoding type for applications on a per connection basis. By passing a value for the SQL_ATTR_APP_UNICODE_TYPE attribute using SQLSetConnectAttr, your application can specify the encoding at connection. This allows your application to pass both UTF-8 and UTF-16 encoded strings with a single environment handle.*
      The valid values for the SQL_ATTR_APP_UNICODE_TYPE attribute are SQL_DD_CP_UTF8 and SQL_DD_CP_UTF16. The default value is SQL_DD_CP_UTF8.
    • A Power BI connector is now included with the product package. You can use this connector to access your Greenplum data with Power BI. Refer to Accessing Greenplum data with Power BI for details.*
    Changed Behavior
    • The TLSv1.1 and TLSv1.0 cryptographic protocols are now disabled by default and have been removed as selectable values for the Crypto Protocol Version (CryptoProtocolVersion) option on the Setup dialog. These protocols are no longer considered secure and, therefore, are no longer recommended for use. However, the driver still supports TLSv1.1 and TLSv1.0 for legacy servers that do not support more secure protocols.
    • The HP-UX PA-RISC platform is no longer supported.
    • The default value for the Batch Mechanism (BatchMechanism) connection option has been changed to 3 (Copy).
    • The default values for the Unbounded Numeric Precision (UnboundedNumericPrecision) and Unbounded Numeric Scale (UnboundedNumericScale) options have been changed to -1.

    Version 7.1.6

    Enhancements
    • The Driver Manager has been upgraded to version 8.0. The purpose of this upgrade is to have all DataDirect for ODBC drivers use the latest version of the Driver Manager, which allows for faster security updates and a consistent user experience. Note that the Driver Manager is backward compatible. As part of this upgrade:*
      • The following ICU library files have been added to the product package:
        • For UNIX: libivicu28.so (32-bit) and libddicu28.so (64-bit)
        • For Linux: libivicu.so (32-bit) and libddicu.so (64-bit)
      • The trace library file names have been changed for both UNIX and Linux:
        • 32-bit: From ivtrc27.so to ivtrc28.so
        • 64-bit: From ddtrc27.so to ddtrc28.so
      Note 1: libivicu27.so (32-bit) and libddicu27.so (64-bit) will continue to be included in the product package to support driver functionality.
      Note 2: The Driver Manager build included with the product is 08.02.1997 (U1987).
    • For Windows platforms, the trace library file names have been changed from ivtrc27.dll to ivtrc28.dll (32-bit) and from ddtrc27.dll to ddtrc28.dll (64-bit) to have the same file names across all platforms. This change allows for faster release of security updates and a more consistent user experience.*
      Note: To support the trace library file name change, the following ICU library files have been added to the product package: ivicu28.dll (32-bit) and ddicu28.dll (64-bit).
    • The driver has been enhanced with the new Batch Mechanism (BatchMechanism) connection option, which specifies the preferred mechanism for executing batch insert operations. By setting Batch Mechanism to 2 (MultiRowInsert) or 3 (Copy), the driver can achieve substantial performance gains when performing batch inserts. The default setting is BatchMechanism=1 (SingleRowInsert). Refer to Batch Mechanism for details.
    • OpenSSL library 1.1.1l has been replaced with version 3.0.9. In addition to fixing multiple new vulnerabilities, version 3.0.9 also addresses the vulnerabilities resolved by version 1.1.1l:*
      • SM2 Decryption Buffer Overflow (CVE-2021-3711)
      • Read buffer overruns processing ASN.1 strings (CVE-2021-3712)

      Version 1.1.1l also addresses vulnerabilities resolved by earlier versions of the library. For more information on the installed library files, refer to the readme.
      For more information on the OpenSSL vulnerabilities resolved by this upgrade, refer to the corresponding OpenSSL announcements at https://www.openssl.org/news/vulnerabilities-1.1.1.html.

    • OpenSSL library 1.1.1k has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1k:* 
      • CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
      • NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
      • Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
      • Integer overflow in CipherUpdate (CVE-2021-23840) 
    • OpenSSL library 1.1.1i has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerability resolved by version 1.1.1i: Incorrect behavior of the GENERAL_NAME_cmp function (CVE-2020-1971).*
    • OpenSSL library 1.1.1g has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1g:*
      • Segmentation fault in SSL_check_chain (CVE-2020-1967)
      • rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)  
    • The drivers using base version B0649 and later have been enhanced to include timestamp in the internal packet logs by default. If you want to disable the timestamp logging in packet logs, set PacketLoggingOptions=1. The internal packet logging is not enabled by default. To enable it, set EnablePacketLogging=1.*
    • OpenSSL library 1.0.2r has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2r.*
      Version 1.0.2u of the OpenSSL library fixes the following security vulnerabilities:
      • x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1563)
      • Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
      • Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547)
      • Installation paths in diverse Windows builds (CVE-2019-1552)

      Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2.

    • The default OpenSSL library version has been updated to 1.1.1d.*
    • The default OpenSSL library version has been updated to 1.0.2r.*
    • The default OpenSSL library version has been updated to 1.0.2n.*
    • The default OpenSSL library version has been updated to 1.0.2k.*
    • The default OpenSSL library version has been updated to 1.0.2j.* .
    • The default OpenSSL library version has been updated to 1.0.2h.* 
    • The default OpenSSL library version has been updated to 1.0.2g.*
    • The default OpenSSL library version has been updated to 1.0.2f.
    • The new CryptoLibName and SSLLibName connection options allow you to designate the OpenSSL libraries used when SSL is enabled. Refer to CryptoLibName and SSLLibName for details.
    • The driver has been enhanced to support Kerberos Authentication. Refer to Kerberos Authentication for details.
    Changed Behavior
    • The product package no longer includes the ODBC Cursor library file (odbccurs.so) because it has some known security vulnerabilities that could potentially expose you to security risks.*
      Note: The installer program cannot remove the ODBC Cursor library file automatically while installing a new version of the driver. Remove it manually.
    • The product no longer includes version 1.1.1 of the OpenSSL library. The library will reach the end of its product life cycle in September 2023 and will not receive any security updates after that. Note that continuing to use the library after September 2023 can potentially expose you to security vulnerabilities.*

      Note: As a result of this change, when installing a new version of the product, the installer program will automatically remove version 1.1.1 of the library from the install directory, which will impact all the DataDirect ODBC drivers installed on a machine.

    • The product no longer includes version 1.0.2 of the OpenSSL library. The library has reached the end of its product life cycle and is not receiving security updates anymore. Note that continuing to use the library could potentially expose you to security vulnerabilities.*
      Note: As a result of this change, when installing a new version of the driver, the installer program will automatically remove version 1.0.2 of the library from the install directory.
      • The Allowed OpenSSL Versions (AllowedOpenSSLVersions) connection option has been deprecated as the driver currently supports only version 3.0 of the OpenSSL library.
      • The crypto protocol versions prior to TLSv1 are no longer supported.
      • The AuthenticationMethod connection option has been refreshed with a new valid value for enabling Kerberos Authentication. To use Kerberos authentication with the driver, set AuthenticationMethod=4. Refer to Authentication Method for details.

      Version 7.1.5

      Enhancements
      • The OpenSSL library was upgraded to version 1.0.0r, which fixes the
        CVE‐2015‐0204 (FREAK) vulnerability. See "RSA silently downgrades
        to EXPORT_RSA [Client] (CVE‐2015‐0204)" at
        https://www.openssl.org/news/secadv_20150108.txt for more
        information.
      • The new Crypto Protocol Version connection option allows you to specify
        the cryptographic protocols used when SSL is enabled. This option can be
        used to avoid vulnerabilities associated with SSLv3 and SSLv2, including
        the POODLE vulnerability.
      • The new Unbounded Numeric Precision connection option allows you to
        define the precision for unbounded NUMERIC columns when described
        within the column, parameter, result set, or table metadata.
      • The new Unbounded Numeric Scale connection option allows you to
        define the scale for unbounded NUMERIC columns described within
        the column, parameter, result set, or table metadata.

      Version 7.1.4

      Enhancements
      • The new KeepAlive connection option allows you to use TCP Keep Alive to maintain idle TCP connections.

      Version 7.1.3

      Enhancements 
      • Support for SSL data encryption. 

      Version 7.1.2

      No features introduced 

      Version 7.1.1

      No features introduced 

      Version 7.1.0

      No features introduced 

    Connect any application to any data source anywhere

    Explore all DataDirect Connectors

    A product specialist will be glad to get in touch with you

    Contact Us