4.0.0

• v4.0.0(October 09,2025)
  • Added support for checking certificates revocation using revocation lists (CRLs)
  • Added CERT_REVOCATION_CHECK_MODE to CLIENT_ENVIRONMENT
  • Added the workload_identity_impersonation_path parameter to support service account impersonation for Workload Identity Federation on GCP and AWS workloads only
  • Fixed get_results_from_sfqid when using DictCursor and executing multiple statements at once
  • Added the oauth_credentials_in_body parameter supporting an option to send the oauth client credentials in the request body
  • Fix retry behavior for ECONNRESET error
  • Added an option to exclude botocore and boto3 dependencies by setting SNOWFLAKE_NO_BOTO environment variable during installation
  • Revert changing exception type in case of token expired scenario for Oauth authenticator back to DatabaseError
  • Enhanced configuration file security checks with stricter permission validation.
    • Configuration files writable by group or others now raise a ConfigSourceError with detailed permission information, preventing potential credential tampering.
  • Fixed the return type of SnowflakeConnection.cursor(cursor_class) to match the type of cursor_class
  • Constrained the types of fetchone, fetchmany, fetchall
    • As part of this fix, DictCursor is no longer a subclass of SnowflakeCursor; use SnowflakeCursorBase as a superclass of both.
  • Fix "No AWS region was found" error if AWS region was set in AWS_DEFAULT_REGION variable instead of AWS_REGION for WORKLOAD_IDENTITY authenticator
  • Add ocsp_root_certs_dict_lock_timeout connection parameter to set the timeout (in seconds) for acquiring the lock on the OCSP root certs dictionary. Default value for this parameter is -1 which indicates no timeout.
  • Fixed behaviour of trying S3 Transfer Accelerate endpoint by default for internal stages, and always getting HTTP403 due to permissions missing on purpose. Now /accelerate is not attempted.

3.18.0

• v3.18.0(October 03,2025)
  • Added support for pandas conversion for Day-time and Year-Month Interval types

3.17.4

• v3.17.4(September 22,2025)
  • Added support for intermediate certificates as roots when they are stored in the trust store
  • Bumped up vendored urllib3 to 2.5.0 and requests to v2.32.5

3.17.3

• v3.17.3(September 02,2025)
  • Enhanced configuration file permission warning messages.
    • Improved warning messages for readable permission issues to include clear instructions on how to skip warnings using the SF_SKIP_WARNING_FOR_READ_PERMISSIONS_ON_CONFIG_FILE environment variable.
  • Fixed the bug with staging pandas dataframes on AWS - the regional endpoint is used when required
    • This addresses the issue with create_dataframe call on Snowpark

3.17.2

• v3.17.2(August 23,2025)
  • Fixed a bug where platform_detection was retrying failed requests with warnings to non-existent endpoints.
  • Added disabling endpoint-based platform detection by setting platform_detection_timeout_seconds to zero.

3.17.1

• v3.17.1(August 17,2025)
  • Added infer_schema parameter to write_pandas to perform schema inference on the passed data.
  • Namespace snowlake reverted back to non-module.

3.17.0

• v3.17.0(August 16,2025)
  • Added in-band HTTP exception telemetry.
  • Added an unsafe_skip_file_permissions_check flag to skip file permission checks on the cache and configuration.
  • Added APPLICATION_PATH within CLIENT_ENVIRONMENT to distinguish between multiple scripts using the Python Connector in the same environment.
  • Added basic JSON support for Interval types.
  • Added in-band OCSP exception telemetry.
  • Added support for new authentication methods with Workload Identity Federation (WIF).
    • Added the WORKLOAD_IDENTITY value for the authenticator type.
    • Added the workload_identity_provider and workload_identity_entra_resource parameters.
  • Added support for the use_vectorized_scanner parameter in the write_pandas function.
  • Added support of proxy setup using connection parameters without emitting environment variables.
  • Added populating of type_code in ResultMetadata for interval types.
  • Introduced the snowflake_version property to the connection.
  • Moved OAUTH_TYPE to CLIENT_ENVIROMENT.
  • Relaxed the pyarrow version constrain; versions >= 19 can now be used.
  • Disabled token caching for OAuth Client Credentials authentication.
  • Fixed OAuth authenticator values.
  • Fixed a bug where a PAT with an external session authenticator was used while external_session_id was not provided in SnowflakeRestful.fetch.
  • Fixed the case-sensitivity of Oauth and programmatic_access_token authenticator values.
  • Fixed unclear error messages for incorrect authenticator values.
  • Fixed GCS staging by ensuring the endpoint has a scheme.
  • Fixed a bug where time-zoned timestamps fetched as a pandas.DataFrame or pyarrow.Table would overflow due to unnecessary precision. A clear error will now be raised if an overflow cannot be prevented.

3.16.0

• v3.16.0(July 04,2025)
  • Bumped numpy dependency from <2.1.0 to <=2.2.4.
  • Added Windows support for Python 3.13.
  • Added bulk_upload_chunks parameter to write_pandas function. Setting this parameter to True changes the behaviour of write_pandas function to first write all the data chunks to the local disk and then perform the wildcard upload of the chunks folder to the stage. In default behaviour the chunks are being saved, uploaded and deleted one by one.
  • Added support for new authentication mechanism PAT with external session ID.
  • Added client_fetch_use_mp parameter that enables multiprocessed fetching of result batches.
  • Added basic arrow support for Interval types.
  • Fixed write_pandas special characters usage in the location name.
  • Fixed usage of use_virtual_url when building the location for gcs storage client.
  • Added support for Snowflake OAuth for local applications.

3.15.0

• v3.15.0(Apr 29,2025)
  • Bumped up min boto and botocore version to 1.24.
  • OCSP: terminate certificates chain traversal if a trusted certificate already reached.
  • Added new authentication methods support for programmatic access tokens (PATs), OAuth 2.0 Authorization Code Flow, OAuth 2.0 Client Credentials Flow, and OAuth Token caching.
    • For OAuth 2.0 Authorization Code Flow:
      • Added the oauth_client_id, oauth_client_secret, oauth_authorization_url, oauth_token_request_url, oauth_redirect_uri, oauth_scope, oauth_disable_pkce, oauth_enable_refresh_tokens and oauth_enable_single_use_refresh_tokens parameters.
      • Added the OAUTH_AUTHORIZATION_CODE value for the parameter authenticator.
    • For OAuth 2.0 Client Credentials Flow:
      • Added the oauth_client_id, oauth_client_secret, oauth_token_request_url, and oauth_scope parameters.
      • Added the OAUTH_CLIENT_CREDENTIALS value for the parameter authenticator.
    • For OAuth Token caching: Passing a username to driver configuration is required, and the client_store_temporary_credential property is to be set to true.

3.14.1

• v3.14.1(April 21, 2025)
  • Added support for Python 3.13.
    • NOTE: Windows 64 support is still experimental and should not yet be used for production environments.
  • Dropped support for Python 3.8.
  • Added basic decimal floating-point type support.
  • Added experimental authentication methods.
  • Added support of GCS regional endpoints.
  • Added support of GCS virtual urls. See more: https://cloud.google.com/storage/docs/request-endpoints#xml-api
  • Added client_fetch_threads experimental parameter to better utilize threads for fetching query results.
  • Added check_arrow_conversion_error_on_every_column connection property that can be set to False to restore previous behaviour in which driver will ignore errors until it occurs in the last column. This flag's purpose is to unblock workflows that may be impacted by the bugfix and will be removed in later releases.
  • Lowered log levels from info to debug for some of the messages to make the output easier to follow.
  • Allowed the connector to inherit a UUID4 generated upstream, provided in statement parameters (field: requestId), rather than automatically generate a UUID4 to use for the HTTP Request ID.
  • Improved logging in urllib3, boto3, botocore - assured data masking even after migration to the external owned library in the future.
  • Improved error message for client-side query cancellations due to timeouts.
  • Improved security and robustness for the temporary credentials cache storage.
  • Fixed a bug that caused driver to fail silently on TO_DATE arrow to python conversion when invalid date was followed by the correct one.
  • Fixed expired S3 credentials update and increment retry when expired credentials are found.
  • Deprecated insecure_mode connection property and replaced it with disable_ocsp_checks with the same behavior as the former property.