v7.4.1 HotFix Release

CHANGELOG.md

@@ -3,6 +3,20 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 
+## [7.4.1] HotFix & Stable Release
+### Fixed Issues
+- Reverted [#1025](https://github.com/Microsoft/mssql-jdbc/pull/1025) as it contains breaking changes. This removes `hashCode()` and `equals()` APIs from `SQLServerDataTable` and `SQLServerDataColumn`.
+
+## [7.4.0] Stable Release
+### Fixed Issues
+- Fixed issues reported by Static Analysis Tool - SonarQube [#1077](https://github.com/Microsoft/mssql-jdbc/pull/1077) [#1103](https://github.com/Microsoft/mssql-jdbc/pull/1103)
+- Fixed issues with array bound checking in 'useFmtOnly' implementation [#1094](https://github.com/Microsoft/mssql-jdbc/pull/1094)
+### Changed
+- Performance improvements [#1075](https://github.com/Microsoft/mssql-jdbc/pull/1075)
+- Changed NTLM Authentication implementation to not store password in plain text [#1095](https://github.com/Microsoft/mssql-jdbc/pull/1095) [#1108](https://github.com/Microsoft/mssql-jdbc/pull/1108)
+- Updated the Maven dependency of 'Java Client Runtime for AutoRest' to 1.6.10 version of the library [#1097](https://github.com/Microsoft/mssql-jdbc/pull/1097)
+- Changed NTLM Authentication error strings [#1105](https://github.com/Microsoft/mssql-jdbc/pull/1105)
+
 ## [7.3.1] Preview Release
 ### Added
 - Added support for NTLM Authentication [#998](https://github.com/Microsoft/mssql-jdbc/pull/998)

README.md

@@ -81,7 +81,7 @@ We're now on the Maven Central Repository. Add the following to your POM file to
 <dependency>
 	<groupId>com.microsoft.sqlserver</groupId>
 	<artifactId>mssql-jdbc</artifactId>
-	<version>7.2.2.jre11</version>
+	<version>7.4.1.jre12</version>
 </dependency>
 ```
 The driver can be downloaded from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?linkid=868287).
@@ -127,7 +127,7 @@ Projects that require either of the two features need to explicitly declare the
 <dependency>
 	<groupId>com.microsoft.sqlserver</groupId>
 	<artifactId>mssql-jdbc</artifactId>
-	<version>7.3.1.jre12-preview</version>
+	<version>7.4.1.jre12</version>
 	<scope>compile</scope>
 </dependency>
 
@@ -150,7 +150,7 @@ Projects that require either of the two features need to explicitly declare the
 <dependency>
 	<groupId>com.microsoft.sqlserver</groupId>
 	<artifactId>mssql-jdbc</artifactId>
-	<version>7.3.1.jre12-preview</version>
+	<version>7.4.1.jre12</version>
 	<scope>compile</scope>
 </dependency>
 
@@ -183,7 +183,7 @@ When setting 'useFmtOnly' property to 'true' for establishing a connection or cr
 <dependency>
 	<groupId>com.microsoft.sqlserver</groupId>
 	<artifactId>mssql-jdbc</artifactId>
-	<version>7.3.1.jre12-preview</version>
+	<version>7.4.1.jre12</version>
 </dependency>
 
 <dependency>
@@ -223,7 +223,7 @@ Preview releases happen approximately monthly between stable releases. This give
 You can see what is going into a future release by monitoring [Milestones](https://github.com/Microsoft/mssql-jdbc/milestones) in the repository.
 
 ### Version conventions
-Starting with 6.0, stable versions have an even minor version. For example, 6.0, 6.2, 6.4, 7.0, 7.2. Preview versions have an odd minor version. For example, 6.1, 6.3, 6.5, 7.1, 7.3, and so on
+Starting with 6.0, stable versions have an even minor version. For example, 6.0, 6.2, 6.4, 7.0, 7.2, 7.4. Preview versions have an odd minor version. For example, 6.1, 6.3, 6.5, 7.1, 7.3, and so on
 
 ## Contributors 
 Special thanks to everyone who has contributed to the project. 

build.gradle

@@ -14,7 +14,7 @@
 
 apply plugin: 'java'
 
-version = '7.3.1'
+version = '7.4.1'
 def jreVersion = ""
 def testOutputDir = file("build/classes/java/test")
 def archivesBaseName = 'mssql-jdbc'
@@ -75,7 +75,7 @@ if(hasProperty('buildProfile') && buildProfile == "jre8") {
 	}
 }
 
-jar.archiveName = "${archivesBaseName}-${version}.${jreVersion}-preview.jar"
+jar.archiveName = "${archivesBaseName}-${version}.${jreVersion}.jar"
 jar {
 	manifest {
         attributes 'Title': "Microsoft JDBC Driver ${version} for SQL Server",

pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>com.microsoft.sqlserver</groupId>
 	<artifactId>mssql-jdbc</artifactId>
-	<version>7.3.1</version>
+	<version>7.4.1</version>
 	<packaging>jar</packaging>
 
 	<name>Microsoft JDBC Driver for SQL Server</name>
@@ -57,7 +57,7 @@
 		<!-- Driver Dependencies -->
 		<azure.keyvault.version>1.2.1</azure.keyvault.version>
 		<azure.adal4j.version>1.6.4</azure.adal4j.version>
-		<rest.client.version>1.6.8</rest.client.version>
+		<rest.client.version>1.6.10</rest.client.version>
 		<osgi.core.version>6.0.0</osgi.core.version>
 		<osgi.comp.version>5.0.0</osgi.comp.version>
 		<antlr.runtime.version>4.7.2</antlr.runtime.version>
@@ -196,7 +196,7 @@
 		<profile>
 			<id>jre8</id>
 			<build>
-				<finalName>${project.artifactId}-${project.version}.jre8-preview</finalName>
+				<finalName>${project.artifactId}-${project.version}.jre8</finalName>
 				<plugins>
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
@@ -242,7 +242,7 @@
 		<profile>
 			<id>jre11</id>
 			<build>
-				<finalName>${project.artifactId}-${project.version}.jre11-preview</finalName>
+				<finalName>${project.artifactId}-${project.version}.jre11</finalName>
 				<plugins>
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
@@ -278,7 +278,7 @@
 				<activeByDefault>true</activeByDefault>
 			</activation>
 			<build>
-				<finalName>${project.artifactId}-${project.version}.jre12-preview</finalName>
+				<finalName>${project.artifactId}-${project.version}.jre12</finalName>
 				<plugins>
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>

src/main/java/com/microsoft/sqlserver/jdbc/AE.java

@@ -96,9 +96,7 @@ void add(byte[] encryptedKey, int dbId, int keyId, int keyVersion, byte[] mdVers
 
         assert null != columnEncryptionKeyValues : "columnEncryptionKeyValues should already be initialized.";
 
-        if (aeLogger.isLoggable(java.util.logging.Level.FINE)) {
-            aeLogger.fine("Retrieving CEK values");
-        }
+        aeLogger.fine("Retrieving CEK values");
 
         EncryptionKeyInfo encryptionKey = new EncryptionKeyInfo(encryptedKey, dbId, keyId, keyVersion, mdVersion,
                 keyPath, keyStoreName, algorithmName);

src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java

@@ -75,7 +75,7 @@ static boolean isDllLoaded() {
         }
 
         this.con = con;
-        dnsName = getDNSName(address);
+        dnsName = initDNSArray(address);
         port = serverport;
     }
 
@@ -126,7 +126,7 @@ void releaseClientContext() {
 
     // note we handle the failures of the GetDNSName in this function, this function will return an empty string if the
     // underlying call fails.
-    private static String getDNSName(String address) {
+    private static String initDNSArray(String address) {
         String[] dns = new String[1];
         if (GetDNSName(address, dns, authLogger) != 0) {
             // Simply initialize the DNS to address

src/main/java/com/microsoft/sqlserver/jdbc/DataTypes.java

@@ -601,7 +601,7 @@ private SetterConversionAE(JavaType from, EnumSet<JDBCType> to) {
                 setterConversionAEMap.get(conversion.from).addAll(conversion.to);
         }
 
-        static boolean converts(JavaType fromJavaType, JDBCType toJDBCType, Boolean sendStringParametersAsUnicode) {
+        static boolean converts(JavaType fromJavaType, JDBCType toJDBCType, boolean sendStringParametersAsUnicode) {
             if ((null == fromJavaType) || (JavaType.OBJECT == fromJavaType))
                 return true;
             else if (!sendStringParametersAsUnicode && fromJavaType == JavaType.BYTEARRAY

src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java

@@ -3285,7 +3285,7 @@ void writeInt(int value) throws SQLServerException {
      * @param value
      *        the data value
      */
-    void writeReal(Float value) throws SQLServerException {
+    void writeReal(float value) throws SQLServerException {
         writeInt(Float.floatToRawIntBits(value));
     }
 
@@ -4596,7 +4596,7 @@ void writeTVPRows(TVP value) throws SQLServerException {
                     writeBytes(cachedTVPHeaders.array(), 0, ((Buffer) cachedTVPHeaders).position());
                 }
 
-                List<Object> rowData = value.getRowData();
+                Object[] rowData = value.getRowData();
 
                 // ROW
                 writeByte((byte) TDS.TVP_ROW);
@@ -4618,8 +4618,8 @@ void writeTVPRows(TVP value) throws SQLServerException {
                     if (null != rowData) {
                         // if rowData has value for the current column, retrieve it. If not, current column will stay
                         // null.
-                        if (rowData.size() > currentColumn) {
-                            currentObject = rowData.get(currentColumn);
+                        if (rowData.length > currentColumn) {
+                            currentObject = rowData[currentColumn];
                             if (null != currentObject) {
                                 currentColumnStringValue = String.valueOf(currentObject);
                             }

src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerBulkRecord.java

@@ -13,7 +13,7 @@
  * Provides an interface used to create classes that read in data from any source (such as a file) and allows a
  * SQLServerBulkCopy class to write the data to SQL Server tables.
  * 
- * This interface is implemented by {@link SQLServerBulkCommon} Class
+ * This interface is implemented by {@link SQLServerBulkRecord} Class
  */
 public interface ISQLServerBulkRecord extends Serializable {
 

src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerDataRecord.java

@@ -5,8 +5,6 @@
 
 package com.microsoft.sqlserver.jdbc;
 
-import java.util.List;
-
 /**
  * Provides an interface to create classes that read in data from any source (such as a file) and allow a structured
  * type to be sent to SQL Server tables.
@@ -36,7 +34,7 @@ public interface ISQLServerDataRecord {
      * 
      * @return The data for the row.
      */
-    public List<Object> getRowData();
+    public Object[] getRowData();
 
     /**
      * Advances to the next data row.

src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java

@@ -196,10 +196,10 @@ private byte[] intAuthHandShake(byte[] pin, boolean[] done) throws SQLServerExce
      * @param impersonatedUserCred
      */
     KerbAuthentication(SQLServerConnection con, String address, int port, GSSCredential impersonatedUserCred,
-            Boolean isUserCreated) {
+            boolean isUserCreated) {
         this(con, address, port);
-        peerCredentials = impersonatedUserCred;
-        this.isUserCreatedCredential = (isUserCreated == null ? false : isUserCreated);
+        this.peerCredentials = impersonatedUserCred;
+        this.isUserCreatedCredential = isUserCreated;
     }
 
     byte[] generateClientContext(byte[] pin, boolean[] done) throws SQLServerException {

src/main/java/com/microsoft/sqlserver/jdbc/NTLMAuthentication.java

@@ -283,15 +283,15 @@ private class NTLMContext {
          *         if error occurs
          */
         NTLMContext(final SQLServerConnection con, final String domainName, final String userName,
-                final String password, final String workstation) throws SQLServerException {
+                final byte[] passwordHash, final String workstation) throws SQLServerException {
 
             this.domainName = domainName.toUpperCase();
             this.domainUbytes = unicode(this.domainName);
 
             this.userNameUbytes = null != userName ? unicode(userName) : null;
             this.upperUserName = null != userName ? userName.toUpperCase() : null;
 
-            this.passwordHash = null != password ? md4(unicode(password)) : null;
+            this.passwordHash = passwordHash;
 
             this.workstation = workstation;
 
@@ -332,9 +332,9 @@ private class NTLMContext {
      *         if error occurs
      */
     NTLMAuthentication(final SQLServerConnection con, final String domainName, final String userName,
-            final String password, final String workstation) throws SQLServerException {
+            final byte[] passwordHash, final String workstation) throws SQLServerException {
         if (null == context) {
-            this.context = new NTLMContext(con, domainName, userName, password, workstation);
+            this.context = new NTLMContext(con, domainName, userName, passwordHash, workstation);
         }
     }
 
@@ -612,7 +612,7 @@ private byte[] hmacMD5(final byte[] key, final byte[] data) throws InvalidKeyExc
      *        input string
      * @return MD4 hash
      */
-    private byte[] md4(final byte[] str) {
+    private static byte[] md4(final byte[] str) {
         MD4 md = new MD4();
         md.reset();
         md.update(str);
@@ -626,7 +626,7 @@ private byte[] md4(final byte[] str) {
      *        string to convert to unicode
      * @return unicode of string
      */
-    private byte[] unicode(final String str) {
+    private static byte[] unicode(final String str) {
         return (null != str) ? str.getBytes(java.nio.charset.StandardCharsets.UTF_16LE) : null;
     }
 
@@ -747,10 +747,8 @@ private byte[] generateNtlmAuthenticate() throws SQLServerException {
             int ntChallengeLen = getByteArrayLength(ntChallengeResp);
 
             // allocate token buffer
-            ByteBuffer token = ByteBuffer
-                    .allocate(NTLM_AUTHENTICATE_PAYLOAD_OFFSET + NTLM_LMCHALLENAGERESPONSE.length
-                            + ntChallengeResp.length + domainNameLen + userNameLen + workstationLen)
-                    .order(ByteOrder.LITTLE_ENDIAN);
+            ByteBuffer token = ByteBuffer.allocate(NTLM_AUTHENTICATE_PAYLOAD_OFFSET + NTLM_LMCHALLENAGERESPONSE.length
+                    + ntChallengeLen + domainNameLen + userNameLen + workstationLen).order(ByteOrder.LITTLE_ENDIAN);
 
             // set NTLM signature and message type
             token.put(NTLM_HEADER_SIGNATURE, 0, NTLM_HEADER_SIGNATURE.length);
@@ -890,4 +888,12 @@ private byte[] generateNtlmNegotiate() {
 
         return msg;
     }
+
+    public static byte[] getNtlmPasswordHash(String password) throws SQLServerException {
+        if (null == password) {
+            throw new SQLServerException(SQLServerException.getErrString("R_NtlmNoUserPasswordDomain"), null);
+        }
+
+        return md4(unicode(password));
+    }
 }

src/main/java/com/microsoft/sqlserver/jdbc/ParameterUtils.java

@@ -87,7 +87,7 @@ static int scanSQLForChar(char ch, String sql, int offset) {
 
                     // Fall through - will fail next if and end up in default case
                 case '-':
-                    if (sql.charAt(offset) == '-') { // If '-- ... \n' comment
+                    if (offset >= 0 && offset < sql.length() && sql.charAt(offset) == '-') { // If '-- ... \n' comment
                         while (++offset < len) { // Go thru comment.
                             if (sql.charAt(offset) == '\n' || sql.charAt(offset) == '\r') {
                                 // If end of comment

src/main/java/com/microsoft/sqlserver/jdbc/SQLJdbcVersion.java

@@ -7,7 +7,7 @@
 
 final class SQLJdbcVersion {
     static final int major = 7;
-    static final int minor = 3;
+    static final int minor = 4;
     static final int patch = 1;
     static final int build = 0;
 }