Skip to content

Stable Release v6.1.6

Choose a tag to compare

View all tags
@apoorvdeshmukh apoorvdeshmukh released this 25 Jun 17:14
· 449 commits to main since this release
v6.1.6
b862260
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This update brings the following changes since the 6.1.5 release:

Added

WAM broker support for the supported Entra ID authentication modes (Windows only)

What Changed:

  • Added support for the Web Account Manager (WAM) broker for the supported Microsoft Entra ID authentication modes. A new ActiveDirectoryAuthenticationProviderOptions options bag and a corresponding ActiveDirectoryAuthenticationProvider(ActiveDirectoryAuthenticationProviderOptions options) constructor were introduced, exposing a UseWamBroker property (alongside ApplicationClientId and DeviceCodeFlowCallback).
    (#4288, #4387)
  • Added a cross-platform SetParentActivityOrWindowFunc(Func<object> parentActivityOrWindowFunc) method so callers can supply a parent window handle on Windows or a parent Activity/UIViewController on Android/iOS/MAUI.

Who Benefits:

  • Applications using ActiveDirectoryInteractive and other supported Entra ID authentication modes on Windows benefit from the WAM broker's improved security (tokens are brokered by the OS), single sign-on with the logged-in Windows account, and support for Conditional Access and Windows Hello.

Impact:

  • When you supply your ApplicationClientId, WAM is opt-in via ActiveDirectoryAuthenticationProviderOptions.UseWamBroker. Consider enabling it when you want OS-brokered tokens, single sign-on with the signed-in Windows account, Windows Hello, and Conditional Access support.
  • UseWamBroker is a Windows-only setting and has no effect on non-Windows platforms, where interactive Entra ID flows always use the system browser.
  • Prefer the new options-bag constructor over the positional-argument overloads in new code.
var options = new ActiveDirectoryAuthenticationProviderOptions
{
    ApplicationClientId = "<your-app-client-id>",
    // Enable WAM (Windows only) for OS-brokered tokens, SSO, Windows Hello, and Conditional Access.
    UseWamBroker = true,
};
var provider = new ActiveDirectoryAuthenticationProvider(options);
// Supply the parent window/activity that owns the interactive sign-in prompt.
provider.SetParentActivityOrWindowFunc(() => parentWindowHandle);
SqlAuthenticationProvider.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, provider);

Changed

Hardened TDS token parsing with data-length bounds checks

What Changed:

  • Added bounds checking when parsing TDS token data lengths. The parser now validates the declared length of incoming token data against the available buffer before reading, rejecting malformed or out-of-range length values instead of reading past the intended boundary.
    (#4340, #4359)

Who Benefits:

  • All consumers benefit from improved resilience against malformed or hostile TDS responses. A server (or man-in-the-middle) sending an invalid token length can no longer drive the parser to read beyond the declared payload.

Impact:

  • Connections that previously parsed malformed token streams loosely will now fail fast with a clear protocol error. Well-behaved SQL Server responses are unaffected.

Other changes

  • Updated dependencies (#4387):
    • Updated Microsoft.Identity.Client to 4.84.2 (was 4.80.0)
    • Added Microsoft.Identity.Client.Broker 4.84.2

Fixed

  • Fixed a NullReferenceException in SqlDataReader.GetChars on the PLP + CommandBehavior.SequentialAccess path when a null buffer was passed together with a negative bufferIndex. The call now correctly throws ArgumentOutOfRangeException for the bufferIndex parameter.
    (#4159, #4205)

  • Fixed column master key (CMK) signature verification caching where GetSignatureVerificationResult returned whether the cache key existed rather than the cached value itself. Once a signature verification failure was cached as false, subsequent lookups incorrectly returned true, causing the caller to skip re-verification and treat the column master key as having a valid signature.
    (#4339, #4356)

Target Platform Support

  • .NET Framework 4.6.2+ (Windows x86, Windows x64, Windows ARM64)
  • .NET 8.0+ (Windows x86, Windows x64, Windows ARM64, Linux, macOS)
  • .NET Standard 2.0+ (Windows x86, Windows x64, Windows ARM64, Linux, macOS)

Dependencies

.NET Framework 4.6.2

  • Azure.Core 1.50.0
  • Azure.Identity 1.17.1
  • Microsoft.Data.SqlClient.SNI 6.0.2
  • Microsoft.Extensions.Caching.Memory 8.0.1
  • Microsoft.Identity.Client 4.84.2
  • Microsoft.Identity.Client.Broker 4.84.2
  • Microsoft.IdentityModel.JsonWebTokens 7.7.1
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
  • System.Buffers 4.6.1
  • System.Data.Common 4.3.0
  • System.Diagnostics.DiagnosticSource 8.0.1
  • System.IdentityModel.Tokens.Jwt 7.7.1
  • System.Memory 4.6.3
  • System.Security.Cryptography.Pkcs 8.0.1
  • System.Text.Json 8.0.6
  • System.Text.RegularExpressions 4.3.1

.NET 8.0

  • Azure.Core 1.50.0
  • Azure.Identity 1.17.1
  • Microsoft.Data.SqlClient.SNI.runtime 6.0.2
  • Microsoft.Extensions.Caching.Memory 8.0.1
  • Microsoft.Identity.Client 4.84.2
  • Microsoft.Identity.Client.Broker 4.84.2
  • Microsoft.IdentityModel.JsonWebTokens 7.7.1
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
  • Microsoft.SqlServer.Server 1.0.0
  • System.Configuration.ConfigurationManager 8.0.1
  • System.Diagnostics.DiagnosticSource 8.0.1
  • System.IdentityModel.Tokens.Jwt 7.7.1
  • System.Security.Cryptography.Pkcs 8.0.1

.NET 9.0

  • Azure.Core 1.50.0
  • Azure.Identity 1.17.1
  • Microsoft.Data.SqlClient.SNI.runtime 6.0.2
  • Microsoft.Extensions.Caching.Memory 9.0.11
  • Microsoft.Identity.Client 4.84.2
  • Microsoft.Identity.Client.Broker 4.84.2
  • Microsoft.IdentityModel.JsonWebTokens 7.7.1
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
  • Microsoft.SqlServer.Server 1.0.0
  • System.Configuration.ConfigurationManager 9.0.11
  • System.Diagnostics.DiagnosticSource 9.0.11
  • System.IdentityModel.Tokens.Jwt 7.7.1
  • System.Security.Cryptography.Pkcs 9.0.11

.NET Standard 2.0

  • Azure.Core 1.50.0
  • Azure.Identity 1.17.1
  • Microsoft.Data.SqlClient.SNI.runtime 6.0.2
  • Microsoft.Extensions.Caching.Memory 8.0.1
  • Microsoft.Identity.Client 4.84.2
  • Microsoft.Identity.Client.Broker 4.84.2
  • Microsoft.IdentityModel.JsonWebTokens 7.7.1
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
  • Microsoft.SqlServer.Server 1.0.0
  • System.Configuration.ConfigurationManager 8.0.1
  • System.Diagnostics.DiagnosticSource 8.0.1
  • System.IdentityModel.Tokens.Jwt 7.7.1
  • System.Security.Cryptography.Pkcs 8.0.1
  • System.Text.Json 8.0.6
Assets 4
Loading