Releases: dataplat/dbatools
v2.5.0 - Major library updates
Overview
This release updates dbatools to use the new dbatools.library v2025.7.19 and includes significant improvements to CI/CD workflows and assembly management which will make quickly addressing library dependency vulnerabilities a whole lot easier.
This release should resolve a lot of the issues we have all run into with connecting to SQL Server 2022. Newer (but not too newer) .NET versions are now required. The dbatools.library will now be pretty big because I'm including complete packages (like dac) for each OS, without trimming it. The previous trims I did kept the library small but it also kept me from releasing library updates as regularly as I'd like because it made everything hard. So, we're now at about 250mb for all the assemblies from Microsoft that we need to cover as many platforms as possible.
Thanks a hell of a lot to @niphlod who helped get this version update in motion.
Major Changes
π Library Update
- Updated dbatools.library dependency to v2025.7.19-preview-freshold-20250719213145
- Added centralized version management via
.github/dbatools-library-version.json
- Implemented dynamic library installation script for both stable and preview versions
π Security Improvements
By updating to dbatools.library v2025.7.19, this PR addresses significant security vulnerabilities:
Critical Vulnerabilities Resolved
- CVE-2017-0160 (CVSS 10.0): .NET Framework remote code execution
- CVE-2018-8284 (CVSS 9.8): .NET Framework remote code execution
- CVE-2019-0613: .NET Framework XML parsing remote code execution
- CVE-2020-0646: .NET Framework input validation remote code execution
- CVE-2024-35264: Kestrel HTTP/3 data corruption remote code execution
- CVE-2024-30045: .NET Double Parse buffer overrun remote code execution
High Severity Vulnerabilities Resolved
- CVE-2024-0056 (CVSS 8.7): SQL client information disclosure via AiTM attacks
- CVE-2023-28260 (CVSS 7.8): .NET DLL hijacking vulnerability
- CVE-2023-36049: .NET FTP command injection elevation of privilege
- CVE-2024-38229: HTTP/3 use-after-free remote code execution
- CVE-2023-44487: HTTP/2 "Rapid Reset" denial of service
- CVE-2024-43485: System.Text.Json algorithmic complexity DoS
Medium Severity Vulnerabilities Resolved
- CVE-2023-36013 (CVSS 6.5): PowerShell Web cmdlets information disclosure
- CVE-2024-0057: X.509 certificate validation bypass
- CVE-2023-36558: Blazor server form validation bypass
- CVE-2024-21319: JWT authentication memory exhaustion
- CVE-2024-21386: SignalR server denial of service
- CVE-2024-38095: ASN.1 parsing excessive CPU consumption
Security Enhancements
- Assembly loading improvements prevent DLL hijacking attacks
- SQL connections now use encrypted connections by default (via DacFx)
- Enhanced credential management with Azure token support
- Improved certificate validation logic
- Removed hardcoded paths that could be exploited
Security Impact: This update resolves 30+ CVEs across all dependencies, including 6 Critical, 12 High, and 12+ Medium severity vulnerabilities.
π CI/CD Improvements
- Centralized Library Version Management: All workflows now read from
dbatools-library-version.json
- Preview Version Support: CI can now handle preview versions of dbatools.library
- Dynamic Installation: New
install-dbatools-library.ps1
script handles version detection and installation - Improved Test Scripts: Moved test scripts to
.github/scripts/
for better organization
ποΈ Assembly & Platform Updates
- Updated sqlpackage paths to use new dac folder structure:
- Windows:
lib/dac/windows/sqlpackage.exe
- Linux:
lib/dac/linux/sqlpackage
- macOS:
lib/dac/mac/sqlpackage
- Windows:
- Enhanced
Get-DbaManagementObject
to better handle:- Loaded assemblies detection
- SNI module tracking
- Cross-platform assembly resolution
- Added support for SQL Server 2025 instance detection
π§ Export-DbaDacPackage Improvements
- Updated sqlpackage path resolution for new directory structure
- Better cross-platform path handling
- Distinction between Core and Desktop paths on Windows
π Version Management Documentation
Added comprehensive version management guide (.github/DBATOOLS_LIBRARY_VERSION_MANAGEMENT.md
) covering:
- Version update procedures
- Testing requirements
- Rollback procedures
- CI/CD pipeline usage
π§ͺ Testing Enhancements
- Added SQL Server engine installation to Windows tests (not just LocalDB)
- Improved credential handling for SQL Server connections
- Better error messages for assembly loading issues
- Enhanced copyright compliance in web search functionality
Non-Breaking Changes
- All changes maintain backwards compatibility
- Existing scripts and modules will continue to work
- Version management is transparent to end users
Testing Checklist
- Verified module imports successfully on Windows PowerShell 5.1
- Verified module imports successfully on PowerShell 7.4+
- Integration tests pass on all platforms
- Gallery installation tests pass
- Replication tests pass (when fixed)
- Assembly loading diagnostics show correct versions
Related PRs
- Requires dbatools.library PR dataplat/dbatools.library#18
Notes
- Some replication tests are currently disabled pending fixes
- The library version can be updated by modifying
.github/dbatools-library-version.json
v2.1.32
What's Changed
- Update dbatools-buildref-index.json SQL 2022 CU19 by @MikeyBronowski in #9676
- Export-DbaDbTableData, changed examples to make them usable by @niphlod in #9677
- Get-DbatoolsChangelog, direct to the "correct" page by @niphlod in #9678
- New-DbaDbSnapshot: Add Basic Availability Group Support by @ReeceGoding in #9632
- support lower-than-2012 instances (using RAISERROR instead of THROW) by @niphlod in #9659
- Get-DbaAgDatabase: Fix example by @andreasjordan in #9683
- Invoke-DbaDbDataMasking - fix up decimal & bit support by @AdamJKoehler in #9664
- Set-DbaAgentJobOutputFile: Made it more clear that the Job and Step parameters expect names. by @ReeceGoding in #9675
- Enable-DbaReplPublishing, fix example by @niphlod in #9660
- Connect-DbaInstance / Invoke-DbaQuery - Open a correct new connection when ConnectAsUserName is used and fix usage of AppendConnectionString by @andreasjordan in #9680
- Added table schema to Get-DbaDbForeignKey by @pollusb in #9685
- July 2025 GDR by @rwestMSFT in #9703
- 2022 CU 20 by @rwestMSFT in #9705
- Remove-DbaDbOrphanUser, avoid readonly dbs by @potatoqualitee in #9704
- Remove-DbaDatabaseSafely and Remove-DbaDatabase: added "Name" as an alias for "Database" by @ReeceGoding in #9698
Full Changelog: v2.1.31...v2.1.32
v2.1.31
What's Changed
- New-DbaConnectionStringBuilder, param reorganization by @niphlod in #9613
- Update dbatools-buildref-index.json SQL 2017 Azure Connect Pack by @MikeyBronowski in #9620
- Update dbatools-buildref-index.json SQL 2022 CU18 by @MikeyBronowski in #9625
- Set-DbaAgentOperator, better docs by @niphlod in #9617
- New/Remove-DbaAgentOperator, better docs by @niphlod in #9621
- New-DbaDbMaskingConfig, handle numeric by @niphlod in #9622
- Get-DbaDbUser, faster enumeration when targeting single db by @niphlod in #9623
- Start-DbccCheck, better extraction of errors by @niphlod in #9624
- New-DbaDbMaskingConfig, account for lots of tables by @niphlod in #9642
- buildref, "touch" LastUpdated even if no new CU have been shipped by @niphlod in #9661
- Install-DbaDarlingData: Added new stored procedures, documented abbreviations, and gave every procedure an abbreviation by @ReeceGoding in #9652
- Set-DbaAgentJobOutputFile: also report the current output file name by @ReeceGoding in #9646
Full Changelog: v2.1.30...v2.1.31
v2.1.30
What's Changed
- Update dbatools-buildref-index.json SQL 2019 CU32 by @MikeyBronowski in #9611
- Set-DbaDbQueryStoreOption, use correct postfix for STALE_CAPTURE_POLI⦠by @niphlod in #9605
- Get-DbaBackupHistory, better docs for Since parameter by @niphlod in #9604
- Set-DbaResourceGovernor - Pass Credentials to Get-DbaDbUdf by @darrenmaginnis in #9609
New Contributors
- @darrenmaginnis made their first contribution in #9609
Full Changelog: v2.1.29...v2.1.30
v2.1.29
What's Changed
- Update dbatools-buildref-index.json SQL2019 CU30 by @MikeyBronowski in #9560
- Update-DbaInstance, fix documentation by @niphlod in #9559
- Get-DbaExternalProcess - Test failing by @jpomfret in #9571
- Install-DbaMaintenanceSolution - don't drop tables if not readding by @jpomfret in #9570
- Update dbatools-buildref-index.json by @rwestMSFT in #9577
- BuildRef, add 2019CU31 by @niphlod in #9587
- Test-DbaWindowsLogin, add property for mismatch on samaccountname by @niphlod in #9589
- Set-DbaLogin, report correct name for -WhatIf by @niphlod in #9582
- Find-DbaAgentJob, work with multiple wildcards by @niphlod in #9583
- New-DbaSqlParameter, check bound parameters correctly by @niphlod in #9584
- Backup-DbaDbMasterKey, add FileBaseName by @niphlod in #9599
- Backup-DbaServiceMasterKey, add FileBaseName parameter by @niphlod in #9598
- Backup-DbaDbCertificate, new FileBaseName parameter by @niphlod in #9597
- Invoke-DbaDbShrink, accept pipelined databases by @niphlod in #9596
- Get-DbaNetworkCertificate, propagate credentials by @niphlod in #9595
- Enable/Disable-DbaTraceFlag, support -WhatIf by @niphlod in #9588
- Connect-DbaInstance, honor -Database parameter by @niphlod in #9585
- Invoke-DbaQuery, re-wire connection with integrated as another user by @niphlod in #9592
Full Changelog: v2.1.28...v2.1.29
v2.1.28
What's Changed
- Security updates for SQL 2022, 2019, 2017, 2016 by @MikeyBronowski in #9547
- SQL Server 2022 CU 16 by @rwestMSFT in #9551
- Include new version of SQL Server Maintenance Solution by Ola Hallengren by @andreasjordan in #9550
- Fix for installation of SQL Server Maintenance Solution by Ola Hallengren: Changed name of branch from master to main by @andreasjordan in #9549
Full Changelog: v2.1.27...v2.1.28
v2.1.27
What's Changed
- Fix test for Backup-DbaDatabase by @andreasjordan in #9507
- Fix test for Measure-DbaBackupThroughput by @andreasjordan in #9508
- Fix test for New-DbaCredential by @andreasjordan in #9509
- Fix test for Remove-DbaDbTableData by @andreasjordan in #9511
- Get-DbaDbMailServer: Fix e-mail account names if more than one account exists by @potatoqualitee in #9506
- Fix test for Remove-DbaDbSynonym by @andreasjordan in #9510
- New-DbaAgentJob: Fix wrong output when using -Force to remove existing job by @andreasjordan in #9512
- Fix test for Enable-DbaHideInstance by @andreasjordan in #9517
- Fix test for Copy-DbaLinkedServer by @andreasjordan in #9516
- Fixed test for Copy-DbaEndpoint by @andreasjordan in #9515
- Fix test for Set-DbaNetworkConfiguration by @andreasjordan in #9514
- Fix test for Start-DbaXESession by @andreasjordan in #9513
- Tests/pester5runner by @niphlod in #9521
- Enabling more tests on AppVeyor by @andreasjordan in #9523
- Fix test for Get-DbaEstimatedCompletionTime by @andreasjordan in #9522
- Tests - use new Test-Config instead of constants.ps1 by @potatoqualitee in #9524
- first pester5 test (do Invoke-DbaQuery) by @niphlod in #9525
- DevContainer update to support
aider
by @potatoqualitee in #9527 - pester runner, detection based on standard Requires directive by @niphlod in #9528
- Pester migration - First Batch by @potatoqualitee in #9529
- Pester migration - Second batch by @potatoqualitee in #9530
- Pester migration - Third batch by @potatoqualitee in #9531
- Pester v5 runner fixes by @potatoqualitee in #9533
- Update dbatools-buildref-index.json SQL2019 CU29 by @MikeyBronowski in #9538
- Import-DbaCsv, work with numeric, too by @niphlod in #9534
Full Changelog: v2.1.26...v2.1.27
v2.1.26
What's Changed
- Security updates for SQL 2022, 2019, 2017, 2016 by @MikeyBronowski in #9493
- Copy-DbaResourceGovernor: Fix copy of classifier function by @andreasjordan in #9492
- Fix typos in DbaDbDbcc commands by @MikeyBronowski in #9494
- Fix test for Get-DbaDump by @andreasjordan in #9499
- Refactor AgHadr tests by @andreasjordan in #9498
- Fix tests for Availability Groups by @andreasjordan in #9500
- Enable test for Invoke-DbaDbMirroring by @andreasjordan in #9503
- Refactor tests to use variable server instead of instance for SMO server objects (part 1) by @andreasjordan in #9501
- Mount-DbaDatabase: Deduplicate filepaths if more that one backup is in the last backup file by @andreasjordan in #9504
- Connect-DbaInstance: Fix for issue when changing database context by @andreasjordan in #9505
Full Changelog: v2.1.25...v2.1.26
v2.1.25
What's Changed
- Update dbatools-buildref-index.json SQL2022 CU15 by @MikeyBronowski in #9476
- Update tests to be able to run them outside of AppVeyor (part 3) by @andreasjordan in #9426
- Test-DBALsnChain - Fix missing log backup (#7515) by @AdamJKoehler in #9467
- Get-DbaHelpIndex - Bad joins based on Index Name instead of Index ID when Indexes in same DB named the same #9447 by @jianjunpei in #9473
- Test-DbaDbCompression, returns ? for empty tables (do Compression) by @niphlod in #9474
- Get-DbaDbView, add Schema parameter (do DbView) by @niphlod in #9475
- Import-DbaCsv, map correct types for BulkCopy by @niphlod in #9479
New Contributors
- @AdamJKoehler made their first contribution in #9467
- @jianjunpei made their first contribution in #9473
Full Changelog: v2.1.24...v2.1.25
v2.1.24
What's Changed
- Export-DbaUser - Fix Passthru duplicates by @potatoqualitee in #9463
- Security updates for SQL 2022, 2019, 2017, 2016 by @MikeyBronowski in #9466
Full Changelog: v2.1.23...v2.1.24