Liquibase 4.31.1 release notes

Liquibase 4.31.1 is a patch release. It patches the vulnerability in the Snowflake driver (CVE-2025-24789) and resolves the issue with logicalfilepath reported in 4.31.0.

Notable changes

Liquibase OSS

logicalfilepath bug: The standard Liquibase practice is to accept the attribute closest to the changeset. However, in 4.31.0, the parent logicalfilepath value will be used in DBCL/DBCLH as the changelogfilepath value. This patch fixes this behavior, and deployed changesets do not redeploy if they have the changelog level logicalFilePath.

This update fixes this issue for users who meet three specific conditions:

  • Use Liquibase 4.31.0.

  • Use the logicalfilepath attribute with different values at the changelog and changeset levels.

  • Use include/includeAll to nest changelogs.

Liquibase Pro changelog

Bug fixes

DAT-19579: The changesets from the included changelogs that were deployed with the changelog level logicalFilePath in version 4.31.0 will be considered new and will be redeployed in the latest versions #6716 @filipelautert

Liquibase OSS changelog

Bug fixes

  • (#6664) Don't ignore logicalFilePath when including changelogs @filipelautert

  • (#6716) Fix the filename in dbcl incorrectly generated during 4.31.0 (#6712) @filipelautert

Liquibase OSS security, driver, and other updates

  • Snowflake vulnerability update CVE-2025-24789

  • Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. Liquibase now includes a version with the fixed issue 3.22.0.

  • Full Changelog: v4.31.0...v4.31.1