5.1 SECURE Release notes

Liquibase Secure 5.1 release notes

Liquibase Secure 5.1 is a major release focused on expanding platform coverage, strengthening governance, and significantly improving performance, reliability, and usability across the database change lifecycle.

This release delivers deeper Snowflake-native support with advanced modeled objects, introduces proactive risk controls, such as Sensitive Information (PII/PHI) policy checks and stricter pre-deployment validation, and adds new capabilities, including Troubleshooting Mode and enhanced Spring Boot integration with Liquibase Flows. At the same time, Liquibase Secure 5.1 brings substantial performance gains in snapshots and policy checks, clearer status and error messaging, and broader database support for modern NoSQL and distributed platforms. These enhancements help teams move faster with greater confidence; reducing risk, improving compliance and audit readiness, and enabling consistent, scalable database change management across enterprise environments.

What's new?

Snowflake advanced object support

Liquibase Secure 5.1 significantly expands modeled object coverage for Snowflake, improving governance and reducing reliance on raw or arbitrary SQL for managing Snowflake-specific features.

This release focuses on strengthening Change Management and Change Tracking, with Database Inspection available for a subset of objects and additional coverage planned in future releases - enabling more consistent, auditable, and automated schema operations in Snowflake environments.

New modeled objects with Change Management, Change Tracking, and Database Inspection*:

FILE FORMAT
STAGE
DYNAMIC TABLE
STANDARD TABLE

New modeled objects with Change Management and Change Tracking (no Database Inspection)*:

MATERIALIZED VIEW
TASK
ROW ACCESS POLICY
STREAM
SHARE
ROLE
DATABASE
SCHEMA
WAREHOUSE

Snowflake TABLE enhancements:

Introduced type-specific Snowflake TABLE model definitions (Standard and Dynamic) replacing traditional Liquibase TABLE
Added support for full TABLE object parameter coverage
Added support for CLONE and Time Travel operations

Snowflake VIEW enhancements:

Introduced type-specific Snowflake VIEW model definitions (Standard and Materialized) replacing traditional Liquibase VIEW
Added support for full VIEW object parameter coverage

Together, these enhancements provide deeper Snowflake-native support, improve change governance and tracking, and enable teams to manage advanced Snowflake objects more reliably and transparently - while reducing operational risk and increasing consistency across deployments.

Note: When running diff or diff-changelog in Liquibase Secure 5.1, these newly supported Snowflake objects will appear as differences if you compare a snapshot generated with an earlier version of Liquibase Pro or Secure against a current Snowflake environment. Likewise, snapshots created with Liquibase Secure 5.1 will include these objects and may not be fully readable by earlier Liquibase versions.

Learn more at …(add link)

Sensitive information (PII/PHI) Policy check

Liquibase Secure introduces a new customizable SensitiveInfo policy check that detects sensitive data patterns in database changelogs before deployment. Teams can configure built-in identifiers to scan INSERT and UPDATE statements for a broad range of PII and PHI - including personal, financial, government, and medical information - and enforce warnings or hard stops in deployment pipelines. This helps prevent accidental exposure of sensitive data, strengthens compliance and audit readiness, and reduces risk by catching issues early in the database change lifecycle.

Troubleshooting mode

Troubleshooting Mode introduces a streamlined way to diagnose issues and engage Liquibase Customer Support through the new Support Report, which automatically captures comprehensive diagnostic data during command execution. When enabled, it generates a single, shareable ZIP report that bundles key environment details, configuration, execution context, and logs (securely obfuscating sensitive data) so support teams have immediate, complete context. This eliminates time-consuming back-and-forth, reduces errors caused by missing or unclear information, and helps customers and support engineers resolve issues faster and more efficiently.

Spring Boot integration with Liquibase Flows

Liquibase Secure 5.1 modernizes and simplifies Spring Boot integration by introducing new configuration properties that make it easier to run the flow command with both local and remote (e.g. S3 and Azure) Flow files. Teams can now define portable, platform-independent workflows directly within their Spring applications using standard application.properties or liquibase.properties configuration - reducing setup complexity while enabling consistent, repeatable database change workflows across local development and CI/CD environments.

Validate command with Strict mode

Strengthened pre-deployment checks by introducing the validate --strict mode, which applies more rigorous validation rules to ensure changelogs, changesets, and related resources are correctly structured before executing critical schema changes.

These enhancements provide deeper scrutiny and actionable alerts when:

Optional changeset attributes are present but empty
Changeset attributes with enumerated values contain unsupported values
Changeset attributes use invalid property–value delimiters (non-colon)
Nested changelogs or rollback SQL file scripts cannot be found at the specified paths
Arbitrary or unofficial changeset properties are detected
Structural issues are identified within nested changelogs

Together, these improvements help teams catch configuration and structural issues earlier, reducing the risk of partial deployments, avoiding hard-to-diagnose failures, and increasing overall reliability and confidence in database change operations.

Expanded database coverage

Liquibase Secure 5.1 expands database coverage across modern NoSQL and distributed platforms by introducing in-the-box support for Couchbase and adding support for Cassandra variants, including DataStax Enterprise and AWS Keyspaces. These additions broaden Liquibase Secure’s applicability across modern data environments, enabling teams to apply consistent governance, change management, and compliance practices while reducing the need for custom tooling or workarounds.

Snapshots status messaging

Snapshots messaging has been improved to enhance troubleshootability, providing clearer status updates during snapshot execution so users can more easily understand progress and current operation state. These improvements are intended to eliminate ambiguity and help users quickly determine whether a snapshot job is running as expected or encountering an issue.

Snapshots and Query Performance

Snapshots performance has been significantly improved, reducing the time required to create snapshots and increasing the reliability of state-driven workflows and drift detection use cases. This release delivers the most impactful gains for Oracle and Databricks environments, with additional incremental improvements across other supported platforms to enhance overall snapshot consistency and responsiveness. Users with remote Oracle workloads with Long Columns will benefit from a smart shift in network fetches.

Policy check performance

Enhanced performance across regex-based and snapshot-driven policy checks ensures efficient enforcement of standards at enterprise scale. Liquibase Secure 5.1 significantly accelerates complex regex evaluations and database-scope snapshot checks - reducing regex scan times on large SQL files from minutes to seconds and improving snapshot-based policy checks on multi-schema databases. Oracle-specific optimizations deliver up to 20× performance gains. Together, these enhancements enable faster validations, smoother pipelines, and scalable governance, allowing teams to enforce compliance and quality controls without compromising speed or operational reliability.

Error and integrations messaging

Liquibase Secure now provides clearer, more actionable error and informational messages by surfacing detailed feedback directly from third-party tools such as SQL*Plus, SQLCMD, and other integrations.

This release also improves MongoDB workflows by immediately failing unsupported commands with explicit error messages and resolving an issue that could cause certain commands to run more than once. These enhancements reduce ambiguity during failures, speed up troubleshooting, and help teams diagnose and resolve issues faster with greater confidence across supported platforms and integrations.

Maven starters

We've introduced Liquibase starters for Maven to simplify project setup by bundling a preconfigured file which automatically includes compatible versions of dependencies. Instead of manually configuring individual dependencies in your build configuration’s pom.xml file, simplify your build overhead and avoid version conflicts with Liquibase starters.

Additional documentation improvements

Users can add a globalVariable to their Flow file
A new --ignore-missing-references command parameter was added that controls behavior when snapshots reference objects from schemas not included in the snapshot (like cross-schema triggers or foreign keys). You can us

Detailed Security Vulnerability Report - Liquibase Secure

This release addresses multiple CVE updates across Spring Framework, Spring Boot, and Netty. Engineering has confirmed these issues are not exploitable in Liquibase based on how the libraries are used.

CVE Summary

Critical: 0 High: 8 Customer Impact: None Spring Framework: spring-core, spring-web

CVE ID	CVSS Score	Library	Customer Impact
CVE-2024-38816	7.5 High	spring-core / spring-web	Description: Path Equivalence vulnerability in Spring Framework. Applications serving static resources through WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system accessible to the process. Attack Vector: Network-based, low complexity, no authentication required, no user interaction.<br><br>Impact: High confidentiality impact — arbitrary file read. No integrity or availability impact. Weakness: CWE-22 — Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). Exploitability: High. 27 public PoC exploits on GitHub. Mitigated if Spring Security HTTP Firewall is enabled or running on Tomcat/Jetty. Available Patched Versions: 5.3.40, 6.0.24, 6.1.13. Required Action: Upgrade to Spring Framework 6.1.13+ or 7.0.x. Customer Impact: None. Liquibase does not use WebMvc.fn or WebFlux.fn for static resource serving. Spring Framework is used only as an optional integration layer (SpringLiquibase, SpringResourceAccessor) and does not expose HTTP endpoints.
CVE-2024-38819	7.5 High	spring-core / spring-web	Description: Path traversal vulnerability in Spring Framework's WebMvc.fn and WebFlux.fn. This is a bypass of the fix for CVE-2024-38816 using double URL encoding, allowing attackers to access arbitrary files via crafted HTTP requests. Attack Vector: Network-based, low complexity, no authentication required, no user interaction. Impact: High confidentiality impact — arbitrary file read. No integrity or availability impact. Weakness: CWE-22 — Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). Exploitability: High. Same attack surface as CVE-2024-38816 with different input vectors. PoC exploits publicly available. Available Patched Versions: 5.3.41, 6.0.25, 6.1.14. Required Action: Upgrade to Spring Framework 6.1.14+ or 7.0.x. Customer Impact: None. Liquibase does not use WebMvc.fn or WebFlux.fn for static resource serving. We use this library; we don't use the features that could make it vulnerable.
CVE-2024-22243	8.1 High	spring-core / spring-web	Description: Applications that use UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host may be vulnerable to open redirect or SSRF attacks. Attack Vector: Network-based, low complexity, no authentication required. Requires user interaction (victim must click a crafted link). Impact: High confidentiality and integrity impact. No availability impact. Weakness: CWE-601 — URL Redirection to Untrusted Site (Open Redirect). Exploitability: Moderate. Requires user interaction and that the application uses UriComponentsBuilder to parse externally-supplied URLs with subsequent host validation. Available Patched Versions: 5.3.34, 6.0.17, 6.1.4. Required Action: Upgrade to Spring Framework 6.1.4+ or 7.0.x. Customer Impact: None. Liquibase does not use UriComponentsBuilder anywhere in the codebase. Zero occurrences found across all modules.
CVE-2024-22259	8.1 High	spring-core / spring-web	Description: Same class of vulnerability as CVE-2024-22243 with different input vectors. Applications using UriComponentsBuilder to parse externally provided URLs and perform host validation are vulnerable to open redirect or SSRF attacks. This is a bypass of the CVE-2024-22243 fix. Attack Vector: Network-based, low complexity, no authentication required. Requires user interaction. Impact: High confidentiality and integrity impact. No availability impact. Weakness: CWE-601 — URL Redirection to Untrusted Site (Open Redirect). Exploitability: Moderate. Requires user interaction. Available Patched Versions: 5.3.34, 6.0.17, 6.1.5. Required Action: Upgrade to Spring Framework 6.1.5+ or 7.0.x. Customer Impact: None. Liquibase does not use UriComponentsBuilder anywhere in the codebase.
CVE-2024-22262	8.1 High	spring-core / spring-web	Description: Third variant in the UriComponentsBuilder series (after CVE-2024-22243 and CVE-2024-22259). Applications using UriComponentsBuilder to parse externally provided URLs are vulnerable to open redirect and SSRF attacks if the URL passes validation checks but is later used maliciously. Attack Vector: Network-based, low complexity, no authentication required. Requires user interaction. Impact: High confidentiality and integrity impact. No availability impact. Weakness: CWE-601 — URL Redirection to Untrusted Site (Open Redirect), CWE-918 — Server-Side Request Forgery (SSRF). Exploitability: Moderate. Requires user interaction. Available Patched Versions: 5.3.34, 6.0.18, 6.1.6. Required Action: Upgrade to Spring Framework 6.1.6+ or 7.0.x. Customer Impact: None. Liquibase does not use UriComponentsBuilder anywhere in the codebase.
CVE-2025-22235	7.3 High	spring-boot-autoconfigure	Description: EndpointRequest.to() creates an incorrect Spring Security request matcher (/null/) when the targeted actuator endpoint is disabled or not exposed via HTTP, potentially leaving the /null path unprotected. Attack Vector: Network-based, low complexity, no authentication required, no user interaction. Impact: Low confidentiality, integrity, and availability impact. Weakness: CWE-20 — Improper Input Validation, CWE-862 — Missing Authorization. Exploitability: Low. Requires that the application uses EndpointRequest.to() targeting a disabled/unexposed actuator endpoint AND that the /null path serves sensitive content. The likelihood of all conditions aligning simultaneously is very low. Available Patched Versions: 3.2.14, 3.3.11, 3.4.5. Required Action: Upgrade to Spring Boot 3.4.5+ or 4.0.x. Customer Impact: None.** Spring Boot is declared with provided scope in Liquibase Pro — it is not packaged into the Liquibase distribution. Users who bring their own Spring Boot manage their own version. Liquibase's auto-configuration does not use EndpointRequest.to() or expose Actuator endpoints.
CVE-2025-58056	7.5 High / 2.9 Low	io.netty	Description: Netty incorrectly accepts standalone LF characters as chunk-size line terminators instead of requiring CRLF per the HTTP/1.1 specification, enabling HTTP request smuggling when deployed behind a reverse proxy. Attack Vector: Network-based, low complexity, no authentication required, no user interaction. Impact: High integrity impact (v3.1) / Low integrity impact (v4.0). No confidentiality or availability impact. Weakness: CWE-444 — Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). Exploitability: Moderate. Requires a specific proxy-Netty deployment topology. PoC exists. CVSS v4.0 scores this at 2.9 Low, reflecting specific deployment prerequisites required for exploitation.<br><br>Available Patched Versions: 4.1.125.Final, 4.2.5.Final. Required Action: Upgrade to Netty 4.1.125+ or 4.2.5+. Customer Impact: None. Netty is a transitive dependency of the Azure SDK, used exclusively as an HTTP client for outbound connections. Liquibase does not use Netty as an HTTP server and is never deployed behind a reverse proxy in a topology where request smuggling could occur. Prior versions in use (4.1.125.Final and 4.2.7.Final) already include this fix.
CVE-2025-58057	7.5 High / 6.9 Med	io.netty	Description: When supplied with specially crafted highly-compressed payloads, Netty's BrotliDecoder and other decompression codecs allocate an unbounded number of byte buffers without enforcing decompression ratio limits, leading to memory exhaustion and denial of service. Attack Vector: Network-based, low complexity, no authentication required, no user interaction. Impact: High availability impact (v3.1) / Low availability impact (v4.0). No confidentiality or integrity impact. Weakness: CWE-409 — Improper Handling of Highly Compressed Data (Data Amplification). Exploitability: High. Unauthenticated, network-accessible, no user interaction required. Classic decompression bomb attack. CVSS v4.0 scores this at 6.9 Medium. Available Patched Versions: 4.1.125.Final, 4.2.5.Final. Required Action: Upgrade to Netty 4.1.125+ or 4.2.5+. Customer Impact: None. Netty is a transitive dependency of the Azure SDK, used exclusively as an HTTP client. Liquibase does not use BrotliDecoder or expose decompression endpoints. Prior versions in use (4.1.125.Final and 4.2.7.Final) already include this fix.

CHANGELOG

Snowflake advanced object support

- (#17) INT-1307: added SnowflakeTask snapshot-related classes by @SvampX

- (#22) INT-1424: Added xsd and alterTaskChange-related classes by @SvampX

- (#24) [INT-145] added support for create and drop row access policy by @KushnirykOleh

- (#26) [INT-1442]: Implement ALTER STREAM comment and tags operations by @KushnirykOleh

- (#27) INT-1438: added Alter RowAccessPolicy flows by @SvampX

- (#29) INT-1508: add support of EXECUTE on TASK Object by @HorbatenkoYehor

- (#30) Update CODEOWNERS for permission management by @filipelautert

- (#31) INT-1504: added Row Access Policy's Table Attachment/Detachment Changes by @SvampX

- (#34) INT-150: Control Automatic Clustering Flag on Existing TABLE added by @SvampX

- (#38) [INT-1288] createStream and dropStream support by @KushnirykOleh

- (#44) Refactor package structure for stage, fileformat, and task objects by @KushnirykOleh

- (#47) INT-151: rework classes for CRUD on SEQUENCE Object by @HorbatenkoYehor

- (#49) INT-155 SnowflakeTable redesign by @SvampX

- (#50) [INT-1527] ORDER|NOORDER support by @KushnirykOleh

- (#51) INT-155: Alter standard table support added by @SvampX

- (#54) INT-1525: fix quoting in comment attributes for several changetypes by @HorbatenkoYehor

- (#56) [INT-1538]: Added createStandardTable as a standalone changetype by @SvampX

- (#57) Int 147 - Support CREATE and DROP on SHARE Object by @HorbatenkoYehor

- (#58) INT-1522 - Use new field supportedDatabases by @filipelautert

- (#59) [INT-1537]: added Standalone Snowflake Dynamic table changetype by @SvampX

- (#60) INT-1450: Add alterShareAccounts, alterShareComment and alterShareTags changeTypes by @HorbatenkoYehor

- (#65) [INT-1487]: fixed alter Tags generation for ChangedSnowflakeStage flow by @SvampX

- (#67) INT-1517: fixed NULL_IF behaviour for FileFormat. by @SvampX

- (#68) INT-1254: Support CREATE TABLE ... CLONE with Time Travel by @KushnirykOleh

- (#70) Add SQL injection validation utility method by @KushnirykOleh

- (#74) INT-1255: add support for GRANT/REVOKE privilege operations on SHARE by @HorbatenkoYehor

- (#75) INT-1256: add support for Create DB from SHARE changeType by @HorbatenkoYehor

- (#77) INT-1293: add support for Create and Drop on Role object by @HorbatenkoYehor

- (#78) INT-1454: Alter Role related ChangeTypes added by @SvampX

- (#81) INT-1580: add support for Grant and Revoke on Role object by @HorbatenkoYehor

- (#86) INT-1244: Create, Clone and Drop Database related changes added. by @SvampX

- (#87) INT-1588: Add cloneSchema changeType and AbstractSnowflakeChange refactoring by @KushnirykOleh

- (#89) [INT-1605] refactor: add AbstractSnowflakeChange base class by @KushnirykOleh

- (#90) INT-1589: Add dropSchema and undropSchema change types by @KushnirykOleh

- (#91) INT-1587: add createSchema changeType by @HorbatenkoYehor

- (#95) [INT-1591] alterSchemaTags/alterSchemaContacts + refactoring by @KushnirykOleh

- (#96) [INT-1583] Added Alter Database related changes by @SvampX

- (#99) INT-1590: add support for alterSchemaProperties changeType by @HorbatenkoYehor

- (#101) INT-152: added Create and Drop Materialized View flows by @SvampX

- (#103) INT-1592: add support for alterSchemaManagedAccess, renameSchema and swapSchema by @HorbatenkoYehor

- (#104) INT-1590: add support for alterSchemaProperties changeType by @HorbatenkoYehor

- (#105) INT-1505: Add Support for ROW ACCESS POLICY on VIEW objects by @HorbatenkoYehor

- (#106) INT-1458: added Alter Materialized View flows by @SvampX

- (#107) INT-1608: Create AbstractSnowflakeSqlGenerator base class and extend all snowflake sql generators by @HorbatenkoYehor

- (#115) INT-1667: added Alter Warehouse Tags flow by @SvampX

- (#120) INT-1687: Add renameWarehouse changeType by @KushnirykOleh

- (#124) INT-1688: added Alter Warehouse State flow by @SvampX

- (#125) INT-1666: add CreateWarehouse and DropWarehouse change types by @HorbatenkoYehor

- (#128) INT-1706: implement createView and dropView changetypes by @KushnirykOleh

- (#129) INT-1668: add alterWarehouseProperties change type by @HorbatenkoYehor

- (#130) INT-1259: Snapshot of Snowflake view added by @SvampX

- (#131) INT-1707: Implement renameView changetype by @KushnirykOleh

- (#135) INT-1710: add useWarehouse change type by @HorbatenkoYehor

- (#136) INT-1705: added generate-changelog flow for SnowflakeView database object by @SvampX

- (#138) INT-1678: Standardize rename field naming to old/new pattern by @HorbatenkoYehor

- (#139) INT-1610: Refactor alterTask to eliminate xsd:list patterns by @KushnirykOleh

- (#141) INT-1708: add support for alterViewProperties change type by @HorbatenkoYehor

- (#142) INT-1724: Support backward-compatible createView syntax by @KushnirykOleh

- (#144) INT-1714: Unify PolicyColumn serialization pattern across changetypes by @KushnirykOleh

- (#145) INT-1612: Rename newTags/newContacts to setTags/setContacts by @HorbatenkoYehor

- (#147) INT-1607: Migrate Change classes to AbstractSnowflakeChange by @KushnirykOleh

- (#152) INT-1734: Fix createDatabase flags for replica databases by @KushnirykOleh

- (#153) INT-1614: remove deprecated getQuotedParameterOrEmpty, getEscapedQuotedParameterOrEmpty and getEscapedQuotedTagOrEmpty methods by @HorbatenkoYehor

- (#154) INT-1613: remove deprecated getEscapedObjectNameOrEmpty and getUnquotedParameterOrEmpty methods by @HorbatenkoYehor

- (#156) INT-1731: Ensure sequence changetypes backward compatibility with core Liquibase by @KushnirykOleh

- (#157) INT-1606: Replace boilerplate getters/setters with Lombok annotations by @HorbatenkoYehor

- (#163) INT-1258: StandardTable DI features added by @SvampX

- (#164) INT-1258 SnowflakeDynamicTable DI features added by @SvampX

- (#165) INT-1690: Standardize documentation format across all changetypes by @KushnirykOleh

- (#166) Enable createStream tests for external/dynamic/event table streams by @KushnirykOleh

- (#168) INT-1690: Add automatic rollback notes to all changetype docs by @KushnirykOleh

- (#170) INT-1753: Fix checksum compatibility and simplify createView by @KushnirykOleh

- (#172) INT-1760: Fix XSD schema for createView and sequence generator spacing by @KushnirykOleh

- (#176) INT-1762: Fix IllegalStateException when generating changelog to non-Snowflake SQL format by @filipelautert

- (#178) INT-1690: Add backticks to attribute names in docs tables by @KushnirykOleh

- (#2901) INT-1515: add supportsCatalogInObjectName for all Snowflake objects; override escapeObjectName in SnowflakeDatabase by @HorbatenkoYehor

- (#3043) [INT-1561] report generation optimization by @KushnirykOleh

- (#3059) INT-1611: added runAsRole flow for changesets by @SvampX

- (#205) INT-1824: Fix MANIFEST.MF metadata to match standard extension format by @filipelautert

- (#203) INT-1822: Refactored column loading for snowflake relations, fixed treating of constraints. by @SvampX

- (#204) NO_JIRA: update addStandardTableColumn.md by @HorbatenkoYehor

- (#196) INT-1801: mirroring core's DataType structure by @SvampX

- (#202) INT-1823: Fix PK/FK ordering in MissingSnowflakeForeignKeyChangeGenerator by @HorbatenkoYehor

- (#201) INT-1816: Fix YAML/JSON column serialization in generate-changelog for SnowflakeStandardTable by @HorbatenkoYehor

- (#200) INT-1804: handling of SnowflakeStandardTable's dependent objects updated. by @SvampX

- (#192) INT-1789: Schema-aware tracking table handling for dropAll by @KushnirykOleh

- (#193) INT-1791: avoiding DynamicTableColumns adding/removal in diff-changelog flow by @SvampX

- (#199) INT-1800: Improve TXT snapshot serialization for nested objects by @HorbatenkoYehor

- (#197) INT-1796: remove uniqueConstraintName from XSD and codebase by @filipelautert

- (#195) INT-1807: fix SnowflakeForeignKey primaryKeyColumns deserialized as String by @filipelautert

- (#194) INT-1794: Improve error message for unsupported --diffTypes on Snowflake by @filipelautert

- (#189) INT-1790: refactored SnowflakeView snapshotting by @SvampX

- (#167) INT-1751: added ADD and ALTER column flows for Snowflake tables by @SvampX

- (#183) INT-1766: Add SnowflakePrimaryKey snapshot infrastructure for generateChangeLog by @KushnirykOleh

- (#186) INT-1773: fix redundant generated dropColumn, dropPk and dropFk in diff-changelog by @HorbatenkoYehor

- (#185) INT-1787: added handled columns for Unexpected/Missnig tables. Added filtering of liquibase system tables for generating changelog flows. by @SvampX

- (#180) INT-1769: Include schema name in column toString() for diff reports by @KushnirykOleh

- (#191) INT-1793: update docs related to tables by @HorbatenkoYehor

- (#3239) INT-1794: Fix @CommandOverride chaining and supportedDatabases fallback by @filipelautert

Spring Boot Integration with Liquibase Flows

- (#2776) DAT-20671 Implement value providers to allow flow variables to be used in Liquibase commands by @wwillard7800

- (#2790) DAT-20715 Support absolute paths in Flow conditionals by @wwillard7800

- (#3147) DAT-21670: Spring :: db credentials and changelog can be passed with application.properties by @filipelautert

- (#3023) DAT-21220: Add classpath-relative path support for Spring Boot configuration by @filipelautert

- (#2963) DAT-20502 - New springboot properties by @filipelautert

- (#2626) DAT-20662 Do not throw an exception when the exit code is 0 for control by @wwillard7800

Snapshots Performance and Status Messaging

- (#3174) Cache DatabaseMetadataService instances to reduce repeated log messages by @wwillard7800

- (#3152) INT-1558: fix exclude/include objects for diff command with offline snapshots by @HorbatenkoYehor

- (#3120) DAT-21245: Fix PostgreSQL generate-changelog sequence handling by @wwillard7800

- (#3142) DAT-21735: Fix Oracle snapshot regressions in ProOracleDatabaseMetadataService by @wwillard7800

- (#3061) DAT-21552 Oracle Query Streaming and generator work by @wwillard7800

- (#3078) DAT-21388 Handle empty array when building object name for report by @wwillard7800

- (#2965) DAT-21166 Work to fix memory leaks in Oracle database snapshot processing by @wwillard7800

- (#2952) DAT-21025 Add enumerated values to --diff-types CLI help for diff commands by @wwillard7800

- (#2980) DAT-21221: Add Pro parser enhancements for comprehensive line number extraction by @wwillard7800

Sensitive Information (PII/PHI) Policy Check

- (#339) [DAT-21339] Filter out IBAN false positives using IBANValidator by @andrulban

- (#341) [DAT-21342] Remove CUSTOM identifier from SensitiveInfoCheck by @andrulban

- (#338) [DAT-21341] Change IDENTIFIER_PATTERN description for multiple patterns by @andrulban

- (#348) DAT-21658: Integrate phileas, update date handling by @abrackx

- (#306) DAT-21164 Implement PII check for identifiers with secondary parameters by @wwillard7800

Policy Checks Performance

- (#330) DAT-21202: Add pre-parsing validation to avoid sql parsing failures by @abrackx

- (#335) DAT-21202: Add pre-parsing validation to avoid sql parsing failures by @abrackx

- (#327) DAT-21204 Fix memory leaks in processing checks and output by @wwillard7800

- (#328) DAT-21204 Fix memory leaks in processing checks and output by @filipelautert

- (#313) DAT-21046 Performance improvements with handling pending change sets by @wwillard7800

- (#310) DAT-21045 Compile regex maps in static initializer by @wwillard7800

- (#309) DAT-21044 Pre-compile patterns for the MaxAffected* checks by @wwillard7800

- (#311) DAT-21048fix: optimize findSkippedChecksForChain to O(n) complexity by @wwillard7800

- (#314) DAT-21047 Pre-compile regex patterns in policy checks for performance optimization by @wwillard7800

- (#308) DAT-21043 Added cache for OperatorEnum.REGEXP for performance improvement by @wwillard7800

- (#289) DAT-20846 Always call returnAtEndOfRule to return from rule by @wwillard7800

- (#239) DAT-17932 Allow any check to be disabled by @wwillard7800

- (#349) DAT-21665: Improve regex check performance for large SQL files by @wwillard7800

- (#350) DAT-21664 Optimize regex-based policy checks performance by @wwillard7800

- (#347) Enhance ChecksFileAccessor with filesystem fallback by @filipelautert

Policy Checks Enhancements

- (#307) DAT-21172: Auto-enable checks when customized in headless mode by @wwillard7800

- (#296) DAT-21008 New command to customize check with input from JSON config and no prompting by @wwillard7800

- (#295) DAT-20691 Populate the report model when creating JSON checks output by @wwillard7800

- (#348) DAT-21658: Integrate phileas, update date handling by @abrackx

- (#344) DAT-21704: Add Generated SQL indicator for modeled changesets by @wwillard7800

- (#318) DAT-21221: Implement JSON line number extraction for enhanced policy check reporting by @wwillard7800

- (#402) DAT-21336: Fix textual date detection in SensitiveInfoCheck by @wwillard7800

- (#2914) DAT-21164 Update liquibase-checks module by @wwillard7800

- (#3207) DAT-21336: Fix textual date detection in SensitiveInfoCheck by @wwillard7800

Validate Command with Strict Mode

- (#2904) Validate command step added by @MalloD12

- (#3208) DAT-21821 :: Fix 'comment' attribute is being reported as an invalid changeset attribute by @MalloD12

- (#3134) DEVX-1432 :: Support added to report validation error when trying to use an assignment symbol other than ':' by @MalloD12

- (#3202) DAT-21786 :: Add support to validate and report if rollbackSqlFile path does not exists by @MalloD12

- (#3188) DAT-21798 :: Improve include/includeAll error message to be more user-friendly when file or directory specified does not exist by @MalloD12

- (#3182) DAT-21795 :: Fix rollback as a invalid changeset attribute validation by @MalloD12

- (#3178) DAT-21781 :: Fix YAML changelog content extractor by @MalloD12

- (#3175) DAT-21785 :: Fix include/includeAll file path/directory validation for SQL changelog by @MalloD12

- (#3167) DAT-21781 :: Fix YAML changelog content extractor by @MalloD12

- (#3136) DAT-21669 :: Fix parameter parsing error when it's specified after a command without a value by @MalloD12

- (#3122) DEVX-1138 :: Validate error message support added when header is malformed by @MalloD12

- (#3109) DAT-21669 :: Boolean parameter logic updated to set parameters specifying value or not by @MalloD12

- (#3115) DAT-21672 :: Support to make --strict left/right tolerant by @MalloD12

- (#2988) DEVX-1361 :: Avoid reporting valid JSON attributes like _HELP / _DESC by @MalloD12

- (#2990) DEVX-1362 :: Filters updated to not accept null string values by @MalloD12

- (#2987) DEVX-1363 :: Fix ignore commented changeset issue by @MalloD12

- (#2984) DEVX-1383 :: Fix for ID extraction for SQL changeset content extractor by @MalloD12

- (#3231) Fix parsing of formatted SQL changeset attributes with spaces after colons by @filipelautert

Troubleshooting Mode (“Support Report”)

- (#3121) INT-1576 - Troubleshooting Mode :: Implementation work by @RomanDeveloperAcc

MongoDB and Databricks Fixes

- (#410) Remove unsupported database checks for MongoDB commands and update pom.xml configuration by @filipelautert

- (#415) DAT-21186 Do not allow MongoDbGenerateChangelogCommandStep to execute base class method by @wwillard7800

- (#405) INT-1482: FIX false positive success message for not implemented generate-changelog and diff-changelog commands by @HorbatenkoYehor

- (#397) DAT-20820 Added supports method to parser by @wwillard7800

- (#215) DAT-21037: Add getDisplayName() for proper capitalization in user output by @wwillard7800

- (#231) fix: skip bulk population for TABLE-returning functions in Pro snapshot generator by @filipelautert

- (#227) fix: prevent duplicate EnableArrow/UserAgentEntry in Pro connection wrapper by @filipelautert

- (#217) Add ChangeGenerator dependency cycle test by @wwillard7800

Updates, Bugs, and Tech Debt

- (#2759) DAT-20059 Do not put the SQL parameter in quotes, as it will not be recognized as a parameter by @wwillard7800

- (#2798) DAT-20975 Handle spaces in the Java version check by @wwillard7800

- (#2795) DAT-20879 Exit with error code after running Liquibase by @wwillard7800

- (#2852) DAT-21040 Fix liquibase.bat file to use the Windows find.exe not bash find This fixes an issue with flow executing shell commands by @wwillard7800

- (#2748) DAT-20539 Added logging and query timings for snapshot command by @wwillard7800

- (#3077) DAT-21595 Validate formatted SQL output changelog file early by @wwillard7800

- (#2851) DAT-21041 Rework absolute path handling for Windows by @wwillard7800

- (#3151) DAT-21265 :: Jdbc drivers upgrade by @MalloD12

- (#3002) DAT-21281 Remove splitStatements:false setting for DB2 generated changelogs by @wwillard7800

- (#2977) DAT-21021 Improve error messages for unexpected/unmatched args by @wwillard7800

- (#2945) INT-1522 Enhances the command override mechanism in Liquibase to support multiple overrides per command step by @filipelautert

- (#2899) DAT-21102 Do not use the UI service before the Classloader is in place by @wwillard7800

- (#2876) DAT-20966 Allow generateChangelog to accept a Postgres output changelog that does not have the postgresql string in it by @wwillard7800

- (#2893) DAT-20660 Use the getVisibleUrl() method to display the URL for history and status commands by @wwillard7800

- (#3133) DAT-21704: Rename _yamlJsonSourceLineNumber to _sourceTagLineNumber by @wwillard7800

- (#2900) DAT-21160 Filter out CommandLineConnectionPatterns for JDBC URLs by @wwillard7800

- (#2903) feat: enable multiple database-specific CommandStep overrides by @filipelautert

- (#2861) DAT-20813 : Handle obfuscating command line arguments in executeShellCommand changes by adding the new obfuscate attribute by @wwillard7800

- (#2702) DAT-20566 Handle formatted SQL changelogs that contain empty rollback lines by @wwillard7800

- (#2700) DAT-20695 Handle edge case where the space is located at the beginning of a line by @wwillard7800

- (#3113) DAT-21555: Integrate commercial couchbase into distribution by @abrackx

- (#3158) Update liquibase-commercial-couchbase submodule to fix Maven build by @wwillard7800

- (#3032) DAT-21331 Optimize message and update liquibase-commercial-databricks by @wwillard7800

- (#2958) DAT-21186 Update liquibase-commercial-mongodb submodule by @wwillard7800

- (#3162) Remove unused LiquibaseCouchbaseFileValueProvider and associated service configuration. by @filipelautert

Contributors

Special thanks to all contributors who made this release possible: @abrackx, @andrulban, @filipelautert, @jandroav, @wwillard7800, @HorbatenkoYehor, @KushnirykOleh, @MalloD12, @RomanDeveloperAcc, @SvampX, @jnewton03, @obovsunivskyii, @rberezen, @sayaliM0412,, @Copilot, @dependabot