Notable Changes
Notable changes
Security
- security:Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration.Fix
channel binding requiredhandling to reject non-SASL authenticationPreviously, when channel binding was set to “require”, the driver would silently ignore thisrequirement for non-SASL authentication methods. This could lead to a false sense of securitywhen channel binding was explicitly requested but not actually enforced. The fix ensures that whenchannel binding is set to “require”, the driver will reject connections that usenon-SASL authentication methods or when SASL authentication has not completed properly.See theSecurity Advisory for more detail. Reported byGeorge MacKerronThe followingCVE-2025-49146 has been issued