Pymysql

Release date: 2024-05-21

> [!WARNING]
> This release fixes a vulnerability (CVE-2024-36039).
> All users are recommended to update to this version.
>
> If you can not update soon, check the input value from
> untrusted source has an expected type. Only dict input
> from untrusted source can be an attack vector.

* Prohibit dict parameter for `Cursor.execute()`. It didn't produce valid SQL
and might cause SQL injection. (CVE-2024-36039)
* Added ssl_key_password param. 1145

Release date: 2023-06-26

* Fixed SSCursor raising OperationalError for query timeouts on wrong statement (1032)
* Exposed `Cursor.warning_count` to check for warnings without additional query (1056)
* Make Cursor iterator (995)
* Support '_' in key name in my.cnf (1114)
* `Cursor.fetchall()` returns empty list instead of tuple (1115). Note that `Cursor.fetchmany()` still return empty tuple after reading all rows for compatibility with Django.
* Deprecate Error classes in Cursor class (1117)
* Add `Connection.set_character_set(charset, collation=None)`. This method is compatible with mysqlclient. (1119)
* Deprecate `Connection.set_charset(charset)` (1119)
* New connection always send "SET NAMES charset [COLLATE collation]" query. (1119)
Since collation table is vary on MySQL server versions, collation in handshake is fragile.
* Support `charset="utf8mb3"` option (1127)

Release date: 2023-03-28

* Dropped support of end of life MySQL version 5.6
* Dropped support of end of life MariaDB versions below 10.3
* Dropped support of end of life Python version 3.6
* Removed `_last_executed` because of duplication with `_executed` by rajat315315 in https://github.com/PyMySQL/PyMySQL/pull/948
* Fix generating authentication response with long strings by netch80 in https://github.com/PyMySQL/PyMySQL/pull/988
* update pymysql.constants.CR by Nothing4You in https://github.com/PyMySQL/PyMySQL/pull/1029
* Document that the ssl connection parameter can be an SSLContext by cakemanny in https://github.com/PyMySQL/PyMySQL/pull/1045
* Raise ProgrammingError on -np.inf in addition to np.inf by cdcadman in https://github.com/PyMySQL/PyMySQL/pull/1067
* Use Python 3.11 release instead of -dev in tests by Nothing4You in https://github.com/PyMySQL/PyMySQL/pull/1076

Release date: 2021-01-09

* Fix `user`, `password`, `host`, `database` are still positional arguments.
All arguments of `connect()` are now keyword-only. (941)

Release date: 2021-01-08

* Stop emitting DeprecationWarning for use of ``db`` and ``passwd``.
Note that they are still deprecated. (939)
* Add ``python_requires=">=3.6"`` to setup.py. (936)

Release date: 2021-01-07

Backward incompatible changes:

* Python 2.7 and 3.5 are not supported.
* ``connect()`` uses keyword-only arguments. User must use keyword argument.
* ``connect()`` kwargs ``db`` and ``passwd`` are now deprecated; Use ``database`` and ``password`` instead.
* old_password authentication method (used by MySQL older than 4.1) is not supported.
* MySQL 5.5 and MariaDB 5.5 are not officially supported, although it may still works.
* Removed ``escape_dict``, ``escape_sequence``, and ``escape_string`` from ``pymysql``
module. They are still in ``pymysql.converters``.

Other changes:

* Connection supports context manager API. ``__exit__`` closes the connection. (886)
* Add MySQL Connector/Python compatible TLS options (903)
* Major code cleanup; PyMySQL now uses black and flake8.