Skip to content

Tags: sqlpage/SQLPage

Tags

v0.44.0

Verified

This tag was signed with the committer’s verified signature.
lovasoa Ophir LOJKINE
SSH Key Fingerprint: knGW9lNdUzrCUyo4HurFBqW2qH0+w5m5Dn0gVBM4E6M
Verified
Learn about vigilant mode

v0.43.0

Toggle v0.43.0's commit message

Verified

This tag was signed with the committer’s verified signature.
lovasoa Ophir LOJKINE
SSH Key Fingerprint: knGW9lNdUzrCUyo4HurFBqW2qH0+w5m5Dn0gVBM4E6M
Verified
Learn about vigilant mode 
- OIDC protected and public paths now respect the site prefix when it…

… is defined.

- Fix: OIDC provider metadata refreshes now always happen in the background, and with a timeout. Previously, a slow OIDC provider could prevent SQLPage from handling requests for an arbitrary amount of time.
- Fix: forms without submit or reset buttons no longer keep extra bottom spacing.
- add submit and reset form button icons: validate_icon, reset_icon, reset_color
- improve error messages when sqlpage functions are used incorrectly. Include precise file reference and line number
- updated sql parser: https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.61.0.md

v0.42.0

Toggle v0.42.0's commit message 
- **New Function**: `sqlpage.web_root()` - Returns the web root direc…

…tory where SQLPage serves `.sql` files from. This is more reliable than `sqlpage.current_working_directory()` when you need to reference the location of your SQL files, especially when the `--web-root` argument or `WEB_ROOT` environment variable is used.

- **New Function**: `sqlpage.configuration_directory()` - Returns the configuration directory where SQLPage looks for `sqlpage.json`, templates, and migrations. Useful when you need to reference configuration-related files in your SQL code.
- fix: The default welcome page (`index.sql`) now correctly displays the web root and configuration directory paths instead of showing the current working directory.
- fix: `sqlpage.variables()` now does not return json objects with duplicate keys when post, get and set variables of the same name are present. The semantics of the returned values remains the same (precedence: set > post > get).
- add support for some duckdb-specific (like `select {'a': 1, 'b': 2}`), and oracle-specific syntax dynamically when connected through odbc.
- better oidc support. Single-sign-on now works with sites:
  - using a non-default `site_prefix`
  - hosted behind an ssl-terminating reverse proxy
- New docker image variant: `lovasoa/sqlpage:latest-duckdb`, `lovasoa/sqlpage:main-duckdb` with preconfigured duckdb odbc drivers.
- New config option: `cache_stale_duration_ms` to control the duration for which cached sql files are considered fresh.

v0.41.0

Toggle v0.41.0's commit message 
 - **New Function**: `sqlpage.oidc_logout_url(redirect_uri)` - Genera…

…tes a secure logout URL for OIDC-authenticated users with support for [RP-Initiated Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout)

 - Fix compatibility with Auth0 for OpenID-Connect authentification. See ramosbugs/openidconnect-rs#23
 - updated sql parser: https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.60.0.md
 - updated apexcharts to 5.3.6:
   - apexcharts/apexcharts.js@v5.3.0...v5.3.6
   - https://github.com/apexcharts/apexcharts.js/releases/tag/v5.3.6
 - re-add the `lime` color option to charts
 - update default chart color palette; use [Open Colors](https://yeun.github.io/open-color/)
   - <img width="2077" height="978" alt="image" src="https://github.com/user-attachments/assets/839bd318-c4cd-419c-8f04-a583399e0512" />
 - re-enable text drop shadow in chart data labels

v0.40.0

Toggle v0.40.0's commit message 
performance improvements, bug fixes, backwards incompatible variable

handling changes

- OIDC login redirects now use HTTP 303 responses so POST submissions are converted to safe GET requests before reaching the identity provider, fixing incorrect reuse of the original POST (HTTP 307) that could break standard auth flows.
 - SQLPage now respects [HTTP accept headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept) for JSON. You can now easily process the contents of any existing sql page programmatically with:
    - `curl -H "Accept: application/json" http://example.com/page.sql`: returns a json array
    - `curl -H "Accept: application/x-ndjson" http://example.com/page.sql`: returns one json object per line.
 - Fixed a bug in `sqlpage.link`: a link with no path (link to the current page) and no url parameter now works as expected. It used to keep the existing url parameters instead of removing them. `sqlpage.link('', '{}')` now returns `'?'` instead of the empty string.
 - `sqlpage.fetch(null)` and `sqlpage.fetch_with_meta(null)` now return `null` instead of throwing an error.
 - **New Function**: `sqlpage.set_variable(name, value)`
   - Returns a URL with the specified variable set to the given value, preserving other existing variables.
   - This is a shorthand for `sqlpage.link(sqlpage.path(), json_patch(sqlpage.variables('get'), json_object(name, value)))`.
 - **Variable System Improvements**: URL and POST parameters are now immutable, preventing accidental modification. User-defined variables created with `SET` remain mutable.
   - **BREAKING**: `$variable` no longer accesses POST parameters. Use `:variable` instead.
     - **What changed**: Previously, `$x` would return a POST parameter value if no GET parameter named `x` existed.
     - **Fix**: Replace `$x` with `:x` when you need to access form field values.
     - **Example**: Change `SELECT $username` to `SELECT :username` when reading form submissions.
   - **BREAKING**: `SET $name` no longer makes GET (URL) parameters inaccessible when a URL parameter with the same name exists.
     - **What changed**: `SET $name = 'value'` would previously overwrite the URL parameter `$name`. Now it creates an independent SET variable that shadows the URL parameter.
     - **Fix**: This is generally the desired behavior. If you need to access the original URL parameter after setting a variable with the same name, extract it from the JSON returned by `sqlpage.variables('get')`.
     - **Example**: If your URL is `page.sql?name=john`, and you do `SET $name = 'modified'`, then:
       - `$name` will be `'modified'` (the SET variable)
       - The original URL parameter is still preserved and accessible:
         - `sqlpage.variables('get')->>'name'` returns `'john'`
   - **New behavior**: Variable lookup now follows this precedence:
     - `$variable` checks SET variables first, then URL parameters
     - SET variables always shadow URL/POST parameters with the same name
   - **New sqlpage.variables() filters**:
     - `sqlpage.variables('get')` returns only URL parameters as JSON
     - `sqlpage.variables('post')` returns only POST parameters as JSON
     - `sqlpage.variables('set')` returns only user-defined SET variables as JSON
     - `sqlpage.variables()` returns all variables merged together, with SET variables taking precedence
   - **Deprecation warnings**: Using `$var` when both a URL parameter and POST parameter exist with the same name now shows a warning. In a future version, you'll need to explicitly choose between `$var` (URL) and `:var` (POST).
 - Improved performance of `sqlpage.run_sql`.
   - On a simple test that just runs 4 run_sql calls, the new version is about 2.7x faster (15,708 req/s vs 5,782 req/s) with lower latency (0.637 ms vs 1.730 ms per request).
 - add support for postgres range types

v0.39.1

Toggle v0.39.1's commit message 
v0.39.1 (2025-11-08)

 - More precise server timing tracking to debug performance issues
 - Fix missing server timing header in some cases
 - Implement nice error messages for some header-related errors such as invalid header values.
 - `compress_responses` is now set to `false` by default in the configuration.
  - When response compression is enabled, additional buffering is needed. Users reported a better experience with pages that load more progressively, reducing the time before the pages' shell is rendered.
  - When SQLPage is deployed behind a reverse proxy, compressing responses between sqlpage and the proxy is wasteful.
 - In the table component, allow simple objects in custom_actions instead of requiring arrays of objects.
 - Fatser icon loading. Previously, even a page containing a single icon required downloading and parsing a ~2MB file. This resulted in a delay where pages initially appeared with a blank space before icons appeared. Icons are now inlined inside pages and appear instantaneously.
 - Updated tabler icons to 3.35
 - Fix inaccurate ODBC warnings
 - Added support for Microsoft SQL Server named instances: `mssql://user:pass@localhost/db?instance_name=xxx`
 - Added a detailed [performance guide](https://sql-page.com/blog?post=Performance+Guide) to the docs.

v0.39.0

Toggle v0.39.0's commit message 
improved errors, table action URLs, Server-Timing, ODBC fixes, new lo…

…gin component.

 - Ability to execute sql for URL paths with another extension. If you create sitemap.xml.sql, it will be executed for example.com/sitemap.xml
 - Display source line info in errors even when the database does not return a precise error position. In this case, the entire problematic SQL statement is referenced.
 - The shell with a vertical sidebar can now have "active" elements, just like the horizontal header bar.
 - New `edit_url`, `delete_url`, and `custom_actions` properties in the [table](https://sql-page.com/component.sql?component=table) component to easily add nice icon buttons to a table.
 - SQLPage now sets the [`Server-Timing` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing) in development. So when you have a page that loads slowly, you can open your browser's network inspector, click on the slow request, then open the timing tab to understand where it's spending its time.
   - <img width="1250" height="1263" alt="image" src="https://github.com/user-attachments/assets/6781a31f-e342-4e8c-8506-bc47049ce313" />
 - Fixed a memory corruption issue in the builtin odbc driver manager
 - ODBC: fix using globally installed system drivers by their name in debian-based linux distributions.
 - New [login](https://sql-page.com/component.sql?component=table) component.

v0.38.0

Toggle v0.38.0's commit message 
Now SQLPage can connect to ANY relational database

 - Added support for the Open Database Connectivity (ODBC) standard.
   - This makes SQLPage compatible with many new databases, including:
    - [*ClickHouse*](https://github.com/ClickHouse/clickhouse-odbc),
    - [*MongoDB*](https://www.mongodb.com/docs/atlas/data-federation/query/sql/drivers/odbc/connect),
    - [*DuckDB*](https://duckdb.org/docs/stable/clients/odbc/overview.html), and through it [many other data sources](https://duckdb.org/docs/stable/data/data_sources),
    - [*Oracle*](https://www.oracle.com/database/technologies/releasenote-odbc-ic.html),
    - [*Snowflake*](https://docs.snowflake.com/en/developer-guide/odbc/odbc),
    - [*BigQuery*](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers),
    - [*IBM DB2*](https://www.ibm.com/support/pages/db2-odbc-cli-driver-download-and-installation-information),
    - [*Trino*](https://docs.starburst.io/clients/odbc/odbc-v2.html), and through it [many other data sources](https://trino.io/docs/current/connector.html)
 - Added a new `sqlpage.hmac()` function for cryptographic HMAC (Hash-based Message Authentication Code) operations.
   - Create and verify secure signatures for webhooks (Shopify, Stripe, GitHub, etc.)
   - Generate tamper-proof tokens for API authentication
   - Secure download links and temporary access codes
   - Supports SHA-256 (default) and SHA-512 algorithms
   - Output formats: hexadecimal (default) or base64 (e.g., `sha256-base64`)
   - See the [function documentation](https://sql-page.com/functions.sql?function=hmac) for detailed examples
 - Fixed a slight spacing issue in the list components empty value display.
 - Improved performance of setting a variable to a literal value. `SET x = 'hello'` is now executed locally by SQLPage and does not send anything to the database. This completely removes the cost of extracting static values into variables for cleaner SQL files.
 - Enable arbitrary precision in the internal representation of numbers. This guarantees zero precision loss when the database returns very large or very small DECIMAL or NUMERIC values.

v0.38.0-beta.1

Toggle v0.38.0-beta.1's commit message 
Adds support for many new database systems through ODBC. This is a be…

…ta version, please report any bug you may find.

v0.37.1

Toggle v0.37.1's commit message 
small bugfix release

 - fixed decoding of UUID values
 - Fixed handling of NULL values in `sqlpage.link`. They were encoded as the string `'null'` instead of being omitted from the link's parameters.
 - Enable submenu autoclosing (on click) in the shell. This is not ideal, but this prevents a bug introduced in v0.36.0 where the page would scroll back to the top when clicking anywhere on the page after navigating from a submenu. The next version will fix this properly. See #1011
 - Adopt the new nice visual errors introduced in v0.37.1 for '403 Forbidden' and '429 Too Many Requests' errors.
 - Fix a bug in oidc login flows. When two tabs in the same browser initiated a login at the same time, an infinite redirect loop could be triggered. This mainly occured when restoring open tabs after a period of inactivity, often in mobile browsers.
 - Multiple small sql parser improvements.
   - Adds support for MERGE queries inside CTEs, and MERGE queries with a RETURNING clause.
   -  https://github.com/apache/datafusion-sqlparser-rs/blob/main/changelog/0.59.0.md