Version: [3544] Snowflake Connector for QGIS 1.0.16

Added
Cost attribution / telemetry - every plugin-issued query is tagged
with a QUERY_TAG describing the operation and target layer, so usage
is filterable in QUERY_HISTORY.
Temporal animation - Snowflake layers auto-detect a timestamp column,
enable temporal properties, and seed the controller with the column's
real MIN/MAX range.
Cooperative query cancellation - long-running queries can be
interrupted instead of blocking.
Non-geometry tables in the browser - plain tables now appear under a
"Tables (no geometry)" group, with clear feedback for empty schemas.

Fixed
Plugin fails to load - resolved the QgsSqlExpressionCompiler import
crash by reimplementing the filter/subset compiler as a pure-Python
expression walker.
Layer load/render crash (ModuleNotFoundError in SFFeatureSource) -
removed a stray sys.path entry that loaded the plugin's modules under
two names.
Auth-config leak - connections now reuse the existing stored QGIS auth
config instead of creating a new one on every layer load.
Field/type crashes - QgsField construction is now
QGIS-version-compatible (works on 3.34 through 3.44); fixed a bad
default for unknown Snowflake type codes.
Feature iterator - expression state is always initialized (no more
unset-attribute errors), server-side cursors are released on close,
and errors are logged instead of printed/swallowed.
Spatial filter pushdown - skipped when the map extent is outside valid
lon/lat range, avoiding Snowflake "Invalid Lng/Lat pair" errors.
Provider cache - reloads reset feature/count/extent caches while
preserving column order, and edits refresh the attribute table without
reopening the layer.

Security
SQL injection hardening - all identifiers, literals, and table names
route through centralized quoting; malicious quoted identifiers are
neutralized; backslash/quote breakouts in literals are escaped; JSON
payloads use safe $$ quoting.
Predicate / expression safety - free-text WHERE clauses are rejected
when they contain comments, statement terminators, or set operators;
QGIS filter/subset expressions are compiled (fail-closed to none)
rather than passed through raw.
Untrusted project files - values restored from .qgs/.qgz are
re-validated; edit capabilities are withheld for unordered/row-capped
result sets and re-check primary-key uniqueness before allowing edits.
Credential protection - cleartext passwords are never written (and
stale ones removed) when using encrypted auth; connection aliases are
hidden behind redacted authcfg= tokens in persisted URIs.
Content-injection hardening - server-controlled table names render as
plain text (no SMB/UNC leak), and ad-hoc SQL execution requires
explicit confirmation.

yes

snow

2026-07-06T17:04:23.642588+00:00

3.34.1

4.99.0

None

no

Version management

Plugin details