| title | Database Engine: Breaking changes | |
|---|---|---|
| titleSuffix | SQL Server 2017 | |
| description | Learn about changes that might break applications, scripts, or functionalities that are based on earlier versions of SQL Server. | |
| author | MikeRayMSFT | |
| ms.author | mikeray | |
| ms.reviewer | randolphwest | |
| ms.date | 07/09/2024 | |
| ms.service | sql | |
| ms.subservice | release-landing | |
| ms.topic | conceptual | |
| helpviewer_keywords |
|
|
| monikerRange | >=sql-server-2017 || >=sql-server-linux-2017 |
[!INCLUDE SQL Server 2017]
This article describes breaking changes in the [!INCLUDE sssql17-md] [!INCLUDE ssDE]. These changes might break applications, scripts, or functionalities that are based on earlier versions of [!INCLUDE ssNoVersion]. You might encounter these issues when you upgrade.
-
CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. Beginning with [!INCLUDE sssql17-md] [!INCLUDE ssDE], an
sp_configureoption calledclr strict securityis introduced to enhance the security of CLR assemblies. clr strict security is enabled by default, and treatsSAFEandEXTERNAL_ACCESSCLR assemblies as if they were markedUNSAFE. Theclr strict securityoption can be disabled for backward compatibility, but this isn't recommended. Whenclr strict securityis disabled, a CLR assembly created withPERMISSION_SET = SAFEmight be able to access external system resources, call unmanaged code, and acquire sysadmin privileges. After enabling strict security, any assemblies that aren't signed will fail to load. Also, if a database hasSAFEorEXTERNAL_ACCESSassemblies,RESTOREorATTACH DATABASEstatements can complete, but the assemblies might fail to load.To load the assemblies, you must either alter or drop and recreate each assembly so that it's signed with a certificate or asymmetric key that has a corresponding login with the
UNSAFE ASSEMBLYpermission on the server. For more information, see CLR strict security. -
The MD2, MD4, MD5, SHA, and SHA1 algorithms are deprecated in [!INCLUDE sssql15-md]. Up to [!INCLUDE sssql15-md], a self-signed certificate is created using SHA1. Starting with [!INCLUDE ssSQL17], a self-signed certificate is created using SHA2_256.
- Breaking changes to Database Engine features in SQL Server 2016
- Breaking Changes to Database Engine Features in SQL Server 2014
[!INCLUDE previous-versions-archive-documentation-sql-server]