We just shipped mssql-django 1.7.2, the Django backend for Microsoft SQL Server and Azure SQL. It's a small patch release but the timezone fixes are worth flagging if you use DATETIMEOFFSET columns or Now() with USE_TZ=True.

What's fixed:

• DATETIMEOFFSET returns timezone-aware datetimes. The backend was dropping the offset embedded in SQL Server's binary DATETIMEOFFSET representation, so values came back naive (or worse, silently reinterpreted). Now they come back with the right tzinfo attached. (#484, closes #371 and #136)
• Now() emits SYSDATETIMEOFFSET() when USE_TZ=True**.** It was emitting SYSDATETIME(), which returns the SQL Server host's local time with no offset, so timestamps were silently shifted on non-UTC hosts. USE_TZ=False still gets SYSDATETIME().
• QuerySet.explain() no longer raises AttributeError on Django 4.0+. Django 4.0 replaced query.explain_format / query.explain_options with query.explain_info; the compiler hadn't been updated. (#524, closes #409)
• Removed a return inside a finally block in a test utility that was swallowing BaseException subclasses, including KeyboardInterrupt. (#526, closes #417)

If you previously worked around the DATETIMEOFFSET issue by manually attaching tzinfo to values, you'll want to review those workarounds — values from the ORM are now tz-aware by default.

Supported: Django 3.2 through 6.0, Python 3.8 through 3.14, SQL Server 2017 / 2019 / 2022 / 2025, Azure SQL DB / Managed Instance, ODBC Driver 17 or 18.

pip install --upgrade mssql-django

• Full blog post: https://techcommunity.microsoft.com/blog/sqlserver/announcing-mssql-django-1-7-2/4522336
• Release PR: https://github.com/microsoft/mssql-django/pull/528
• Repo / issues: https://github.com/microsoft/mssql-django

We just shipped mssql-django 1.7.2, the Django backend for Microsoft SQL Server and Azure SQL. It's a small patch release but the timezone fixes are worth flagging if you use DATETIMEOFFSET columns or Now() with USE_TZ=True.

What's fixed:

• DATETIMEOFFSET returns timezone-aware datetimes. The backend was dropping the offset embedded in SQL Server's binary DATETIMEOFFSET representation, so values came back naive (or worse, silently reinterpreted). Now they come back with the right tzinfo attached. (#484, closes #371 and #136)
• Now() emits SYSDATETIMEOFFSET() when USE_TZ=True**.** It was emitting SYSDATETIME(), which returns the SQL Server host's local time with no offset, so timestamps were silently shifted on non-UTC hosts. USE_TZ=False still gets SYSDATETIME().
• QuerySet.explain() no longer raises AttributeError on Django 4.0+. Django 4.0 replaced query.explain_format / query.explain_options with query.explain_info; the compiler hadn't been updated. (#524, closes #409)
• Removed a return inside a finally block in a test utility that was swallowing BaseException subclasses, including KeyboardInterrupt. (#526, closes #417)

If you previously worked around the DATETIMEOFFSET issue by manually attaching tzinfo to values, you'll want to review those workarounds — values from the ORM are now tz-aware by default.

Supported: Django 3.2 through 6.0, Python 3.8 through 3.14, SQL Server 2017 / 2019 / 2022 / 2025, Azure SQL DB / Managed Instance, ODBC Driver 17 or 18.

pip install --upgrade mssql-django

• Full blog post: https://techcommunity.microsoft.com/blog/sqlserver/announcing-mssql-django-1-7-2/4522336
• Release PR: https://github.com/microsoft/mssql-django/pull/528
• Repo / issues: https://github.com/microsoft/mssql-django

We just shipped 1.7.1 of mssql-python, Microsoft's official Python driver for SQL Server.

What's in 1.7.1

• UTF-16 string handling now goes through simdutf + std::u16string. Every string round-trip between Python and the native driver is meaningfully cheaper.
• execute() hot path got a soft-reset + prepare-cache + guarded-diagnostics pass. Helpful for workloads doing lots of small statements.
• connect() no longer hangs when your network path goes through an in-process SSH tunnel (paramiko + sshtunnel). Root cause was a SQLSetConnectAttr call holding the GIL while paramiko's transport thread needed it to forward bytes. Classic.
• Login failures now raise a proper mssql_python exception type instead of a bare RuntimeError. (issue #532)
• executemany no longer trips over decimal sign changes between rows.
• VARCHAR CP1252 data now reads back the same on Windows and Linux. (issue #468)
• manylinux_2_28 wheels so RHEL 8 / glibc 2.28 works out of the box.
• macOS Python 3.10 gets a proper universal2 wheel now.

pip install -U mssql-python and you're done.

The PyPI side of the story

This release also hit the PyPI per-project storage quota. The driver bundles the Microsoft ODBC binaries for every supported OS / architecture / Python version, so the wheel matrix is large and growing. To make 1.7.1 fit, we removed the old 1.0.0-alpha and 1.x.x-beta wheels. None of those were recommended for production and the GA line supersedes them all, so if you were on one of those, time to move.

We're attacking the underlying problem from two directions in parallel:

1. Splitting up the deployment so wheels carry less weight (likely by separating the bundled native binaries from the main wheel).
2. A storage quota increase request with PyPI.

The quota bump is the short-term buffer; the split is the durable fix.

Links

• Full blog post: https://techcommunity.microsoft.com/blog/sqlserver/mssql-python-1-7-1-and-the-case-of-the-missing-megabytes/4521991
• Release: https://github.com/microsoft/mssql-python/releases (1.7.1)
• Repo / issues: https://github.com/microsoft/mssql-python
• PyPI: https://pypi.org/project/mssql-python/

Happy to answer questions about any of the perf work, the SSH-tunnel fix root cause, or the deployment-splitting plan in the comments.

5.13.1 is out with several fixes for the sqlsrv and pdo_sqlsrv extensions:

• Access token leak in pooled connections - Connections with different access tokens could share the same pool entry, causing identity cross-contamination and use-after-free. Fixed by incorporating the token into the pool key.
• Silent INSERT failure - Prepared INSERTs could silently fail when triggers or SET NOCOUNT OFF produce extra result sets, causing implicit rollback with MARS enabled.
• Fatal error re-executing prepared statements - Re-executing a prepared statement returning multiple result sets with different column layouts could crash. Metadata is now properly freed between executions.
• sqlsrv_errors() returning null - After a failed connection with no ODBC diagnostic records, sqlsrv_errors() returned null instead of the actual error.
• Stream invalidation - Binary streams became invalid when the originating statement went out of scope.

Drop-in upgrade from 5.13.0, no API changes. Supports PHP 8.3/8.4/8.5.

Install: pecl install sqlsrv / pecl install pdo_sqlsrv

Full blog post: https://techcommunity.microsoft.com/blog/sqlserver/announcing-microsoft-drivers-5-13-1-for-php-for-sql-server/4516258

GitHub: https://github.com/microsoft/msphpsql

Docs: https://learn.microsoft.com/sql/connect/php/microsoft-php-driver-for-sql-server

5.13.1 is out with several fixes for the sqlsrv and pdo_sqlsrv extensions:

• Access token leak in pooled connections - Connections with different access tokens could share the same pool entry, causing identity cross-contamination and use-after-free. Fixed by incorporating the token into the pool key.
• Silent INSERT failure - Prepared INSERTs could silently fail when triggers or SET NOCOUNT OFF produce extra result sets, causing implicit rollback with MARS enabled.
• Fatal error re-executing prepared statements - Re-executing a prepared statement returning multiple result sets with different column layouts could crash. Metadata is now properly freed between executions.
• sqlsrv_errors() returning null - After a failed connection with no ODBC diagnostic records, sqlsrv_errors() returned null instead of the actual error.
• Stream invalidation - Binary streams became invalid when the originating statement went out of scope.

Drop-in upgrade from 5.13.0, no API changes. Supports PHP 8.3/8.4/8.5.

Install: pecl install sqlsrv / pecl install pdo_sqlsrv

Full blog post: https://techcommunity.microsoft.com/blog/sqlserver/announcing-microsoft-drivers-5-13-1-for-php-for-sql-server/4516258

GitHub: https://github.com/microsoft/msphpsql

Docs: https://learn.microsoft.com/sql/connect/php/microsoft-php-driver-for-sql-server

We just released v1.6 of mssql-python, our official Python driver for SQL Server, Azure SQL, and SQL databases in Fabric.

We now release the GIL during connect and disconnect. If you're running a threaded web server (Flask, FastAPI, Django, gunicorn with threads), opening a database connection used to freeze every other Python thread in the process while DNS, TLS, and auth completed. Now your other threads keep running. The connection pool was also reworked to prevent a lock-ordering deadlock that the GIL release would have introduced.

If you're doing concurrent database work, this is a meaningful throughput improvement with zero code changes on your side.

Bug fixes

Decimal parameters with setinputsizes: cursor.setinputsizes() crashed when you specified SQL_DECIMAL or SQL_NUMERIC type hints. Fixed for both execute() and executemany():

cursor.setinputsizes([
    (mssql_python.SQL_WVARCHAR, 100, 0),
    (mssql_python.SQL_INTEGER, 0, 0),
    (mssql_python.SQL_DECIMAL, 18, 2),
])
cursor.executemany(
    "INSERT INTO Products (Name, CategoryID, Price) VALUES (?, ?, ?)",
    [("Widget", 1, Decimal("19.99")), ("Gadget", 2, Decimal("29.99"))],
)

Catalog method iteration: cursor.tables(), cursor.columns(), cursor.primaryKeys(), and other catalog methods now return correct results when iterated with fetchone(). Row tracking was off in previous versions.

Prepared statement reuse: cursor.execute() with reset_cursor=False no longer raises "Invalid cursor state".

Security

Password masking: if your password contains semicolons or braces (PWD={Top;Secret}), the old regex-based sanitizer could leak part of it in log output. We rewrote it to use the real connection string parser. Malformed strings are fully redacted.

Log path traversal: setup_logging(log_file_path=...) now rejects relative paths that attempt directory traversal.

Type annotations

executemany's seq_of_parameters now accepts Mapping types, matching the DB API 2.0 spec for named parameters. No more type checker warnings when passing dicts.

pip install --upgrade mssql-python

Blog post: mssql-python 1.6: Unblocking Your Threads