v5.0.1

See the Liquibase Community 5.0.1 Release Notes for the complete set of release information.

License corrections for Maven

The license block for Maven users has been corrected to use the Functional Source License (FSL).

• Name: Functional Source License, Version 1.1, ALv2 Future License
• URL: https://fsl.software/FSL-1.1-ALv2.template.md

Changelog

-(#​7350) Update licensing and documentation for Community distribution by @​filipelautert

Changes in version 5.0.0 (2025.09.30)

v5.0.0: Liquibase v5.0.0

Liquibase Community 5.0 is a major release

See the Liquibase Community 5.0 Release Notes for the complete set of release information.

⚠️ MAJOR CHANGES IN COMMUNITY AND COMMERCIAL DISTRIBUTIONS

Liquibase is evolving to better serve both open-source contributors and enterprise customers by introducing a clearer separation between its open source Community and the commercial Secure offering. This change is designed to ensure that each distribution is optimized for its respective users: providing open-source Community users with flexibility and control, while delivering scalability, reliability, and governance for Secure enterprise teams. The changes provide Liquibase Secure customers:

• Developer Productivity. Enable developers with autonomy and guardrails built directly into their daily workflow.
• Secure Automation. Embed governance, security, and compliance into every change automatically.
• Change Insights. Deliver audit-ready visibility so every change is trusted, explainable, and observable.

The new structure enables Liquibase to more effectively support developers at all stages—from experimentation and community collaboration to mission-critical deployments. Therefore, starting with this Liquibase 5.0 release, only the open source Community distribution is available at the traditional Github, Docker, and Maven access channels.

If you need the Secure commercial offering, please visit Liquibase.com

• Learn more Liquibase 5.0

Liquibase Community Licensing Change

Additionally, Liquibase Community is now licensed under the Functional Source License (FSL). See LICENSE file at the root of the distribution for details. Starting with Liquibase 5.0, contributors will be asked to sign a one-time Contributor License Agreement (CLA). This is handled automatically by CLA Assistant when you open your first pull request.

Liquibase 5.0 Community Release Notable Changes

Liquibase Package Manager (LPM) integrated to enable users to install, update, and manage their dependencies

• The open source Liquibase Community 5.0 ships without extensions, drivers, and many other packages and dependencies. This change provides a much lighter, modular, and customizable Liquibase experience for Community users. Importantly, this flexibility both allows and requires users to manage their Liquibase dependencies for their specific needs.
• Liquibase Package Manager is now integrated and available for use directly from within the Community CLI experience with a new liquibase lpm command as the preferred method for managing dependencies.
• Learn more at the LPM README

Liquibase Community 5.0+ ships with the Functional Source License (FSL)

• "The Functional Source License (FSL) is a Fair Source license that converts to Apache 2.0 or MIT after two years. It is designed for SaaS companies that value both user freedom and developer sustainability. FSL provides everything a developer needs to use and learn from your software without harmful free-riding."
• Learn more at https://fsl.software/

SnowFlake JDBC Driver CVE Fix

• Liquibase 5.0 patches a vulnerability found in Snowflake JDBC driver (CVE-2025-24789) and resolves issue with logicalfilepath reported in 4.31.0. Note: Neither open source Community nor the commercial Secure products were affected by this CVE.

Dropped support for Java 8 and Java 11

• The minimal Java dependency for Liquibase 5.0+ is Java 17. This update enables Liquiabase to build, test, and ship with modern and more secure dependencies.

ValueDate Checksum bug fix

• In the last release, an issue was introduced by a change in how valueDate was calculated and incorporated into the checksum calculations. This issue has been fixed by ensuring that rawDatevalue is excluded from checksum calculations.
• (#​7101) fix: prevent rawDateValue from being used for checksum calculations @​filipelautert

Changelog of Community PRs

🚀 New Features

• (#​7286) Allow anyAttribute in dbchangelog-latest.xsd complex types @​filipelautert
• (#​7190) Create LPM command (DAT-20511) @​filipelautert
• (#​7216) Deprecate Java 8/11 @​wwillard7800
• (#​7230) DAT-16042: Add test cases for SQL injection and HTML content pattern validation in SimpleSqlGrammarTest and StringUtilTest @​filipelautert
• (#​7214) INT-1414 - Implement credential obfuscation in SQL statements for Snowflake STAGE objects @​filipelautert
• (#​7202) INT-1416: refactored Unwrapping of DatabaseObject's inner objects while snapshot serialization @​SvampX
• (#​7199) Make Update Sql be Update SQL in command title @​wwillard7800
• (#​7177) [7176]: Mapped tag in History.Changeset @​hemanthsridhar
• (#​7144) Refactored to allow creation of a ChangelogPrintService for use by generateChangeLog and diffChangeLog operations @​wwillard7800
• (#​7104) Parameters for update SQL command @​wwillard7800
• (#​7118) Honor strip comments flag passed in scope in executeSql command DAT-20417 @​wwillard7800
• (#​7308) Update readme with license information by @​filipelautert
• (#​7303) Updated the links AI Generated Code by @​rberezen
• (#​7298) Update messaging for Pro commands in the Liquibase OSS distribution by @​filipelautert
• (#​7295) Update copyright notices to use range format 2007-${current.year} by @​filipelautert
• (#​7293) Update OSS distribution and licensing documentation by @​filipelautert

🐛 Bug Fixes 🛠

• (#​7187) Fixed: #​7186 - Liquibase creates too short VARCHAR and CHAR fields on MS SQL databases using multi-byte encodings, effectively leading to data truncation eventually @​mkarg
• (#​7289) INT-1480: add custom string escaping for SnowflakeDatabase by @​HorbatenkoYehor
• (#​7306) Renamed GETTING_STARTED.TXT to GETTING_STARTED.txt by @​rberezen
• (#​7287) Fix path inconsistency in JAR file resource resolution by @​rberezen
• (#​7282) Fix OSS license validation to prevent NPEs and silent failures by @​filipelautert
• (#​7269) INT-1392: add get/setArguments and get/setProcedureName methods into … @​HorbatenkoYehor
• (#​7274) Fixed errors in tests on Windows 11 + git-bash cygwin @​b-gyula
• (#​7264) Back out change to ignore nested objects in TableExistsPreCondition @​wwillard7800
• (#​7257) INT-1416: Updated handling of complex UnwrappedLiquibaseSerializables @​SvampX
• (#​7233) Comparator resoluition should work in non-flat classloaders @​gastaldi
• (#​7227) #​7220: Thread-safety issue when running Liquibase in a multithreaded and multitenant environment @​galovics
• (#​7231) fix sqlite JDBC URL parsing failure when tracking licenses (DAT-20124) @​StevenMassaro
• (#​7187) Fixed: #​7186 - Liquibase creates too short VARCHAR and CHAR fields on MS SQL databases using multi-byte encodings, effectively leading to data truncation eventually @​mkarg
• (#​7154) Only mark changeset as SKIPPED if all changes are skipped GH issue 7153 @​wwillard7800
• (#​7200) Remove duplicate header check for formatted SQL and add log message @​wwillard7800
• (#​7208) Handle overwrite flag for formatted SQL correctly in generateChangelog @​wwillard7800
• (#​7155) Option to allow snapshot to continue after finding null snapshot ID DAT-20436 @​wwillard7800
• (#​7182) Fix OAuth2Secret credential exposure in update-sql command @​filipelautert
• (#​7192) Fixes for regressions in DAT-20619, DAT-20620, and DAT-20621 @​wwillard7800
• (#​7178) Throw exception if a change type has a namespace and cannot be found @​wwillard7800
• (#​7168) Use missing objects instead of changed objects in test DAT-20536 @​wwillard7800
• (#​7158) Handle situation that occurs when generateChangeLog is run with diffTypes=data @​wwillard7800
• (#​7165) Fix rename column generator test @​wwillard7800
• (#​6920) fix: Change the rename column query for mysql v8 and later using rename column to @​quangdutran
• (#​7141) Rollback OpenCSV version to 5.10 and address CSV loading issue @​filipelautert
• (#​7140) NullPointerException in SpringLiquibase.toString() @​tweimer
• (#​7152) fix updateSQL command ignoring endDelimiter for some statements #​7148 @​ponziani
• (#​7108) Fix the version check for the MySQL FILTER_CONDITION to handle minor version > 0 DAT-20441 @​wwillard7800
• (#​7101) fix: prevent rawDateValue from being used for checksum calculations @​filipelautert
• (#​7079) feat: add logic to exclude resources from liquibaseHomeUri/internal in resource processing for includeAll @​filipelautert

DevOps

• (#​7084) DAT-20288: fill in details for root's liquibase.build.properties file @​sayaliM0412
• (#​7219) DAT-20673 Secure: Create new package locations @​jandroav

🤖 Security, Driver and Other Updates

Full Changelog: https://github.com/liquibase/liquibase/compare/v4.33.0...v5.0.0

Get Certified

Learn all the Liquibase fundamentals from free online courses by Liquibase experts and see how to apply them in the real world at https://learn.liquibase.com/.

Read the Documentation

Please check out and contribute to the continually improving docs, now at https://docs.liquibase.com/.

Join the Community

Our community has built a lot. From extensions to integrations, you’ve helped make Liquibase the amazing open source project that it is today. Keep contributing to making it stronger:
Contribute code
Make doc updates
Help by asking and answering questions
Join our Discord server
Sign up to provide feedback to the product team
Thanks to everyone who helps make Liquibase better!

File Descriptions

Liquibase CLI -- Includes open source + commercial functionality

• liquibase-x.y.z.tar.gz -- Archive in tar.gz format
• liquibase-x.y.z.zip -- Archive in zip format
• liquibase-windows-x64-installer-x.y.z.exe -- Installer for Windows
  Primary Libraries - For embedding in other software
• liquibase-core-x.y.z.jar – Base Liquibase library (open source)
• liquibase-commerical-x.y.z.jar – Additional commercial functionality
• liquibase-additional-x.y.z.zip – Contains additional, less commonly used files
• Additional libraries such as liquibase-maven-plugin.jar and liquibase-cdi.jar
• Javadocs for all the libraries
• Source archives for all the open source libraries
• ASC/MD5/SHA1 verification hashes for all files

v4.33.0

Compare Source

Liquibase 4.33.0 delivers important updates across Policy Checks, Change Automation, and other areas of platform enhancement, along with critical bug fixes and improvements to MongoDB, PostgreSQL, and DB2 on Z/OS support.
See the Liquibase 4.33.0 Release Notes for the complete set of release information.

Notable Changes

[PRO]

Change Automation

• PostgreSQL Composite TYPE Support in Database Inspection. Liquibase Pro now includes support for inspecting PostgreSQL Composite TYPE objects during database inspection operations such as snapshot and diff. This enhancement ensures Composite TYPEs appear in inspection outputs, helping users manage and track changes to complex data structures more effectively. [INT-1249] [INT-135]
• PostgreSQL Composite TYPE Support in generate-changelog and diff-changelog. Liquibase Pro now includes support for detecting PostgreSQL composite TYPE objects during generate-changelog and diff-changelog operations. This enhancement ensures that composite TYPE definitions—used to group multiple fields into a custom data structure—are captured and modeled alongside other schema elements, helping users manage and track changes more comprehensively. [INT-1251]
• PostgreSQL Password Escaping Enhancement. Liquibase now escapes special characters in PostgreSQL passwords when using the psql native executor. Previously, if a password included characters requiring percent-encoding (such as @​, %, or #), the executor would fail with a psql: error: invalid percent-encoded token message. [DAT-20254]
• Db2 on Z/OS JCL Executor. Liquibase Pro now includes the ability to submit JCL jobs to the mainframe via Db2 DSNUTILU stored procedure. This enables users to automate more sophisticated procedures by integrating system level activities and database activities in a standard changelog format. This feature is enabled by a runwith:JCL decoration on applicable changesets containing properly formatted JCL.[INT-573, INT-1217]
• Improved Persistent Spool File Behavior for SQLPlus Executor. The SQLPlus executor ensures that spool files are always retained when --sqlplus-create-spool=true, giving users consistent access to output files. Previously, spool file retention was tied to the --sqlplus-keep-temp setting; now, this setting applies only to temporary SQL files, not spool files. This decoupling improves clarity and gives users more control—if a spool file is created, it will remain unless users opt out by setting --sqlplus-create-spool=false. [DAT-18983]

Policy Checks

• MongoChangetypeAttributes Policy Check. Introduced a new quality check named MongoChangetypeAttributes that allows users to enforce specific values or patterns for attributes within MongoDB-specific changetypes. Users can select a single Mongo changetype (e.g., createIndex, dropCollection) and specify expected values or patterns for its attributes. The check triggers if a specified attribute is present but does not match the defined value or regex—ensuring consistent standards across Mongo changesets. This supports validation across key changetypes attributes like adminCommand, createCollection, insertOne, and more, and enhances control and quality enforcement in MongoDB deployment pipelines. [DAT-18275]

[Community]

Important dependency updates

• Liquibase Community 4.33+ has Java 24 core build support.
• The liquibase-cdi and liquibase-cdi-jakarta modules are still supported, but have been removed from the Community distribution to their own repositories.

️[PRO] and [Community] Upcoming Change in Distributions

Liquibase is evolving to better serve both open-source contributors and enterprise customers by introducing a clearer separation between its Community and PRO offerings. This change is designed to ensure that each distribution is optimized for its respective users—providing Community users with flexibility and control, while delivering scalability, reliability, and governance for enterprise teams.
The new structure enables Liquibase to more effectively support developers at all stages—from experimentation and community collaboration to mission-critical deployments. Liquibase 4.32.0 introduced the first general availability (GA) release of independently packaged Pro distributions, along with dedicated distribution channels and key-based access enforcement for Pro capabilities. This marks a significant step toward delivering a curated, enterprise-grade experience for Pro users.
The Community distribution and its delivery channels remain unchanged in this phase.

• Learn more https://docs.liquibase.com/start/install/home.html

PRO PRs

New Features

• [DAT-20202] Added ProJdbcExecutor in order to show SQL warning messages on compiler errors liquibase/liquibase-pro#2410 by @​wwillard7800
• [DAT-20173] Changes to allow connection to Azure MI liquibase/liquibase-pro#2489 by @​wwillard7800
• [DAT-20286] Added code to use the getVisibleUrl method for display of URL liquibase/liquibase-pro#2478 by @​wwillard7800
• [INT-1318] Added application name to JDBC properties liquibase/liquibase-pro#2381 by @​wwillard7800
• [DAT-18983] Always keep the spool file if it was created liquibase/liquibase-pro#2476 by @​wwillard7800 Documentation: https://docs.liquibase.com/concepts/changelogs/attributes/run-with-spool-file.html
• [DAT-20132] support regular expressions for string comparisons liquibase/liquibase-checks#221 by @​StevenMassaro
• [DAT-20134] remove sql from changeset compatibility list for MongoChangetypeAttributes liquibase/liquibase-checks#224 by @​StevenMassaro
• [DAT-20133] add additional logging around AbstractChangetypeAttributesCheck when not checking change liquibase/liquibase-checks#223 by @​StevenMassaro
• [DAT-20131] compare JSON in MongoChangetypeAttributes using JSON equivalence liquibase/liquibase-checks#220 by @​StevenMassaro
• [INT-1361] added default collation to change DataTypeAttribute. liquibase/liquibase-pro#2457 by @​SvampX
• [DAT-19897] Add InitPropertiesCommandStep to generate Liquibase properties summary liquibase/liquibase-pro#2245 by @​filipelautert
• feat: Refactor Snowflake JDBC connection, removing all Snowflakedriver dependencies from this class liquibase/liquibase-pro#2436 by @​filipelautert
• [DAT-19668] New message appears when using the --force flag with rollback-one-changeset, rollback-one-update, and update-one-changeset liquibase/liquibase-pro#2352 by @​wwillard7800
• [DAT-20254] Use PercentEscaper to percent encode password for PostgreSQL liquibase/liquibase-pro#2369 by @​wwillard7800
• [INT-1217] Implementation of JCL native executor liquibase/liquibase-pro#2244 by @​wwillard7800
• [DAT-19978] Flow files will only look in resource accessor for relative paths liquibase/liquibase-pro#2387 by @​StevenMassaro
• [INT-160] Custom DATABASECHANGELOG and DATABASECHANGELOGLOCK Table Generation for DB2z liquibase/liquibase-pro#2260 by @​CharlesQueiroz
• [INT-1321] added 'order' attribute to the DataTypeAttribute database object liquibase/liquibase-pro#2376 by @​SvampX
• [DAT-18275] MongoChangetypeAttributes changetype check liquibase/liquibase-checks#209 by @​StevenMassaro

Bug Fixes

• [DAT-20176] [DAT-20202] Liquibase displays SQL compiler errors if they occur. liquibase/liquibase-pro#2410 by @​wwillard7800
• [INT-1362]: Fix of empty generated changelog in case when only type attributes order is different liquibase/liquibase-pro#2435 by @​SvampX
• [DAT-20175] Correctly determine if stored logic is valid for Oracle liquibase/liquibase-pro#2366 by @​wwillard7800
• [DAT-20193] Correctly labeled the AWS and RDS documentation to reflect that it is available to Community users. liquibase/liquibase-docs@f104c3e by @​AMBERMW13
• [DAT-20244] When a formatted SQL changelog is parsed and is found to have multiple header lines, the message will display: Duplicate formatted SQL header at line X #​7036 by @​wwillard7800
• [DAT-20282] The deployment summary no longer includes internal DATABASECHANGELOG updates in the "Rows affected" count. This prevents inconsistencies when no customer data is changed but the summary previously showed rows affected due to internal tracking. #​7063 by @​StevenMassaro
• [DAT-18983] SQLPlus Spool file saves if you set –sqlplus-create-spool: true or –sql-plus-keep-temp=true. Learn more here: runWithSpoolFile
• [DAT-20329] Sanitize URL before output Associated with PR 226 liquibase/liquibase-pro#2466 by @​wwillard7800
• [DAT-20329] Sanitize URL before output - Associated with PR 2466 liquibase/liquibase-checks#226 by @​wwillard7800

Version updates: In the pom.xml for Maven, update postgres to 42.7.7 liquibase/liquibase-pro#2486 by @​abrackx

Security, Driver and Other Updates

• [DAT-20186] Update fossa_ai.yml liquibase/liquibase-pro#2330 by @​sayaliM0412
• [DAT-20186] Update fossa_ai.yml liquibase/liquibase-commercial-bigquery#90 by @​sayaliM0412
• chore(deps): bump com.google.cloud:libraries-bom from 26.61.0 to 26.62.0 liquibase/liquibase-commercial-bigquery#110 by @​dependabot
• chore(deps): bump com.google.cloud:libraries-bom from 26.59.0 to 26.61.0 liquibase/liquibase-commercial-bigquery#100 by @​dependabot
• chore(deps): bump dorny/test-reporter from 1.9.1 to 2.0.0 liquibase/liquibase-commercial-bigquery#79 by @​dependabot
• chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3 liquibase/liquibase-commercial-bigquery#102 by @​dependabot
• chore(deps): bump org.liquibase:liquibase-parent-pom from 0.5.4 to 0.5.8 liquibase/liquibase-commercial-bigquery#101 by @​dependabot
• chore(deps): bump org.sonarsource.scanner.maven:sonar-maven-plugin from 4.0.0.4121 to 5.1.0.4751 liquibase/liquibase-commercial-bigquery#85 by @​dependabot
• chore(deps-dev): bump junit-platform.version from 1.11.3 to 1.12.2 liquibase/liquibase-commercial-bigquery#97 by @​dependabot
• chore(deps): bump actions/create-github-app-token from 1 to 2 liquibase/liquibase-commercial-bigquery#92 by @​dependabot
• chore(deps): bump org.apache.maven.surefire:surefire-junit-platform from 3.5.2 to 3.5.3 liquibase/liquibase-commercial-bigquery#99 by @​dependabot
• chore(deps-dev): bump junit.version from 5.11.4 to 5.12.2 liquibase/liquibase-commercial-bigquery#98 by @​dependabot
• chore(deps): bump org.junit:junit-bom from 5.11.4 to 5.13.3 in /dist liquibase/liquibase-pro#2493 by @​dependabot
• chore(deps-dev): bump org.junit.vintage:junit-vintage-engine from 5.12.1 to 5.13.3 in /pro liquibase/liquibase-pro#2499 by @​dependabot
• chore(deps): bump org.junit:junit-bom from 5.12.1 to 5.13.3 in /liquibase-pro-extension-testing liquibase/liquibase-pro#2495 by @​dependabot
• chore(deps): bump org.junit:junit-bom from 5.12.1 to 5.13.3 in /licensing liquibase/liquibase-pro#2497 by @​dependabot
• chore(deps): bump org.junit:junit-bom from 5.12.1 to 5.13.3 in /liquibase-pro-integration-tests liquibase/liquibase-pro#2498 by @​dependabot
• chore(deps): bump org.junit:junit-bom from 5.12.1 to 5.13.3 in /pro liquibase/liquibase-pro#2501 by @​dependabot
• chore(deps): bump com.google.cloud:libraries-bom from 26.61.0 to 26.62.0 liquibase/liquibase-commercial-bigquery#110 by @​dependabot
• chore(deps): bump com.google.cloud:libraries-bom from 26.59.0 to 26.61.0 liquibase/liquibase-commercial-bigquery#100 by @​dependabot
• chore(deps): bump dorny/test-reporter from 1.9.1 to 2.0.0 liquibase/liquibase-commercial-bigquery#79 by @​dependabot
• chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3 liquibase/liquibase-commercial-bigquery#102 by @​dependabot
• chore(deps): ump org.liquibase:liquibase-parent-pom from 0.5.4 to 0.5.8 liquibase/liquibase-commercial-bigquery#101 by @​dependabot
• chore(deps): bump org.sonarsource.scanner.maven:sonar-maven-plugin from 4.0.0.4121 to 5.1.0.4751 liquibase/liquibase-commercial-bigquery#85 by @​dependabot
• chore(deps-dev): bump junit-platform.version from 1.11.3 to 1.12.2 liquibase/liquibase-commercial-bigquery#97 by @​dependabot
• chore(deps): bump actions/create-github-app-token from 1 to 2 liquibase/liquibase-commercial-bigquery#92 by @​dependabot
• chore(deps): bump org.apache.maven.surefire:surefire-junit-platform from 3.5.2 to 3.5.3 liquibase/liquibase-commercial-bigquery#99 by @​dependabot
• chore(deps-dev): bump junit.version from 5.11.4 to 5.12.2 liquibase/liquibase-commercial-bigquery#98 by @​dependabot

Community PRs

New Features

• (#​7059) Java 24 core build support @​filipelautert
• (#​7046) feat: add rawDateValue field to store unprocessed date input in ColumnConfig @​filipelautert
• (#​7036) Complain and throw an exception when multiple header lines are found in a formatted SQL changelog DAT-20244 @​wwillard7800
• (#​6987) Added reportsEnabled property for Maven plugin @​wwillard7800 DAT-20185
• (#​7031) Added property for disabling command tests at runtime @​wwillard7800
• (#​6840) Comments field from CreateProcedure change renamed to 'comment' @​MalloD12
• (#​6916) Added new argument to AbstractFormattedChangeLogParser.handleAdditionalLines method @​wwillard7800
• (#​7032) Refactor: last-wins local parameters search in changeLog hierarchy by @​boolivar
• (#​7017) Allow showSqlWarnings message to be overridden in JdbcExecutor [DAT-20202] by @​wwillard7800
• (#​6990) Add application name to JDBC properties for Snowflake [DAT-20202] by @​wwillard7800
• (#​7071) Pass the database instance in scope when parsing the changelog [DAT-20378]by @​wwillard7800
• (#​7063) do not count DBCL queries in rows affected message [DAT-20282] by @​StevenMassaro
• (#​7065) Added default implementation of getVisibleUrl to DatabaseConnection to be used when the URL gets displayed by @​wwillard7800
• (#​7053) Do not show output file saved message unless exit code is 0 by @​wwillard7800
• (#​6995) feat(DEVX-12): Removal of liquibase-cdi and liquibase-cdi-jakarta modules @​filipelautert

Bug Fixes

• (#​7062) Fix issue in DBMS skip check that caused a regression @​wwillard7800
• (#​7048) Do not reset the change set execType when looping through the changes @​wwillard7800
• (#​7049) fix: resolve inconsistency in StandardLockService by ensuring table snapshot is validated before processing changes @​filipelautert
• (#​6827) Error handling support added to prevent XML changelog format having other than databaseChangeLog tag as the root element @​MalloD12
• (#​7001) Restore UniqueConstraintExistsPrecondition logic Github issue 6984 @​wwillard7800
• (#​6844) Exclude static fields from changelog serialization @​evilbc
• (#​7002) fix: improve URI normalization logic for resource paths inside jars @​filipelautert
• (#​6986) only destroy lock service if drop-all succeeds (DAT-13088) @​StevenMassaro
• (#​6925) Fix for YAML changelogs with many references to be parsed successfully with snakeyaml @​MalloD12
• (#​7056) fix: update snapshot logic to handle null snapshot returns by @​filipelautert
• (#​7085) fix: do not snapshot index type for cockroach DB as indexes behave different on this database and we don't know where to find it. by @​filipelautert
• (#​7062) Fix issue in DBMS skip check that caused a regression by @​wwillard7800
• (#​7069) Handle situation where DBCL presence was not detected due to permissions [DAT-20314] by @​wwillard7800

Security, Driver and Other Updates

• (#​7038) chore(deps-dev): bump org.xerial:sqlite-jdbc from 3.49.1.0 to 3.50.1.0 @​dependabot
• (#​6997) - chore(deps): bump org.testcontainers:testcontainers-bom from 1.21.0 to 1.21.1 @​dependabot
• (#​7040) chore(deps-dev): bump org.postgresql:postgresql from 42.7.5 to 42.7.7 in /liquibase-dist @​dependabot
• (#​7082) - chore(deps): bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.0 by @​dependabot
• (#​7068) - chore(deps): bump org.junit.jupiter:junit-jupiter from 5.12.2 to 5.13.2 by @​dependabot
• (#​7067) - chore(deps): bump org.junit.platform:junit-platform-suite from 1.11.4 to 1.13.2 by @​dependabot
• (#​7066) - chore(deps): bump junit-jupiter.version from 5.12.2 to 5.13.2 by @​dependabot
• (#​7064) chore(deps-dev): bump com.microsoft.sqlserver:mssql-jdbc from 12.10.0.jre8 to 12.10.1.jre8 by @​dependabot
• (#​7073) chore(deps-dev): bump org.xerial:sqlite-jdbc from 3.50.1.0 to 3.50.2.0 by @​dependabot
• (#​7061) - chore(deps): bump com.opencsv:opencsv from 5.11 to 5.11.2 by @​dependabot
• (#​7060) - chore(deps): bump org.codehaus.mojo:flatten-maven-plugin from 1.7.0 to 1.7.1 by @​dependabot
• (#​7072) - chore(deps): bump org.testcontainers:testcontainers-bom from 1.21.1 to 1.21.3 by @​dependabot
• (#​7026) - chore(deps): bump targetMavenVersion from 3.9.9 to 3.9.10 by @​dependabot
• (#​7075) chore(deps-dev): bump org.mariadb.jdbc:mariadb-java-client from 3.5.3 to 3.5.4 by @​dependabot
• (#​7023) - chore(deps): bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 by @​dependabot
• (#​7022) - chore(deps): bump digicert/ssm-code-signing from 1.0.0 to 1.0.1 by @​dependabot
• (#​7008) chore(deps-dev): bump net.snowflake:snowflake-jdbc from 3.24.0 to 3.24.2 by @​dependabot
• (#​7010) chore(deps-dev): bump org.firebirdsql.jdbc:jaybird from 5.0.7.java8 to 5.0.8.java8 by @​dependabot
• (#​6988) - chore(deps): bump groovy.version from 4.0.26 to 4.0.27 by @​dependabot

Full Changelog: liquibase/liquibase@v4.32.0...v4.33.0

Changes in version 4.32.0 (2025.05.21)

Liquibase 4.32.0 is a major release

See the Liquibase 4.32.0 Release Notes for the complete set of release information.

[PRO] and [Community] Upcoming Change in Distributions

Liquibase is evolving to better serve both open-source contributors and enterprise customers by introducing a clearer separation between its Community and PRO offerings. This change is designed to ensure that each distribution is optimized for its respective users—providing Community users with flexibility and control, while delivering scalability, reliability, and governance for enterprise teams. The new structure enables Liquibase to more effectively support developers at all stages—from experimentation and community collaboration to mission-critical deployments.
Liquibase 4.32.0 introduces the first general availability (GA) release of independently packaged Pro distributions, along with dedicated distribution channels and key-based access enforcement for Pro capabilities. This marks a significant step toward delivering a curated, enterprise-grade experience for Pro users.
The Community distribution and its delivery channels remain unchanged in this phase.

• Learn more https://docs.liquibase.com/start/install/home.html

Notable Changes

[PRO]

Example PRO notable change

Policy Checks
Formatted SQL Header Policy Check. Introduced a new policy check named FormattedSqlHeaderRequired to ensure that.sql files included in changelogs begin with the required --liquibase formatted sql header. This check helps prevent improperly formatted SQL changes that could bypass Liquibase’s change tracking, auditing, and rollback features. This new policy check supports changelogs of any format (SQL, XML, YAML, JSON) and includes an EXCEPTIONS_LIST customization option to exclude specific files. When triggered, it lists all offending .sql files missing the required header, helping maintain the integrity and reliability of database change management. [DAT-19042]
Get Config Value Helper Function for Python Checks. Added a new helper function, liquibase_utilities.get_config_value(), for custom Python checks. This function enables easy access to standard Liquibase configuration properties—including those set via environment variables, CLI arguments, or defaults files. This enhancement simplifies scripting by allowing users to retrieve values such as url, loglevel, changelogfile, and custom properties like dbplatform or contexts directly within their Python checks, without manually resolving property names or sources. [DAT-19486]
Property Substitution in Python Check Script Arguments. Enhanced support for custom Python checks by allowing the use of Liquibase properties in the SCRIPT_ARGS section. Users can now reference properties—such as environment variables, CLI arguments, or values from the defaults file—using standard substitution syntax (e.g., ${liquibase.command.url} or ${PIPELINE_NAME}). This enables dynamic and context-aware scripting, such as configuring behavior based on ru