| title | Database Engine: Breaking changes | Microsoft Docs | |
|---|---|---|
| titleSuffix | SQL Server 2017 | |
| description | Learn about changes that might break applications, scripts, or functionalities that are based on earlier versions of SQL Server. | |
| ms.custom | seo-lt-2019 | |
| ms.date | 07/22/2020 | |
| ms.prod | sql | |
| ms.prod_service | high-availability | |
| ms.reviewer | ||
| ms.technology | release-landing | |
| ms.topic | conceptual | |
| helpviewer_keywords |
|
|
| ms.assetid | ||
| author | MikeRayMSFT | |
| ms.author | mikeray | |
| monikerRange | >=sql-server-2017||>=sql-server-linux-2017 |
Breaking Changes to Database Engine Features in [!INCLUDEsssql17-md]
[!INCLUDESQL Server 2017]
This topic describes breaking changes in the [!INCLUDEsssql17-md] [!INCLUDEssDE]. These changes might break applications, scripts, or functionalities that are based on earlier versions of [!INCLUDEssNoVersion]. You might encounter these issues when you upgrade.
Breaking Changes in [!INCLUDEsssql17-md] [!INCLUDEssDE]
-
CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. Beginning with [!INCLUDEsssql17-md][!INCLUDEssDE], an
sp_configureoption calledclr strict securityis introduced to enhance the security of CLR assemblies. clr strict security is enabled by default, and treatsSAFEandEXTERNAL_ACCESSCLR assemblies as if they were markedUNSAFE. Theclr strict securityoption can be disabled for backward compatibility, but this is not recommended. Whenclr strict securityis disabled, a CLR assembly created withPERMISSION_SET = SAFEmay be able to access external system resources, call unmanaged code, and acquire sysadmin privileges. After enabling strict security, any assemblies that are not signed will fail to load. Also, if a database hasSAFEorEXTERNAL_ACCESSassemblies,RESTOREorATTACH DATABASEstatements can complete, but the assemblies may fail to load.
To load the assemblies, you must either alter or drop and recreate each assembly so that it is signed with a certificate or asymmetric key that has a corresponding login with theUNSAFE ASSEMBLYpermission on the server. For more information, see CLR strict security. -
The MD2, MD4, MD5, SHA, and SHA1 algorithms are deprecated in [!INCLUDEsssql15-md]. Up to [!INCLUDEsssql15-md], a self-signed certificate is created using SHA1. Starting with [!INCLUDEssSQL17], a self-signed certificate is created using SHA2_256.
-
Breaking Changes to Database Engine Features in SQL Server 2016
-
Breaking Changes to Database Engine Features in SQL Server 2014
[!INCLUDEArchived documentation for very old versions of SQL Server]
Deprecated Database Engine Features in SQL Server 2016
Discontinued Database Engine Functionality in SQL Server 2016
SQL Server Database Engine Backward Compatibility
ALTER DATABASE Compatibility Level (Transact-SQL)