Hi all, Just want you to know that I've merged this pr into master branch, and we plan to release this feature in v2.0.8.
Best regards, ---------------------- Yuan Tian On Sat, Jan 17, 2026 at 11:09 AM <[email protected]> wrote: > Hi all, > > I wanted to share some important updates regarding our JDBC client. We are > introducing a proper implementation of `PreparedStatement` to improve both > security and performance. > > The main driver for this change is to eliminate SQL injection risks by > ensuring parameters are strictly separated from the SQL structure. To > support this, we have added new Thrift RPC interfaces to handle the > preparation, execution, and deallocation of statements. > > On the client side, `IoTDBPreparedStatement` has been refactored to use > binary parameter serialization. On the backend, we have implemented the > corresponding logic in `ClientRPCServiceImpl` and extended the > `Coordinator` to support execution with these external parameters. > > You can review the changes here: > https://github.com/apache/iotdb/pull/17027 > > Best regards, > -------------------- > Yuan Tian
