Over the nine years since SQL Anywhere 17 was released, its 59 public Support Packages (SPs) have steadily expanded the product's security posture, modern-platform reach and developer tool-chain while delivering dozens of engine and administration refinements that keep the database competitive in 2025. Highlights include a hard pivot to TLS 1.2+ with streamlined cipher lists, large batches of OpenSSL/ICU upgrades, CORS-enabled OData, the switch to CommonCryptoLib on Windows, richer diagnostics for plan-cache and wide-fetch workloads, new APIs for Node.js 12+ and PHP 7.3, a 64-bit-only MobiLink server, and certified support for Windows 11, Server 2022, Red Hat 9 and the latest macOS/iOS/Android releases. What follows is a deeper-dive grouped by functional domain.
Several SPs eliminate rare self-deadlocks in the parallel worker pool and ALTER TABLE paths by fixing lock-conversion and page-counter logic.
A new Windows file-search routine moderately accelerates metadata and statistics scans, giving noticeable gains on spinning media and large dbspaces.
The C-level dbcapi now supports sqlany_fetch_absolute/next "wide fetches" with precise row-count introspection, enabling batched analytics clients and fixing earlier crash scenarios.
Automatic fall-back from shared-memory to local TCP avoids plan cache thrashing when Windows service and desktop instances run under different users; personal servers now start a loopback TCP port by default.
Sub-millisecond crashes in ST_Intersection on SRID 4326 geometries are resolved, as are rare "Field unexpected during compilation" assertions in correlated subqueries.
DBAs gain safer online DDL, fewer hard failures in complex spatial queries and more predictable throughput on heavily parallel workloads—all without schema changes.
As of SP 1 the default min_tls_version is 1.2 and all SHA-1 or non-PFS cipher suites are refused; explicit downgrades remain possible for legacy clients.
The bundled non-FIPS OpenSSL moved through 1.0.2n → 1.1.1n and the FIPS flavour to 1.0.2y.
SP 7208 restricts Windows shared-memory objects to the owner SID; mixed-user desktop/service connections transparently fall back to TCP/IP.
The embedded LDAP client now requires TLS-protected channels by default and blocks SSL v3 or earlier.
Re-baselined zlib 1.2.12, libarchive 3.4.2 and ICU patches close multiple CVEs in compression and collation code paths.
Encrypted channels now match current industry guidelines; administrators who were still using RC4/SHA-1 must regenerate certificates or pin newer ciphers. The shmem change may require adding -x tcpip(localonly=yes) for single-user developer setups.
Broken Help links migrated to HTTPS and Data Lake IQ branding was updated; error reporting for ASE connections is clearer.
Syntax handling for tables with "hundreds of nullable columns" is repaired, while dbvalid benefits from parallel read optimisation (see section 1).
Sybase Central favorites now persist SAP Landscape metadata, smoothing reconnects in multi-tenant clouds.
Windows perfmon statistics move into security-scoped shared memory, avoiding privilege-escalation vectors while still feeding monitoring dashboards.
Daily admin tasks—from scripted unload/reload to console troubleshooting—are faster, more secure and less error-prone, cutting mean-time-to-recover for large-estate operators.
Canonical drivers ship for Node 0.10 / 0.12 / 4.x through Node 12, matching LTS timelines and npm distribution.
sqlanywhere-php 2.0.18 adds 7.2–7.3 binaries and fixes an infinite-loop on BLOB fetches that affected every dbcapi consumer, including Perl, Python and Ruby.
The Python driver no longer crashes on interpreter shutdown with open connections and correctly maps NULL to TIMESTAMP WITH TIME ZONE.
Wide-fetch APIs (see section 1) enable high-volume ETL without row-by-row overhead and defer DESCRIBE calls until sqlany_get_column_info, reducing metadata chatter.
Developers can modernise stacks without third-party forks, and large data-science pipelines enjoy lower per-row call overhead.
CREATE ODATA PRODUCER gains AccessControlAllowOrigins and AccessControlAllowMethods, letting single-sign-on SPAs query SQLA directly across origins.
Ambiguous URI-encoding rules were clarified; spaces must now be %20, preventing elusive 404s in REST routing.
A restart no longer disables idempotent request caching, securing mobile retry scenarios.
The embedded servlet container advanced through 9.3 → 9.4.24, inheriting HTTP/2 fixes and CVE patches.
Modern SPAs and micro-services can front SQL Anywhere without reverse-proxy gymnastics, and production endpoints resist the latest HTTP-level exploits.
The MobiLink server dropped 32-bit binaries; consolidation clients remain unaffected.
New allow_expired_certs option lets field devices keep syncing while admins rotate PKI, eliminating hard downtime.
The web-based monitor now enforces TLS defaults described in section 2 and optimises memory usage during bursty multi-tenant sessions (multiple engineering fixes across builds 6 xxx).
Added Oracle 19c and SQL Server 2019 as consolidated databases
Enterprises with decade-old handheld fleets gain smoother certificate roll-overs, and the 64-bit mandate boosts large-schema throughput by removing address-space ceilings.
Official support now covers Windows 11, Windows Server 2022, Red Hat Enterprise Linux 8/9, SUSE 15, Ubuntu 22.04 LTS, macOS Monterey and Big Sur, iOS 15 and Android 13 (numerous platform-matrix entries across SPs; see the "supported platform matrix" link set in the original GA read-me).
Updated installer banners point to the unified MSVC 2015-2022 runtime, reducing "missing vcruntime140.dll" support calls.
Although SAP does not produce official Docker images, several SPs repaired unix-installer libarchive issues, making downstream Alpine/Red-Hat based images reproducible.
FreeTDS synonyms SQLAnywhere ? Oracle were removed from iqdsn utility outputs.
Collectively, the 59 Support Packages move SQL Anywhere 17 from a 2016-era embedded database into a security-hardened, TLS 1.3-ready* engine that plugs into modern CI/CD pipelines, speaks CORS-friendly OData, and runs on the latest desktop, server and mobile operating systems—all while preserving the famously small footprint that made it popular for ISVs. Teams still on the GA or early SP builds should plan a staged upgrade to pick up the critical TLS default changes, OpenSSL patches and shared-memory lockdowns; driver or platform regressions are minimal and well documented in the read-me files referenced above.
*Support for TLS 1.3 has been released withing ASA 17.0 SP01.