v1.4.2 Bugfix Release

This is a bug fix release for various issues discovered after we released 1.4.1. PR #19716 addresses the issues raised in CVE-2025-64429. Users of the DuckDB encryption feature are encouraged to update.

What's Changed

• bump duckdb-azure ref for 1.4.1 by @benfleis in #19275
• Fix regex optimization to remove flags when converting to contains by @mlafeldt in #19290
• feat: Fix length of sort keys by @krlmlr in #19260
• Pass lambda bindings to next binder by @Dtenwolde in #19144
• bump Julia to v1.4.1 by @c-herrewijn in #19306
• Use cross-compilation for static libs on OSX by @hannes in #19304
• Allow multiple read-only attaches to the same database across database instances by @Mytherin in #19319
• hugeint_t fixes by @carlopi in #19318
• Use CMAKE__COMPILER_LAUNCHER by @evertlammerts in #19326
• Add settings field to test config by @Mytherin in #19330
• Keep track of which database managers have which databases attached in the DatabaseFilePathManager by @Mytherin in #19338
• Bugfixes by @lnkuiper in #19329
• skip several ci jobs on prs that only bump extensions by @samansmink in #19249
• [C API] bind_value out of range fix by @taniabogatsch in #19348
• Destroy TaskNotifier prior to calling FinishTask by @Mytherin in #19373
• Remove zip bombs by @Mytherin in #19380
• Avoid calling shared_from_this() and instead use the passed in ClientContext in buffered data by @Mytherin in #19379
• add test tag support [vfs integration tests p1] by @benfleis in #19331
• Throw if non-VARCHAR key is passed to json_object by @lnkuiper in #19365
• BUGFIX: Silent failure to write row groups with large lists by @J-Meyers in #19376
• Fixes for CTE (de)serialization compatibility with older versions by @Mytherin in #19393
• Fix #18139: correctly initialize flush size in MemoryStream, and re-use writer states by @Mytherin in #19398
• Fixup Kalman fiter: bound it's (0, scale_factor), not (0, 1) by @carlopi in #19395
• Fix StringDecompress for hugeint_t values by @ywelsch in #19403
• Fix #19211: make INSERT OR IGNORE correctly handle multiple constraints by @Mytherin in #19409
• Issue #19386: ICU TZDEFAULT by @hawkfish in #19413
• Fix issue in MetadataManager triggered when doing concurrent reads while checkpointing, and rework concurrent attach / detach test by @Mytherin in #19424
• ADBC fix: escape schema, table and column identifiers by @evertlammerts in #19407
• v1.4: Only serialize CTE nodes when MATERIALIZED is specified by @Mytherin in #19420
• Add forwards compatibility tests to CI by @Mytherin in #19432
• Internal #6168: Unsupported Correlated Binds by @hawkfish in #19431
• Don't pull up filters through DISTINCT ON and make enum casts in Parquet safe (bugfixes) by @lnkuiper in #19406
• Get table bindings for all operators under a logical get if the logical get function is an unnest by @Tmonster in #19467
• WASM #1897: UTC Offset Support by @hawkfish in #19464
• Add tests for nested lambda bindings by @Dtenwolde in #19453
• [Compression] Fix issue in ZSTD decompression related to mis-interpreted segment offsets by @Tishj in #19475
• vfs integration tests p2 - update (env) vars and tests by @benfleis in #19428
• CI Fix: clear benchmark cache between runs by @Mytherin in #19508
• Make DatabaseInstance::log_manager a unique_ptr by @Flogex in #19471
• Support non-standard NULL in Parquet again by @Mytherin in #19523
• Bump: inet by @samansmink in #19526
• Bump multiple extensions by @samansmink in #19522
• add upcoming patch release to internal versions by @samansmink in #19525
• Add test that either 'latest' or 'vX.Y.Z' are supported STORAGE_VERSIONs by @carlopi in #19527
• Moving staging to cf and uploading to install bucket by @hannes in #19539
• Creating separate OSX cli binaries for each arch by @hannes in #19538
• [Dev] Disable the use of ZSTD if the block_manager is the InMemoryBlockManager by @Tishj in #19543
• Follow up to staging move by @hannes in #19551
• Bugfixes: Parquet JSON+DELTA_LENGTH_BYTE_ARRAY and sorting iterator by @lnkuiper in #19556
• [ported from main] Fix bug initializing std::vector for column names by @evertlammerts in #19555
• Disable jemalloc on BSD by @lnkuiper in #19560
• Fix race condition between Append and Scan by @Captain32 in #19571
• Release relevant tests to still be run on all builds by @carlopi in #19559
• fix inconsistent behavior in remote read_file/blob, and prevent union… by @Maxxen in #19531
• [v1.4-andium] Add Profiler output to logger interface by @carlopi in #19572
• Fix edge case in uncompressed validity scan with offset and fix off-by-one in ArrayColumnData::Select by @Maxxen in #19567
• Skip compiling remote optimizer test when TSAN Is enabled by @Mytherin in #19590
• Wal index deletes by @artjomPlaunov in #19477
• add vortex external extension by @samansmink in #19580
• Avoid eagerly resolving the next on-disk pointer in the MetadataReader, as that pointer might not always be valid by @Mytherin in #19588
• [DevEx] Improve error message when FROM clause is omitted by @Tishj in #18995
• bump iceberg by @Tmonster in #19618
• Improve error message around compression type deprecation/availability checks by @Tishj in #19619
• Increase cast-cost of old-style implicit cast to string by @Maxxen in #19621
• Try to prevent overshooting of FILE_SIZE_BYTES by pre-emptively increasing bytes written in Parquet writer by @lnkuiper in #19622
• Bump: spatial by @Maxxen in #19620
• Detect invalid merge into action and throw exception by @Mytherin in #19636
• Fix #19455: correctly extract root table in merge into when running ajoin that contains single-sided predicates that are transformed into filters by @Mytherin in #19637
• Remove FlushAll from DETACH by @lnkuiper in #19644
• Bump MySQL scanner by @staticlibs in #19643
• Enable running all extensions tests as part of the build step by @carlopi in #19631
• Always remember extra_metadata_blocks when checkpointing by @ywelsch in #19639
• duckdb_logs_parsed to do case-insensitive matching by @carlopi in #19669
• Categorize ParseLogMessage as CAN_THROW_RUNTIME_ERROR by @carlopi in #19672
• Fixup linking for LLVM by @carlopi in #19668
• Log total probe matches in hash join by @lnkuiper in #19683
• Fix InsertRelation on attached database by @evertlammerts in #19583
• Add request timing to HTTP log by @samansmink in #19691
• Add missing query location to blob cast by @Mytherin in #19689
• Bump: aws, ducklake, httpfs, iceberg by @samansmink in #19654
• Bump: delta, ducklake, httpfs by @samansmink in #19715
• Fix #19355: correctly resolve subquery in MERGE INTO action condition by @Mytherin in #19720
• Fix #19700: correctly sort output selection vector in nested selection operations by @Mytherin in #19718
• Bump httpfs and resume testing on Windows by @carlopi in #19714
• [Dev] Fix assertion failure for empty ColumnData serialization by @Tishj in #19713
• Bump the Postgres scanner extension by @Mytherin in #19730
• Add explicit Initialize(HTTPParam&) method to HTTPClient by @carlopi in #19723
• Logs to be case-insensitive also at enable_logging callsite by @carlopi in #19734
• Fix CVE GHSA-vmp8-hg63-v2hp crypto issues by @samansmink in #19716

Full Changelog: v1.4.1...v1.4.2