# Connector/Node.js 3.5.3 Release Notes

<a href="https://mariadb.com/downloads/connectors/connectors-data-access/nodejs-connector" class="button primary">Download</a> <a href="/pages/r2pMUZbAXRLBlqvRUjpX" class="button secondary">Release Notes</a> <a href="/pages/jIuaqkN6KjAtNOu6EjtS" class="button secondary">Changelog</a> <a href="/spaces/CjGYMsT2MVP4nd3IyW2L/pages/x5uWNz6Wb26ooKT9S74U" class="button secondary">Connector/Node.js Overview</a>

**Release date:** 9 Jun 2026

MariaDB Connector/Node.js 3.5.3 is a [***Stable***](/docs/release-notes/community-server/about/release-criteria.md) ***(GA)*** release.

{% hint style="success" %}
**For an overview of MariaDB Connector/Node.js see the** [**About MariaDB Connector/Node.js**](/docs/connectors/mariadb-connector-nodejs/mariadb-connector-node-js-guide.md) **page**
{% endhint %}

## Notable changes

* Minimum supported Node.js version is now 20 (was 18; Node 18 went EOL in April 2025)
* Expose extended column metadata in `FieldInfo` and add `RowsWithMeta` / `WithMeta` result-shape helper types for query result metadata

## Bugs Fixed

* [CONJS-344](https://jira.mariadb.org/browse/CONJS-344) Restore dual ESM/CJS support after the 3.5 ESM migration (#346):
  * TypeScript types now compile under `moduleResolution: "Node16" / "NodeNext" / "Bundler"`. fixes TS2846 / TS2834 reported in 3.5.1 and 3.5.2
  * Ship a real CJS bundle in `dist/` so `require('mariadb')` works on Node 20+ without `--experimental-require-module` or `ExperimentalWarning`
  * Restore the default ESM export, so `import mariadb from 'mariadb'` works again (matches 3.4.x behavior)
* [CONJS-349](https://jira.mariadb.org/browse/CONJS-349) Fix cleartext password disclosure to a man-in-the-middle when using fingerprint validation
* [CONJS-350](https://jira.mariadb.org/browse/CONJS-350) Possible SQL injection in Buffer parameter escaping under big5/gbk/sjis/cp932/gb18030 client charsets
* [CONJS-351](https://jira.mariadb.org/browse/CONJS-351) Use constant-time comparison when validating the server certificate fingerprint, preventing a timing side-channel that could leak the token to a man-in-the-middle
* [CONJS-353](https://jira.mariadb.org/browse/CONJS-353) PAM (dialog) authentication now requires a secure connection (TLS or a local unix socket), since it transmits the password in clear text
* [CONJS-354](https://jira.mariadb.org/browse/CONJS-354) Reject a server-initiated LOAD DATA LOCAL INFILE request when `permitLocalInfile` is disabled

<sub>*This page is: Copyright © 2025 MariaDB. All rights reserved.*</sub>

{% @marketo/form formid="4316" formId="4316" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mariadb.com/docs/release-notes/connectors/node.js/3.x/3.5.3.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.