Releases: exasol/exasol-test-setup-abstraction-java
2.1.5 Fix `NullPointerException` with Docker DB >= 8.29.1
This release fixes a NullPointerException
when launching Exasol Docker DB >= 8.29.1.
Features
- #84: Fixed
NullPointerException
when launching Exasol Docker DB >= 8.29.1
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:bucketfs-java:3.1.2
to3.2.0
- Updated
com.exasol:exasol-testcontainers:7.1.0
to7.1.1
- Updated
com.github.mwiede:jsch:0.2.17
to0.2.20
- Updated
software.amazon.awssdk:cloudformation:2.25.56
to2.28.11
- Updated
software.amazon.awssdk:ec2:2.25.56
to2.28.11
Runtime Dependency Updates
- Updated
org.eclipse.parsson:parsson:1.1.6
to1.1.7
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.16.1
to3.17
- Updated
org.hamcrest:hamcrest:2.2
to3.0
- Updated
org.junit.jupiter:junit-jupiter-engine:5.10.2
to5.11.1
- Updated
org.junit.jupiter:junit-jupiter-params:5.10.2
to5.11.1
- Updated
org.slf4j:slf4j-jdk14:2.0.13
to2.0.16
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:4.3.1
to4.3.3
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.4.1
to3.5.0
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.6.3
to3.7.0
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922
to4.0.0.4121
- Updated
org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13
to1.7.0
2.1.4 Fix for Exasol Docker-DB 8.27.0
This release fixes exception JSchException: Algorithm negotiation fail
when starting an Exasol Docker DB version 8.27.0 or later.
The release also updates the default Exasol version to 8.27.0.
Bugfixes
- #82: Fixed SSH connection for Exasol Docker DB version 8.27.0
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:exasol-testcontainers:7.0.1
to7.1.0
- Updated
software.amazon.awssdk:cloudformation:2.25.31
to2.25.56
- Updated
software.amazon.awssdk:ec2:2.25.31
to2.25.56
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:2.0.2
to2.0.3
- Updated
com.exasol:project-keeper-maven-plugin:4.3.0
to4.3.1
- Updated
org.apache.maven.plugins:maven-deploy-plugin:3.1.1
to3.1.2
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.2.2
to3.2.4
- Updated
org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
to3.2.0
2.1.3 Fix SSH connection to Exasol Docker container 8.25.0 and later
This release fixes error JSchException: Algorithm negotiation fail
when starting an Exasol Docker container 8.25.0 and later.
Bugfixes
- #75: Fixed SSH connection to Exasol Docker container 8.25.0 and later
Dependency Updates
Compile Dependency Updates
- Added
com.github.mwiede:jsch:0.2.17
- Removed
com.jcraft:jsch:0.1.55
- Updated
software.amazon.awssdk:cloudformation:2.25.26
to2.25.31
- Updated
software.amazon.awssdk:ec2:2.25.26
to2.25.31
Test Dependency Updates
- Updated
org.slf4j:slf4j-jdk14:2.0.12
to2.0.13
2.1.2 Fixed vulnerability CVE-2024-29025 in io.netty:netty-codec-http:jar:4.1.107.Final:runtime
This release fixes the following vulnerability:
CVE-2024-29025 (CWE-770) in dependency io.netty:netty-codec-http:jar:4.1.107.Final:runtime
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder
can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData
list. The decoder cumulates bytes in the undecodedChunk
buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
References
- https://ossindex.sonatype.org/vulnerability/CVE-2024-29025?component-type=maven&component-name=io.netty%2Fnetty-codec-http&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29025
- GHSA-5jpm-x58v-624v
Security
- #79: Fixed vulnerability CVE-2024-29025 in dependency
io.netty:netty-codec-http:jar:4.1.107.Final:runtime
Dependency Updates
Compile Dependency Updates
- Updated
software.amazon.awssdk:cloudformation:2.25.6
to2.25.26
- Updated
software.amazon.awssdk:ec2:2.25.6
to2.25.26
Runtime Dependency Updates
- Updated
org.eclipse.parsson:parsson:1.1.5
to1.1.6
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.8
to3.16.1
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:2.0.0
to2.0.2
- Updated
com.exasol:project-keeper-maven-plugin:4.1.0
to4.3.0
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.12.1
to3.13.0
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.1.0
to3.2.2
- Updated
org.jacoco:jacoco-maven-plugin:0.8.11
to0.8.12
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594
to3.11.0.3922
2.1.1: Fix CVE-2024-25710 and CVE-2024-26308 in compile dependency `org.apache.commons:commons-compress`
Summary
This release fixes vulnerabilities CVE-2024-25710 and CVE-2024-26308 in compile dependency org.apache.commons:commons-compress
.
Excluded Vulnerability We accept vulnerability CVE-2017-10355 (CWE-833: Deadlock) in compile dependency xerces:xercesImpl:jar:2.12.2
as we assume that we only connect to the known endpoint ExaOperations.
Security
- #73: Fixed CVE-2024-25710 in compile dependency
org.apache.commons:commons-compress
- #74: Fixed CVE-2024-26308 in compile dependency
org.apache.commons:commons-compress
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:bucketfs-java:3.1.1
to3.1.2
- Updated
com.exasol:database-cleaner:1.1.1
to1.1.3
- Updated
com.exasol:exasol-testcontainers:6.6.3
to7.0.1
- Updated
fr.turri:aXMLRPC:1.13.0
to1.14.0
- Updated
software.amazon.awssdk:cloudformation:2.21.20
to2.25.6
- Updated
software.amazon.awssdk:ec2:2.21.20
to2.25.6
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.3
to3.15.8
- Updated
org.junit.jupiter:junit-jupiter-engine:5.10.1
to5.10.2
- Updated
org.junit.jupiter:junit-jupiter-params:5.10.1
to5.10.2
- Updated
org.slf4j:slf4j-jdk14:2.0.9
to2.0.12
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.3.1
to2.0.0
- Updated
com.exasol:project-keeper-maven-plugin:2.9.15
to4.1.0
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.11.0
to3.12.1
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.1.2
to3.2.5
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.6.0
to3.6.3
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.1.2
to3.2.5
- Added
org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.5.0
to1.6.0
- Updated
org.codehaus.mojo:versions-maven-plugin:2.16.1
to2.16.2
2.1.0: Default database version bump
Summary
Updated default database being used to v8.23.1
Features
- #71: Updated default database being used to v8.23.1
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:bucketfs-java:3.1.0
to3.1.1
- Updated
com.exasol:database-cleaner:1.1.0
to1.1.1
- Updated
com.exasol:exasol-testcontainers:6.6.2
to6.6.3
- Updated
jakarta.json:jakarta.json-api:2.1.2
to2.1.3
- Updated
software.amazon.awssdk:cloudformation:2.20.153
to2.21.20
- Updated
software.amazon.awssdk:ec2:2.20.153
to2.21.20
Runtime Dependency Updates
- Updated
org.eclipse.parsson:parsson:1.1.4
to1.1.5
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.2
to3.15.3
- Updated
org.junit.jupiter:junit-jupiter-engine:5.10.0
to5.10.1
- Updated
org.junit.jupiter:junit-jupiter-params:5.10.0
to5.10.1
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.3.0
to1.3.1
- Updated
com.exasol:project-keeper-maven-plugin:2.9.12
to2.9.15
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.4.0
to3.4.1
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.5.0
to3.6.0
- Updated
org.codehaus.mojo:versions-maven-plugin:2.16.0
to2.16.1
- Updated
org.jacoco:jacoco-maven-plugin:0.8.10
to0.8.11
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
to3.10.0.2594
2.0.4: Fix CVE-2023-42503
Summary
This release fixes CVE-2023-42503 in org.apache.commons:commons-compress
.
The release also updates the default Exasol DB version to 7.1.23.
Known issue: Transitive dependency io.netty:netty-handler
(via software.amazon.awssdk:cloudformation
) still contains CVE-2023-4586. See issue #65 for details.
Security
- #67 Fixed CVE-2023-42503 in
org.apache.commons:commons-compress
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:exasol-testcontainers:6.6.1
to6.6.2
- Updated
software.amazon.awssdk:cloudformation:2.20.137
to2.20.153
- Updated
software.amazon.awssdk:ec2:2.20.137
to2.20.153
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.1
to3.15.2
- Updated
org.slf4j:slf4j-jdk14:2.0.7
to2.0.9
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:2.9.11
to2.9.12
- Updated
org.basepom.maven:duplicate-finder-maven-plugin:1.5.1
to2.0.1
2.0.3: Update Dependencies on top of 2.0.2
Summary
This excludes vulnerability CVE-2023-4586 in transitive dependency io.netty:netty-handler
as we assume that the AWS SDK's usage of netty is not affected.
Security
- #63: Exclude vulnerability
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:exasol-testcontainers:6.6.0
to6.6.1
- Removed
io.netty:netty-handler:4.1.94.Final
- Updated
software.amazon.awssdk:cloudformation:2.20.93
to2.20.137
- Updated
software.amazon.awssdk:ec2:2.20.93
to2.20.137
Runtime Dependency Updates
- Updated
org.eclipse.parsson:parsson:1.1.2
to1.1.4
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.14.3
to3.15.1
- Updated
org.junit.jupiter:junit-jupiter-engine:5.9.3
to5.10.0
- Updated
org.junit.jupiter:junit-jupiter-params:5.9.3
to5.10.0
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.2.3
to1.3.0
- Updated
com.exasol:project-keeper-maven-plugin:2.9.7
to2.9.11
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.3.0
to3.4.0
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.0.0
to3.1.2
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.0.1
to3.1.0
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.0.0
to3.1.2
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.4.1
to1.5.0
- Updated
org.codehaus.mojo:versions-maven-plugin:2.15.0
to2.16.0
- Updated
org.jacoco:jacoco-maven-plugin:0.8.9
to0.8.10
2.0.2: Upgrade dependencies on top of 2.0.1
Summary
This release fixes vulnerabilities CVE-2023-34462 (Uncontrolled Resource Consumption) in transitive dependency io.netty:netty-handler
by upgrading it to the latest version.
Refactoring
- #58: Migrated CI isolation to AWS CDK v2
Security
- #60: Upgrade dependencies to fix vulnerabilities
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:exasol-testcontainers:6.5.2
to6.6.0
- Removed
commons-codec:commons-codec:1.15
- Added
io.netty:netty-handler:4.1.94.Final
- Updated
jakarta.json:jakarta.json-api:2.1.1
to2.1.2
- Updated
software.amazon.awssdk:cloudformation:2.20.44
to2.20.93
- Updated
software.amazon.awssdk:ec2:2.20.44
to2.20.93
Runtime Dependency Updates
- Updated
org.eclipse.parsson:parsson:1.1.1
to1.1.2
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.14.1
to3.14.3
- Updated
org.junit.jupiter:junit-jupiter-engine:5.9.2
to5.9.3
- Updated
org.junit.jupiter:junit-jupiter-params:5.9.2
to5.9.3
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.2.2
to1.2.3
- Updated
com.exasol:project-keeper-maven-plugin:2.9.6
to2.9.7
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.10.1
to3.11.0
- Updated
org.apache.maven.plugins:maven-deploy-plugin:3.1.0
to3.1.1
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.2.1
to3.3.0
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M8
to3.0.0
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.4.1
to3.5.0
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8
to3.0.0
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.3.0
to1.4.1
- Updated
org.codehaus.mojo:versions-maven-plugin:2.14.2
to2.15.0
- Updated
org.jacoco:jacoco-maven-plugin:0.8.8
to0.8.9
2.0.1: Fix container reuse
Summary
This release fixes an issue with reusing containers caused by exasol-testcontainers #220. It also removes duplicate classes from dependencies by replacing JSON library org.glassfish:jakarta.json
with org.eclipse.parsson:parsson
.
Bugfixes
- #55: Fixed reusing containers with SSH credentials
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:bucketfs-java:2.6.0
to3.1.0
- Updated
com.exasol:error-reporting-java:1.0.0
to1.0.1
- Updated
com.exasol:exasol-testcontainers:6.5.0
to6.5.2
- Updated
software.amazon.awssdk:cloudformation:2.19.18
to2.20.44
- Updated
software.amazon.awssdk:ec2:2.19.18
to2.20.44
Runtime Dependency Updates
- Added
org.eclipse.parsson:parsson:1.1.1
- Removed
org.glassfish:jakarta.json:2.0.1
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.12.3
to3.14.1
- Added
org.slf4j:slf4j-jdk14:2.0.7
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.2.1
to1.2.2
- Updated
com.exasol:project-keeper-maven-plugin:2.9.1
to2.9.6
- Updated
org.apache.maven.plugins:maven-deploy-plugin:3.0.0
to3.1.0
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
to3.2.1
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M7
to3.0.0-M8
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
to3.0.0-M8
- Added
org.basepom.maven:duplicate-finder-maven-plugin:1.5.1
- Updated
org.codehaus.mojo:versions-maven-plugin:2.13.0
to2.14.2