Releases: exasol/parquet-io-java
2.0.10 Fix CVE-2024-25638 in dependency
This release fixes vulnerability CVE-2024-25638 by updating transitive dependency dnsjava:dnsjava:jar:3.4.0
.
Security Issues
- #74: Fixed vulnerability CVE-2024-25638 by updating dependency
dnsjava:dnsjava:jar:3.4.0
.
Dependency Updates
Compile Dependency Updates
- Added
dnsjava:dnsjava:3.6.0
- Updated
org.apache.commons:commons-configuration2:2.10.1
to2.11.0
- Updated
org.apache.parquet:parquet-hadoop:1.13.1
to1.14.1
- Updated
org.scala-lang:scala-library:2.13.13
to2.13.14
Test Dependency Updates
- Updated
org.junit.jupiter:junit-jupiter:5.10.2
to5.10.3
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:4.3.2
to4.3.3
2.0.9 Security update - fix for CVE-2024-36114
Fixed CVE-2024-36114 GHSA-973x-65j7-xcf4 via transitive version update.
Updated dependencies.
Security
- #72: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile
Dependency Updates
Compile Dependency Updates
- Added
io.airlift:aircompressor:0.27
- Updated
org.apache.commons:commons-compress:1.26.1
to1.26.2
Test Dependency Updates
- Updated
org.mockito:mockito-core:5.11.0
to5.12.0
- Updated
org.mockito:mockito-junit-jupiter:5.11.0
to5.12.0
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:2.0.2
to2.0.3
- Updated
com.exasol:project-keeper-maven-plugin:4.3.0
to4.3.2
- Updated
org.apache.maven.plugins:maven-deploy-plugin:3.1.1
to3.1.2
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.4.1
to3.5.0
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.2.2
to3.2.4
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.6.3
to3.7.0
- Updated
org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
to3.2.0
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922
to4.0.0.4121
- Updated
org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13
to1.7.0
2.0.8 Fix CVE-2024-29131 & CVE-2024-29133 in `org.apache.commons:commons-configuration2:jar:2.8.0:compile`
This release fixes vulnerabilities CVE-2024-29131 & CVE-2024-29133 in org.apache.commons:commons-configuration2:jar:2.8.0:compile
.
Security
- #68: Fixed CVE-2024-29131 in
org.apache.commons:commons-configuration2:jar:2.8.0:compile
- #69: Fixed CVE-2024-29133 in
org.apache.commons:commons-configuration2:jar:2.8.0:compile
Dependency Updates
Compile Dependency Updates
- Added
org.apache.commons:commons-configuration2:2.10.1
- Updated
org.apache.hadoop:hadoop-client:3.3.6
to3.4.0
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.8
to3.16.1
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:2.0.0
to2.0.2
- Updated
com.exasol:project-keeper-maven-plugin:4.1.0
to4.3.0
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.12.1
to3.13.0
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.1.0
to3.2.2
- Updated
org.jacoco:jacoco-maven-plugin:0.8.11
to0.8.12
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594
to3.11.0.3922
2.0.7: Fix vulnerabilities CVE-2024-25710, CVE-2024-26308 and CVE-2023-52428 in compile dependencies
Summary
This release fixes vulnerabilities in the following compile dependencies:
org.apache.commons:commons-compress
- CVE-2024-25710: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') (8.1)
- CVE-2024-26308: CWE-770: Allocation of Resources Without Limits or Throttling (7.5)
com.nimbusds:nimbus-jose-jwt
- CVE-2023-52428: CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (7.5)
Security
- #66: Fixed vulnerabilities
Dependency Updates
Compile Dependency Updates
- Updated
org.apache.commons:commons-compress:1.24.0
to1.26.1
- Updated
org.scala-lang:scala-library:2.13.12
to2.13.13
Test Dependency Updates
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.2
to3.15.8
- Updated
org.junit.jupiter:junit-jupiter:5.10.0
to5.10.2
- Updated
org.mockito:mockito-core:5.6.0
to5.11.0
- Updated
org.mockito:mockito-junit-jupiter:5.6.0
to5.11.0
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.3.0
to2.0.0
- Updated
com.exasol:project-keeper-maven-plugin:2.9.12
to4.1.0
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.11.0
to3.12.1
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.4.0
to3.4.1
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.1.2
to3.2.5
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.5.0
to3.6.3
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.1.2
to3.2.5
- Added
org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.5.0
to1.6.0
- Updated
org.codehaus.mojo:versions-maven-plugin:2.16.0
to2.16.2
- Updated
org.jacoco:jacoco-maven-plugin:0.8.10
to0.8.11
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
to3.10.0.2594
2.0.6: Fix CVE-2023-39410 and CVE-2023-42503
Summary
This release fixes the following vulnerabilities:
- CVE-2023-39410 in compile dependency
org.apache.avro:avro
- CVE-2023-42503 in compile dependency
org.apache.commons:commons-compress
Security
- #64: Fixed CVE-2023-39410 in
org.apache.avro:avro
Dependency Updates
Compile Dependency Updates
- Added
org.apache.avro:avro:1.11.3
- Added
org.apache.commons:commons-compress:1.24.0
Test Dependency Updates
- Added
nl.jqno.equalsverifier:equalsverifier:3.15.2
- Updated
org.mockito:mockito-core:5.5.0
to5.6.0
- Updated
org.mockito:mockito-junit-jupiter:5.5.0
to5.6.0
2.0.5: Fixed CVE-2023-43642
Summary
This release fixes CVE-2023-43642 in org.xerial.snappy:snappy-java
.
Security
- #62: Fixed CVE-2023-43642 in
org.xerial.snappy:snappy-java
Dependency Updates
Compile Dependency Updates
- Updated
org.scala-lang:scala-library:2.13.11
to2.13.12
- Updated
org.xerial.snappy:snappy-java:1.1.10.1
to1.1.10.5
Test Dependency Updates
- Updated
org.junit.jupiter:junit-jupiter:5.9.3
to5.10.0
- Updated
org.mockito:mockito-core:5.4.0
to5.5.0
- Updated
org.mockito:mockito-junit-jupiter:5.4.0
to5.5.0
- Updated
org.scalatest:scalatest_2.13:3.2.15
to3.3.0-SNAP4
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.2.3
to1.3.0
- Updated
com.exasol:project-keeper-maven-plugin:2.9.7
to2.9.12
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.3.0
to3.4.0
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.0.0
to3.1.2
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.0.1
to3.1.0
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.0.0
to3.1.2
- Updated
org.basepom.maven:duplicate-finder-maven-plugin:1.5.1
to2.0.1
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.4.1
to1.5.0
- Updated
org.codehaus.mojo:versions-maven-plugin:2.15.0
to2.16.0
- Updated
org.jacoco:jacoco-maven-plugin:0.8.9
to0.8.10
2.0.4: Updated dependencies to fix CVE vulnerabilities
Summary
This release updates Hadoop
dependency to fix CVE vulnerabilities.
Security
- #50: Upgraded Hadoop dependency to fix CVE vulnerabilities
Dependency Updates
Compile Dependency Updates
- Updated
org.apache.hadoop:hadoop-client:3.3.5
to3.3.6
- Updated
org.apache.parquet:parquet-hadoop:1.13.0
to1.13.1
- Updated
org.scala-lang:scala-library:2.13.10
to2.13.11
- Added
org.xerial.snappy:snappy-java:1.1.10.1
Test Dependency Updates
- Updated
org.junit.jupiter:junit-jupiter:5.9.2
to5.9.3
- Updated
org.mockito:mockito-core:5.3.1
to5.4.0
- Updated
org.mockito:mockito-junit-jupiter:5.3.1
to5.4.0
Plugin Dependency Updates
- Updated
org.itsallcode:openfasttrace-maven-plugin:1.6.1
to1.6.2
2.0.3: Fix CVE-2023-26048
Summary
This release fixes vulnerability CVE-2023-26048 (Uncontrolled Resource Consumption) in transitive dependency org.eclipse.jetty:jetty-util:jar:9.4.48.v20220622
by excluding it as it is not used.
Security
- #57: Fixed CVE-2023-26048
Dependency Updates
Test Dependency Updates
- Updated
org.mockito:mockito-core:5.3.0
to5.3.1
- Updated
org.mockito:mockito-junit-jupiter:5.3.0
to5.3.1
2.0.2: Remove duplicate classes
Summary
This release removes duplicate classes from dependencies.
Bugfixes
- #55: Removed duplicate classes from dependencies
Dependency Updates
Compile Dependency Updates
- Removed
com.fasterxml.woodstox:woodstox-core:6.5.0
- Removed
com.google.guava:guava:31.1-jre
- Removed
org.apache.commons:commons-compress:1.22
- Updated
org.apache.hadoop:hadoop-client:3.3.4
to3.3.5
- Updated
org.apache.parquet:parquet-hadoop:1.12.3
to1.13.0
Test Dependency Updates
- Updated
org.mockito:mockito-core:5.2.0
to5.3.0
- Updated
org.mockito:mockito-junit-jupiter:5.2.0
to5.3.0
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.2.2
to1.2.3
- Updated
com.exasol:project-keeper-maven-plugin:2.9.4
to2.9.7
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.10.1
to3.11.0
- Updated
org.apache.maven.plugins:maven-deploy-plugin:3.1.0
to3.1.1
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.2.1
to3.3.0
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M8
to3.0.0
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.4.1
to3.5.0
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8
to3.0.0
- Added
org.basepom.maven:duplicate-finder-maven-plugin:1.5.1
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.3.0
to1.4.1
- Updated
org.codehaus.mojo:versions-maven-plugin:2.14.2
to2.15.0
- Updated
org.jacoco:jacoco-maven-plugin:0.8.8
to0.8.9
2.0.1: Update Dependencies
Summary
This release fixes vulnerabilities by updating dependencies:
com.fasterxml.woodstox:woodstox-core:jar:5.3.0:compile
: CVE-2022-40152com.fasterxml.jackson.core:jackson-core:jar:2.12.7:compile
: sonatype-2022-6438commons-net:commons-net:jar:3.6:compile
: CVE-2021-37533
Features
- #53: Updated dependencies
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:error-reporting-java:1.0.0
to1.0.1
- Added
com.fasterxml.woodstox:woodstox-core:6.5.0
- Updated
org.apache.commons:commons-compress:1.21
to1.22
Test Dependency Updates
- Updated
org.junit.jupiter:junit-jupiter:5.9.1
to5.9.2
- Updated
org.mockito:mockito-core:4.8.0
to5.2.0
- Updated
org.mockito:mockito-junit-jupiter:4.8.0
to5.2.0
- Updated
org.scalatest:scalatest_2.13:3.2.12
to3.2.15
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.1.2
to1.2.2
- Updated
com.exasol:project-keeper-maven-plugin:2.8.0
to2.9.4
- Updated
io.github.zlika:reproducible-build-maven-plugin:0.15
to0.16
- Updated
net.alchim31.maven:scala-maven-plugin:4.6.3
to4.8.1
- Updated
org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1
to3.1.0
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
to3.2.1
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5
to3.0.0-M8
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.4.0
to3.4.1
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5
to3.0.0-M8
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.2.7
to1.3.0
- Updated
org.codehaus.mojo:versions-maven-plugin:2.10.0
to2.14.2
- Updated
org.itsallcode:openfasttrace-maven-plugin:1.5.0
to1.6.1
- Updated
org.scalatest:scalatest-maven-plugin:2.0.2
to2.2.0