2.0.10 Fix CVE-2024-25638 in dependency

This release fixes vulnerability CVE-2024-25638 by updating transitive dependency dnsjava:dnsjava:jar:3.4.0.

Security Issues

• #74: Fixed vulnerability CVE-2024-25638 by updating dependency dnsjava:dnsjava:jar:3.4.0.

Dependency Updates

Compile Dependency Updates

• Added dnsjava:dnsjava:3.6.0
• Updated org.apache.commons:commons-configuration2:2.10.1 to 2.11.0
• Updated org.apache.parquet:parquet-hadoop:1.13.1 to 1.14.1
• Updated org.scala-lang:scala-library:2.13.13 to 2.13.14

Test Dependency Updates

• Updated org.junit.jupiter:junit-jupiter:5.10.2 to 5.10.3

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:4.3.2 to 4.3.3

2.0.9 Security update - fix for CVE-2024-36114

Fixed CVE-2024-36114 GHSA-973x-65j7-xcf4 via transitive version update.
Updated dependencies.

Security

• #72: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile

Dependency Updates

Compile Dependency Updates

• Added io.airlift:aircompressor:0.27
• Updated org.apache.commons:commons-compress:1.26.1 to 1.26.2

Test Dependency Updates

• Updated org.mockito:mockito-core:5.11.0 to 5.12.0
• Updated org.mockito:mockito-junit-jupiter:5.11.0 to 5.12.0

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.2 to 2.0.3
• Updated com.exasol:project-keeper-maven-plugin:4.3.0 to 4.3.2
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.1 to 3.1.2
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.2 to 3.2.4
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.3 to 3.7.0
• Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922 to 4.0.0.4121
• Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 to 1.7.0

2.0.8 Fix CVE-2024-29131 & CVE-2024-29133 in `org.apache.commons:commons-configuration2:jar:2.8.0:compile`

This release fixes vulnerabilities CVE-2024-29131 & CVE-2024-29133 in org.apache.commons:commons-configuration2:jar:2.8.0:compile.

Security

• #68: Fixed CVE-2024-29131 in org.apache.commons:commons-configuration2:jar:2.8.0:compile
• #69: Fixed CVE-2024-29133 in org.apache.commons:commons-configuration2:jar:2.8.0:compile

Dependency Updates

Compile Dependency Updates

• Added org.apache.commons:commons-configuration2:2.10.1
• Updated org.apache.hadoop:hadoop-client:3.3.6 to 3.4.0

Test Dependency Updates

• Updated nl.jqno.equalsverifier:equalsverifier:3.15.8 to 3.16.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.0 to 2.0.2
• Updated com.exasol:project-keeper-maven-plugin:4.1.0 to 4.3.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.1.0 to 3.2.2
• Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 3.11.0.3922

2.0.7: Fix vulnerabilities CVE-2024-25710, CVE-2024-26308 and CVE-2023-52428 in compile dependencies

Summary

This release fixes vulnerabilities in the following compile dependencies:

• org.apache.commons:commons-compress
  • CVE-2024-25710: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') (8.1)
  • CVE-2024-26308: CWE-770: Allocation of Resources Without Limits or Throttling (7.5)
• com.nimbusds:nimbus-jose-jwt
  • CVE-2023-52428: CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (7.5)

Security

• #66: Fixed vulnerabilities

Dependency Updates

Compile Dependency Updates

• Updated org.apache.commons:commons-compress:1.24.0 to 1.26.1
• Updated org.scala-lang:scala-library:2.13.12 to 2.13.13

Test Dependency Updates

• Updated nl.jqno.equalsverifier:equalsverifier:3.15.2 to 3.15.8
• Updated org.junit.jupiter:junit-jupiter:5.10.0 to 5.10.2
• Updated org.mockito:mockito-core:5.6.0 to 5.11.0
• Updated org.mockito:mockito-junit-jupiter:5.6.0 to 5.11.0

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 2.0.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 4.1.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.5
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.5.0 to 3.6.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.5
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.2
• Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

2.0.6: Fix CVE-2023-39410 and CVE-2023-42503

Summary

This release fixes the following vulnerabilities:

• CVE-2023-39410 in compile dependency org.apache.avro:avro
• CVE-2023-42503 in compile dependency org.apache.commons:commons-compress

Security

• #64: Fixed CVE-2023-39410 in org.apache.avro:avro

Dependency Updates

Compile Dependency Updates

• Added org.apache.avro:avro:1.11.3
• Added org.apache.commons:commons-compress:1.24.0

Test Dependency Updates

• Added nl.jqno.equalsverifier:equalsverifier:3.15.2
• Updated org.mockito:mockito-core:5.5.0 to 5.6.0
• Updated org.mockito:mockito-junit-jupiter:5.5.0 to 5.6.0

2.0.5: Fixed CVE-2023-43642

Summary

This release fixes CVE-2023-43642 in org.xerial.snappy:snappy-java.

Security

• #62: Fixed CVE-2023-43642 in org.xerial.snappy:snappy-java

Dependency Updates

Compile Dependency Updates

• Updated org.scala-lang:scala-library:2.13.11 to 2.13.12
• Updated org.xerial.snappy:snappy-java:1.1.10.1 to 1.1.10.5

Test Dependency Updates

• Updated org.junit.jupiter:junit-jupiter:5.9.3 to 5.10.0
• Updated org.mockito:mockito-core:5.4.0 to 5.5.0
• Updated org.mockito:mockito-junit-jupiter:5.4.0 to 5.5.0
• Updated org.scalatest:scalatest_2.13:3.2.15 to 3.3.0-SNAP4

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.3 to 1.3.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.7 to 2.9.12
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.3.0 to 3.4.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0 to 3.1.2
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.0.1 to 3.1.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0 to 3.1.2
• Updated org.basepom.maven:duplicate-finder-maven-plugin:1.5.1 to 2.0.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.4.1 to 1.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.15.0 to 2.16.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.9 to 0.8.10

2.0.4: Updated dependencies to fix CVE vulnerabilities

Summary

This release updates Hadoop dependency to fix CVE vulnerabilities.

Security

• #50: Upgraded Hadoop dependency to fix CVE vulnerabilities

Dependency Updates

Compile Dependency Updates

• Updated org.apache.hadoop:hadoop-client:3.3.5 to 3.3.6
• Updated org.apache.parquet:parquet-hadoop:1.13.0 to 1.13.1
• Updated org.scala-lang:scala-library:2.13.10 to 2.13.11
• Added org.xerial.snappy:snappy-java:1.1.10.1

Test Dependency Updates

• Updated org.junit.jupiter:junit-jupiter:5.9.2 to 5.9.3
• Updated org.mockito:mockito-core:5.3.1 to 5.4.0
• Updated org.mockito:mockito-junit-jupiter:5.3.1 to 5.4.0

Plugin Dependency Updates

• Updated org.itsallcode:openfasttrace-maven-plugin:1.6.1 to 1.6.2

2.0.3: Fix CVE-2023-26048

Summary

This release fixes vulnerability CVE-2023-26048 (Uncontrolled Resource Consumption) in transitive dependency org.eclipse.jetty:jetty-util:jar:9.4.48.v20220622 by excluding it as it is not used.

Security

• #57: Fixed CVE-2023-26048

Dependency Updates

Test Dependency Updates

• Updated org.mockito:mockito-core:5.3.0 to 5.3.1
• Updated org.mockito:mockito-junit-jupiter:5.3.0 to 5.3.1

2.0.2: Remove duplicate classes

Summary

This release removes duplicate classes from dependencies.

Bugfixes

• #55: Removed duplicate classes from dependencies

Dependency Updates

Compile Dependency Updates

• Removed com.fasterxml.woodstox:woodstox-core:6.5.0
• Removed com.google.guava:guava:31.1-jre
• Removed org.apache.commons:commons-compress:1.22
• Updated org.apache.hadoop:hadoop-client:3.3.4 to 3.3.5
• Updated org.apache.parquet:parquet-hadoop:1.12.3 to 1.13.0

Test Dependency Updates

• Updated org.mockito:mockito-core:5.2.0 to 5.3.0
• Updated org.mockito:mockito-junit-jupiter:5.2.0 to 5.3.0

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.2 to 1.2.3
• Updated com.exasol:project-keeper-maven-plugin:2.9.4 to 2.9.7
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.11.0
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.0 to 3.1.1
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.2.1 to 3.3.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M8 to 3.0.0
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8 to 3.0.0
• Added org.basepom.maven:duplicate-finder-maven-plugin:1.5.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.3.0 to 1.4.1
• Updated org.codehaus.mojo:versions-maven-plugin:2.14.2 to 2.15.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.9

2.0.1: Update Dependencies

Summary

This release fixes vulnerabilities by updating dependencies:

• com.fasterxml.woodstox:woodstox-core:jar:5.3.0:compile: CVE-2022-40152
• com.fasterxml.jackson.core:jackson-core:jar:2.12.7:compile: sonatype-2022-6438
• commons-net:commons-net:jar:3.6:compile: CVE-2021-37533

Features

• #53: Updated dependencies

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:error-reporting-java:1.0.0 to 1.0.1
• Added com.fasterxml.woodstox:woodstox-core:6.5.0
• Updated org.apache.commons:commons-compress:1.21 to 1.22

Test Dependency Updates

• Updated org.junit.jupiter:junit-jupiter:5.9.1 to 5.9.2
• Updated org.mockito:mockito-core:4.8.0 to 5.2.0
• Updated org.mockito:mockito-junit-jupiter:4.8.0 to 5.2.0
• Updated org.scalatest:scalatest_2.13:3.2.12 to 3.2.15

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.1.2 to 1.2.2
• Updated com.exasol:project-keeper-maven-plugin:2.8.0 to 2.9.4
• Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.16
• Updated net.alchim31.maven:scala-maven-plugin:4.6.3 to 4.8.1
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1 to 3.1.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.2.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5 to 3.0.0-M8
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 to 3.0.0-M8
• Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.3.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.14.2
• Updated org.itsallcode:openfasttrace-maven-plugin:1.5.0 to 1.6.1
• Updated org.scalatest:scalatest-maven-plugin:2.0.2 to 2.2.0