Releases: exasol/spark-connector-common-java
2.0.8 Fixed vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided
This release fixes vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided which could lead to unbounded recursion.
Security
- #41: CVE-2024-7254: com.google.protobuf:protobuf-java:jar:3.19.6:provided
Dependency Updates
Compile Dependency Updates
- Removed
io.netty:netty-all:4.1.111.Final
- Removed
joda-time:joda-time:2.12.7
- Removed
org.apache.avro:avro:1.11.3
- Removed
org.apache.commons:commons-compress:1.26.2
- Removed
org.apache.ivy:ivy:2.5.2
- Removed
org.apache.zookeeper:zookeeper:3.9.2
- Removed
org.codehaus.janino:janino:3.1.12
- Removed
org.xerial.snappy:snappy-java:1.1.10.5
2.0.7 Test with Exasol v8
This release verifies that this project works with Exasol v8 by running integration tests with the latest Exasol Docker DB version.
Features
- #34: Added integration tests with Exasol v8
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:exasol-jdbc:24.0.0
to24.1.0
- Updated
io.netty:netty-all:4.1.109.Final
to4.1.111.Final
- Updated
org.apache.commons:commons-compress:1.26.1
to1.26.2
Test Dependency Updates
- Updated
com.exasol:exasol-testcontainers:7.0.1
to7.1.0
- Updated
com.fasterxml.jackson.core:jackson-core:2.17.0
to2.17.1
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.8
to3.16.1
- Updated
org.mockito:mockito-core:5.11.0
to5.12.0
- Updated
org.mockito:mockito-junit-jupiter:5.11.0
to5.12.0
- Updated
org.testcontainers:junit-jupiter:1.19.7
to1.19.8
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:4.3.2
to4.3.3
2.0.6 CVE fix
Fixed CVE-2024-36114 in io.airlift:aircompressor (dependency of spark-sql).
Features
- #38: CVE-2024-36114: io.airlift:aircompressor:jar:0.25:provided
Dependency Updates
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:2.0.2
to2.0.3
- Updated
com.exasol:project-keeper-maven-plugin:4.3.0
to4.3.2
- Updated
org.apache.maven.plugins:maven-deploy-plugin:3.1.1
to3.1.2
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.4.1
to3.5.0
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.2.2
to3.2.4
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.6.3
to3.7.0
- Updated
org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
to3.2.0
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922
to4.0.0.4121
- Updated
org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13
to1.7.0
2.0.5 Fix CVEs in compile and test dependencies
This release fixes the following vulnerabilities in dependencies:
- CVE-2024-29025 in
io.netty:netty-codec-http:jar:4.1.96.Final:provided
- CVE-2024-23080 in
joda-time:joda-time:jar:2.12.5:provided
- CVE-2023-33546 in
org.codehaus.janino:janino:jar:3.1.9:provided
Features
- #36: Fixed CVE-2024-23080
- #35: Fixed CVE-2024-29025
Dependency Updates
Compile Dependency Updates
- Added
io.netty:netty-all:4.1.109.Final
- Added
joda-time:joda-time:2.12.7
- Added
org.codehaus.janino:janino:3.1.12
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:2.0.1
to2.0.2
- Updated
com.exasol:project-keeper-maven-plugin:4.2.0
to4.3.0
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.12.1
to3.13.0
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.1.0
to3.2.2
- Updated
org.jacoco:jacoco-maven-plugin:0.8.11
to0.8.12
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594
to3.11.0.3922
2.0.4: Fix CVE-2024-25710 and CVE-2024-26308 in compile dependency
This release fixes CVE-2024-25710 and CVE-2024-26308 in compile dependency org.apache.commons:commons-compress:1.24.0
.
Security
- #30: Fixed CVE-2024-25710 in
org.apache.commons:commons-compress:jar:1.24.0:compile
- #32: Fixed CVE-2024-26308 in
org.apache.commons:commons-compress:jar:1.24.0:compile
Dependency Updates
Compile Dependency Updates
- Updated
com.exasol:exasol-jdbc:7.1.20
to24.0.0
- Updated
org.apache.commons:commons-compress:1.24.0
to1.26.1
- Updated
org.apache.zookeeper:zookeeper:3.7.2
to3.9.2
Test Dependency Updates
- Updated
com.exasol:exasol-testcontainers:7.0.0
to7.0.1
- Updated
com.exasol:hamcrest-resultset-matcher:1.6.1
to1.6.5
- Updated
com.exasol:test-db-builder-java:3.5.1
to3.5.4
- Updated
com.fasterxml.jackson.core:jackson-core:2.15.2
to2.17.0
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.2
to3.15.8
- Updated
org.junit.jupiter:junit-jupiter-api:5.10.0
to5.10.2
- Updated
org.junit.jupiter:junit-jupiter:5.10.0
to5.10.2
- Updated
org.mockito:mockito-core:5.5.0
to5.11.0
- Updated
org.mockito:mockito-junit-jupiter:5.5.0
to5.11.0
- Updated
org.testcontainers:junit-jupiter:1.19.0
to1.19.7
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.3.1
to2.0.1
- Updated
com.exasol:project-keeper-maven-plugin:2.9.16
to4.2.0
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.11.0
to3.12.1
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.2.2
to3.2.5
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.6.2
to3.6.3
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.2.2
to3.2.5
- Added
org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.5.0
to1.6.0
- Updated
org.codehaus.mojo:versions-maven-plugin:2.16.1
to2.16.2
2.0.3: Update transitive dependencies to fix CVEs
Summary
Updated transitive dependencies to fix:
- zookeeper: CVE-2023-44981, severity CWE-639: Authorization Bypass Through User-Controlled Key (9.1)
- exasol-testcontainers: CVE-2023-4043, severity CWE-20: Improper Input Validation (7.5)
- arvo: CVE-2023-39410, severity CWE-502: Deserialization of Untrusted Data (7.5)
CVE-2023-4586 is silenced, as there is no fix at the moment.
Features
- #27: Fixed vulnerabilities in zookeeper, parsson, avro
Dependency Updates
Compile Dependency Updates
- Added
org.apache.avro:avro:1.11.3
- Added
org.apache.zookeeper:zookeeper:3.7.2
Test Dependency Updates
- Updated
com.exasol:exasol-testcontainers:6.6.2
to7.0.0
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.3.0
to1.3.1
- Updated
com.exasol:project-keeper-maven-plugin:2.9.12
to2.9.16
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.4.0
to3.4.1
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.1.2
to3.2.2
- Updated
org.apache.maven.plugins:maven-javadoc-plugin:3.5.0
to3.6.2
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.1.2
to3.2.2
- Updated
org.codehaus.mojo:versions-maven-plugin:2.16.0
to2.16.1
- Updated
org.jacoco:jacoco-maven-plugin:0.8.10
to0.8.11
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
to3.10.0.2594
2.0.2: Update dependencies to fix CVEs
Summary
Update transitive dependencies to fix CVE-2023-42503, CVE-2023-43642, CVE-2022-46751 and CVE-2022-46751.
Security
- #23: Updated deps to fix CVE-2023-42503, CVE-2023-43642, CVE-2022-46751 and CVE-2022-46751
Dependency Updates
Compile Dependency Updates
- Added
org.apache.commons:commons-compress:1.24.0
- Added
org.apache.ivy:ivy:2.5.2
- Added
org.xerial.snappy:snappy-java:1.1.10.5
Test Dependency Updates
- Updated
com.exasol:exasol-testcontainers:6.6.1
to6.6.2
- Updated
com.exasol:hamcrest-resultset-matcher:1.6.0
to1.6.1
- Updated
com.exasol:test-db-builder-java:3.4.2
to3.5.1
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15
to3.15.2
- Updated
org.mockito:mockito-core:5.4.0
to5.5.0
- Updated
org.mockito:mockito-junit-jupiter:5.4.0
to5.5.0
- Updated
org.testcontainers:junit-jupiter:1.18.3
to1.19.0
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:2.9.10
to2.9.12
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.3.0
to3.4.0
2.0.1: Added helper method to get key-value options pairs
Summary
This release adds a helper method to get key-value options pairs.
Refactorings
- #21: Added get method for key-value options pairs
Dependency Updates
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:2.9.9
to2.9.10
2.0.0: Added Spark filter converter
Summary
In this release we added a common class to convert Apache Spark filter
expressions into Exasol SQL WHERE
clauses. This helps to enrich the user queries and push the predicate conditions down to the Exasol database.
Features
- #18: Added Spark filter converter implementation
Dependency Updates
Test Dependency Updates
- Updated
com.exasol:exasol-testcontainers:6.6.0
to6.6.1
- Updated
nl.jqno.equalsverifier:equalsverifier:3.14.3
to3.15
- Updated
org.junit.jupiter:junit-jupiter-api:5.9.3
to5.10.0
- Updated
org.junit.jupiter:junit-jupiter:5.9.3
to5.10.0
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.2.3
to1.3.0
- Updated
com.exasol:project-keeper-maven-plugin:2.9.7
to2.9.9
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.0.0
to3.1.2
- Updated
org.apache.maven.plugins:maven-gpg-plugin:3.0.1
to3.1.0
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.0.0
to3.1.2
- Updated
org.basepom.maven:duplicate-finder-maven-plugin:1.5.1
to2.0.1
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.4.1
to1.5.0
- Updated
org.codehaus.mojo:versions-maven-plugin:2.15.0
to2.16.0
- Updated
org.jacoco:jacoco-maven-plugin:0.8.9
to0.8.10
1.1.1: Refactored `ExasolOptions` class to be `Serializable`.
Summary
Update the ExasolOptions
to be serializable since Spark 3.3 with Scala 2.12 version requires the class to implement Serializable
interface.
Features
- #16: Refactored
ExasolOptions
class to be serializable