2.0.8 Fixed vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided

This release fixes vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided which could lead to unbounded recursion.

Security

• #41: CVE-2024-7254: com.google.protobuf:protobuf-java:jar:3.19.6:provided

Dependency Updates

Compile Dependency Updates

• Removed io.netty:netty-all:4.1.111.Final
• Removed joda-time:joda-time:2.12.7
• Removed org.apache.avro:avro:1.11.3
• Removed org.apache.commons:commons-compress:1.26.2
• Removed org.apache.ivy:ivy:2.5.2
• Removed org.apache.zookeeper:zookeeper:3.9.2
• Removed org.codehaus.janino:janino:3.1.12
• Removed org.xerial.snappy:snappy-java:1.1.10.5

2.0.7 Test with Exasol v8

This release verifies that this project works with Exasol v8 by running integration tests with the latest Exasol Docker DB version.

Features

• #34: Added integration tests with Exasol v8

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:exasol-jdbc:24.0.0 to 24.1.0
• Updated io.netty:netty-all:4.1.109.Final to 4.1.111.Final
• Updated org.apache.commons:commons-compress:1.26.1 to 1.26.2

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.0.1 to 7.1.0
• Updated com.fasterxml.jackson.core:jackson-core:2.17.0 to 2.17.1
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.8 to 3.16.1
• Updated org.mockito:mockito-core:5.11.0 to 5.12.0
• Updated org.mockito:mockito-junit-jupiter:5.11.0 to 5.12.0
• Updated org.testcontainers:junit-jupiter:1.19.7 to 1.19.8

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:4.3.2 to 4.3.3

2.0.6 CVE fix

Fixed CVE-2024-36114 in io.airlift:aircompressor (dependency of spark-sql).

Features

• #38: CVE-2024-36114: io.airlift:aircompressor:jar:0.25:provided

Dependency Updates

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.2 to 2.0.3
• Updated com.exasol:project-keeper-maven-plugin:4.3.0 to 4.3.2
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.1 to 3.1.2
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.2 to 3.2.4
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.3 to 3.7.0
• Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922 to 4.0.0.4121
• Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 to 1.7.0

2.0.5 Fix CVEs in compile and test dependencies

This release fixes the following vulnerabilities in dependencies:

• CVE-2024-29025 in io.netty:netty-codec-http:jar:4.1.96.Final:provided
• CVE-2024-23080 in joda-time:joda-time:jar:2.12.5:provided
• CVE-2023-33546 in org.codehaus.janino:janino:jar:3.1.9:provided

Features

• #36: Fixed CVE-2024-23080
• #35: Fixed CVE-2024-29025

Dependency Updates

Compile Dependency Updates

• Added io.netty:netty-all:4.1.109.Final
• Added joda-time:joda-time:2.12.7
• Added org.codehaus.janino:janino:3.1.12

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.1 to 2.0.2
• Updated com.exasol:project-keeper-maven-plugin:4.2.0 to 4.3.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.1.0 to 3.2.2
• Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 3.11.0.3922

2.0.4: Fix CVE-2024-25710 and CVE-2024-26308 in compile dependency

This release fixes CVE-2024-25710 and CVE-2024-26308 in compile dependency org.apache.commons:commons-compress:1.24.0.

Security

• #30: Fixed CVE-2024-25710 in org.apache.commons:commons-compress:jar:1.24.0:compile
• #32: Fixed CVE-2024-26308 in org.apache.commons:commons-compress:jar:1.24.0:compile

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:exasol-jdbc:7.1.20 to 24.0.0
• Updated org.apache.commons:commons-compress:1.24.0 to 1.26.1
• Updated org.apache.zookeeper:zookeeper:3.7.2 to 3.9.2

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.0.0 to 7.0.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.1 to 1.6.5
• Updated com.exasol:test-db-builder-java:3.5.1 to 3.5.4
• Updated com.fasterxml.jackson.core:jackson-core:2.15.2 to 2.17.0
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.2 to 3.15.8
• Updated org.junit.jupiter:junit-jupiter-api:5.10.0 to 5.10.2
• Updated org.junit.jupiter:junit-jupiter:5.10.0 to 5.10.2
• Updated org.mockito:mockito-core:5.5.0 to 5.11.0
• Updated org.mockito:mockito-junit-jupiter:5.5.0 to 5.11.0
• Updated org.testcontainers:junit-jupiter:1.19.0 to 1.19.7

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.1
• Updated com.exasol:project-keeper-maven-plugin:2.9.16 to 4.2.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.2 to 3.2.5
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.2 to 3.6.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.2 to 3.2.5
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.1 to 2.16.2

2.0.3: Update transitive dependencies to fix CVEs

Summary

Updated transitive dependencies to fix:

• zookeeper: CVE-2023-44981, severity CWE-639: Authorization Bypass Through User-Controlled Key (9.1)
• exasol-testcontainers: CVE-2023-4043, severity CWE-20: Improper Input Validation (7.5)
• arvo: CVE-2023-39410, severity CWE-502: Deserialization of Untrusted Data (7.5)

CVE-2023-4586 is silenced, as there is no fix at the moment.

Features

• #27: Fixed vulnerabilities in zookeeper, parsson, avro

Dependency Updates

Compile Dependency Updates

• Added org.apache.avro:avro:1.11.3
• Added org.apache.zookeeper:zookeeper:3.7.2

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.2 to 7.0.0

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 1.3.1
• Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 2.9.16
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.2
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.5.0 to 3.6.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.2
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.1
• Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

2.0.2: Update dependencies to fix CVEs

Summary

Update transitive dependencies to fix CVE-2023-42503, CVE-2023-43642, CVE-2022-46751 and CVE-2022-46751.

Security

• #23: Updated deps to fix CVE-2023-42503, CVE-2023-43642, CVE-2022-46751 and CVE-2022-46751

Dependency Updates

Compile Dependency Updates

• Added org.apache.commons:commons-compress:1.24.0
• Added org.apache.ivy:ivy:2.5.2
• Added org.xerial.snappy:snappy-java:1.1.10.5

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.1 to 6.6.2
• Updated com.exasol:hamcrest-resultset-matcher:1.6.0 to 1.6.1
• Updated com.exasol:test-db-builder-java:3.4.2 to 3.5.1
• Updated nl.jqno.equalsverifier:equalsverifier:3.15 to 3.15.2
• Updated org.mockito:mockito-core:5.4.0 to 5.5.0
• Updated org.mockito:mockito-junit-jupiter:5.4.0 to 5.5.0
• Updated org.testcontainers:junit-jupiter:1.18.3 to 1.19.0

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.10 to 2.9.12
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.3.0 to 3.4.0

2.0.1: Added helper method to get key-value options pairs

Summary

This release adds a helper method to get key-value options pairs.

Refactorings

• #21: Added get method for key-value options pairs

Dependency Updates

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.9 to 2.9.10

2.0.0: Added Spark filter converter

Summary

In this release we added a common class to convert Apache Spark filter expressions into Exasol SQL WHERE clauses. This helps to enrich the user queries and push the predicate conditions down to the Exasol database.

Features

• #18: Added Spark filter converter implementation

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.0 to 6.6.1
• Updated nl.jqno.equalsverifier:equalsverifier:3.14.3 to 3.15
• Updated org.junit.jupiter:junit-jupiter-api:5.9.3 to 5.10.0
• Updated org.junit.jupiter:junit-jupiter:5.9.3 to 5.10.0

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.3 to 1.3.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.7 to 2.9.9
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0 to 3.1.2
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.0.1 to 3.1.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0 to 3.1.2
• Updated org.basepom.maven:duplicate-finder-maven-plugin:1.5.1 to 2.0.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.4.1 to 1.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.15.0 to 2.16.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.9 to 0.8.10

1.1.1: Refactored `ExasolOptions` class to be `Serializable`.

Summary

Update the ExasolOptions to be serializable since Spark 3.3 with Scala 2.12 version requires the class to implement Serializable interface.

Features

• #16: Refactored ExasolOptions class to be serializable