5.0.2 Fix CVE-2024-7254 in transitive test dependency com.google.protobuf:protobuf-java:jar:3.25.3:test

This release fixes vulnerability CVE-2024-7254 in transitive test dependency com.google.protobuf:protobuf-java:3.25.3

Security

• #50: Fixed CVE-2024-7254 in transitive test dependency com.google.protobuf:protobuf-java:3.25.3

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.0.1 to 7.1.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.5 to 1.7.0
• Updated com.exasol:udf-debugging-java:0.6.12 to 0.6.13
• Updated com.google.protobuf:protobuf-java:3.25.3 to 4.28.2
• Updated com.mysql:mysql-connector-j:8.3.0 to 9.0.0
• Updated org.hamcrest:hamcrest:2.2 to 3.0
• Updated org.jacoco:org.jacoco.agent:0.8.11 to 0.8.12
• Updated org.junit.jupiter:junit-jupiter:5.10.2 to 5.11.0
• Updated org.mockito:mockito-junit-jupiter:5.11.0 to 5.13.0
• Updated org.slf4j:slf4j-jdk14:2.0.12 to 2.0.16
• Updated org.testcontainers:junit-jupiter:1.19.7 to 1.20.1
• Updated org.testcontainers:mysql:1.19.7 to 1.20.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.1 to 2.0.3
• Updated com.exasol:project-keeper-maven-plugin:4.2.0 to 4.3.3
• Updated org.apache.maven.plugins:maven-assembly-plugin:3.6.0 to 3.7.1
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-jar-plugin:3.3.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 4.0.0.4121

5.0.1 Fixed vulnerabilities CVE-2024-25710 and CVE-2024-26308 in test dependencies

This is a security release in which we updated test dependency com.exasol:exasol-test-setup-abstraction-java to fix vulnerabilities CVE-2024-25710 and CVE-2024-26308 in its transitive dependencies.

Security

• #45: Fixed vulnerability CVE-2024-25710
• #46: Fixed vulnerability CVE-2024-26308

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.2 to 7.0.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.1 to 1.6.5
• Updated com.exasol:test-db-builder-java:3.5.1 to 3.5.2
• Updated com.exasol:udf-debugging-java:0.6.11 to 0.6.12
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.5 to 3.0.0
• Updated com.google.protobuf:protobuf-java:3.24.3 to 3.25.3
• Updated com.mysql:mysql-connector-j:8.2.0 to 8.3.0
• Updated org.junit.jupiter:junit-jupiter:5.10.0 to 5.10.2
• Updated org.mockito:mockito-junit-jupiter:5.5.0 to 5.11.0
• Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.12
• Updated org.testcontainers:junit-jupiter:1.19.0 to 1.19.7
• Updated org.testcontainers:mysql:1.19.0 to 1.19.7

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.1
• Updated com.exasol:project-keeper-maven-plugin:3.0.0 to 4.2.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.3 to 3.2.5
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.3 to 3.2.5
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0

5.0.0: Charset is always `utf-8`, deprecated IMPORT_DATA_TYPES `FROM_RESULT_SET` value.

Summary

The behaviour when it comes to character sets is now simplified,
The target char set is now always UTF-8.
The IMPORT_DATA_TYPES property (and value FROM_RESULT_SET) are now deprecated (change in vs-common-jdbc):
An exception will be thrown when users use FROM_RESULT_SET. The exception message warns the user that the value is no longer supported and the property itself is also deprecated.

Refactoring

• #37: Update tests to V8 VSMYSQL / Update to vsjdbc 12.0.0

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:11.0.2 to 12.0.0

Test Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:11.0.2 to 12.0.0
• Updated com.mysql:mysql-connector-j:8.1.0 to 8.2.0
• Updated org.jacoco:org.jacoco.agent:0.8.10 to 0.8.11

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 1.3.1
• Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 3.0.0
• Updated org.apache.maven.plugins:maven-dependency-plugin:3.6.0 to 3.6.1
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.3
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.2
• Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

4.1.3: Fix CVE-2023-42503 in test dependency

Summary

This release fixes CVE-2023-42503 in test dependency org.apache.commons:commons-compress. The release also improves documentation by considering SQL clients other than DbVisualizer.

Security

• #42: Fixed CVE-2023-42503 in test dependency org.apache.commons:commons-compress

Documentation

• #36: Updated CREATE ADAPTER SCRIPT in User Guide
• #40: Update User Guide on Registering the JDBC Driver

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:11.0.1 to 11.0.2

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.1 to 6.6.2
• Updated com.exasol:hamcrest-resultset-matcher:1.6.0 to 1.6.1
• Updated com.exasol:test-db-builder-java:3.4.2 to 3.5.1
• Updated com.exasol:udf-debugging-java:0.6.10 to 0.6.11
• Updated com.exasol:virtual-schema-common-jdbc:11.0.1 to 11.0.2
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.4 to 2.2.5
• Updated com.google.protobuf:protobuf-java:3.23.4 to 3.24.3
• Updated com.mysql:mysql-connector-j:8.0.33 to 8.1.0
• Updated org.junit.jupiter:junit-jupiter:5.9.3 to 5.10.0
• Updated org.mockito:mockito-junit-jupiter:5.4.0 to 5.5.0
• Added org.slf4j:slf4j-jdk14:2.0.9
• Updated org.testcontainers:junit-jupiter:1.18.3 to 1.19.0
• Updated org.testcontainers:mysql:1.18.3 to 1.19.0

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.9 to 2.9.12
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.3.0 to 3.4.0

4.1.2: Dependency Upgrade on top of 4.1.1

Summary

This release updates dependencies.

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:10.1.0 to 11.0.1

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.5.0 to 6.6.1
• Updated com.exasol:hamcrest-resultset-matcher:1.5.2 to 1.6.0
• Updated com.exasol:test-db-builder-java:3.4.1 to 3.4.2
• Updated com.exasol:udf-debugging-java:0.6.6 to 0.6.10
• Updated com.exasol:virtual-schema-common-jdbc:10.1.0 to 11.0.1
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.3 to 2.2.4
• Updated com.google.protobuf:protobuf-java:3.21.12 to 3.23.4
• Updated com.mysql:mysql-connector-j:8.0.31 to 8.0.33
• Updated org.jacoco:org.jacoco.agent:0.8.8 to 0.8.10
• Updated org.junit.jupiter:junit-jupiter:5.9.2 to 5.9.3
• Updated org.mockito:mockito-junit-jupiter:4.11.0 to 5.4.0
• Updated org.testcontainers:junit-jupiter:1.17.6 to 1.18.3
• Updated org.testcontainers:mysql:1.17.6 to 1.18.3

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.1 to 1.3.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.1 to 2.9.9
• Updated org.apache.maven.plugins:maven-assembly-plugin:3.4.2 to 3.6.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.11.0
• Updated org.apache.maven.plugins:maven-dependency-plugin:3.3.0 to 3.6.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.3.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M7 to 3.1.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7 to 3.1.2
• Added org.basepom.maven:duplicate-finder-maven-plugin:2.0.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.3.0 to 1.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.13.0 to 2.16.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.10

4.1.1: Updated documentation and dependencies

Summary

Updated documentation uses default name of main class of MySQL driver, though the former name is still supported.

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.4.0 to 6.5.0
• Updated com.exasol:udf-debugging-java:0.6.5 to 0.6.6
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.2 to 2.2.3
• Updated com.google.protobuf:protobuf-java:3.21.9 to 3.21.12
• Updated org.junit.jupiter:junit-jupiter:5.9.1 to 5.9.2
• Updated org.mockito:mockito-junit-jupiter:4.9.0 to 4.11.0

4.1.0: Configurable datatype detection

Summary

Virtual-schema-common-jdbc version 10.0.0 introduced enhanced detection for data types of result sets.

Unfortunately with the new algorithm compatibility problems with the source database can happen under the following circumstances:

• data type CHAR or VARCHAR
• 8-bit character sets with encodings like latin1 or ISO-8859-1
• characters being not strictly ASCII, e.g. German umlaut "Ãœ"

The current release therefore uses an updated version of virtual-schema-common-jdbc with an additional adapter property to configure the data type detection.

For details please see adapter Properties for JDBC-Based Virtual Schemas.

Bugfixes

• #26: Enabled to use MySQL database with character set latin1 and characters not strictly ASCII.

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:10.0.1 to 10.1.0

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.3.1 to 6.4.0
• Updated com.exasol:virtual-schema-common-jdbc:10.0.1 to 10.1.0

4.0.1: Improved documentation

Summary

In release 4.0.1 we improved the installation instructions in the user guide, removed an old file that was left over from when the VS used Lombok and updated dependencies to fix vulnerabilities.

Known Issues

There is a known issue with non-UTF databases MySQL that can lead to a type conversion error in the IMPORT triggered by the Virtual Schema. Currently, it looks like this is caused by an inconsistency in the behavior of the MySQL JDBC driver when getting metadata from tables and resultsets. Please follow #26 for details.

Bugfixes

• #23: Fixed CVE-2022-3171 reported for com.google.protobuf:protobuf-java by updating com.mysql:mysql-connector-j.

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.2.0 to 6.3.1
• Updated com.exasol:test-db-builder-java:3.4.0 to 3.4.1
• Updated com.exasol:udf-debugging-java:0.6.4 to 0.6.5
• Updated com.google.protobuf:protobuf-java:3.21.8 to 3.21.9
• Updated org.mockito:mockito-junit-jupiter:4.8.1 to 4.9.0
• Updated org.testcontainers:junit-jupiter:1.17.5 to 1.17.6
• Updated org.testcontainers:mysql:1.17.5 to 1.17.6

Plugin Dependency Updates

• Updated com.exasol:artifact-reference-checker-maven-plugin:0.4.0 to 0.4.2
• Updated com.exasol:error-code-crawler-maven-plugin:1.1.2 to 1.2.1
• Updated com.exasol:project-keeper-maven-plugin:2.8.0 to 2.9.1
• Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.16
• Updated org.apache.maven.plugins:maven-assembly-plugin:3.3.0 to 3.4.2
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5 to 3.0.0-M7
• Updated org.apache.maven.plugins:maven-jar-plugin:3.2.2 to 3.3.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 to 3.0.0-M7
• Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.3.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.13.0

4.0.0: Enhanced Data Type Detection for Result Sets and Fixed Vulnerabilities in Dependencies

Summary

Starting with version 7.1.14 Exasol database uses the capabilities reported by each virtual schema to provide select list data types for each push down request. Based on this information the JDBC virtual schemas no longer need to infer the data types of the result set by inspecting its values. Instead the JDBC virtual schemas can now use the information provided by the database.

This release provides enhanced data type detection for result sets by updating virtual-schema-common-jdbc to version 10.0.1.

The following table shows the changed return type for some operations:

Operation	Return type up to version 3.0.0	Return type for version 4.0.0
Comparison, e.g. x < 60	DECIMAL	BOOLEAN
AVG(DECIMAL)	DECIMAL	DOUBLE
DIV(DECIMAL)	DECIMAL(19,0)	DECIMAL(10,0), i.e. BIGINT

Additionally this release fixes vulnerability CVE-2022-38751 reported for transitive dependency snakeyaml required by virtual-schema-shared-integration-tests.

Bug Fixes

• #21: Fixed vulnerabilities in dependencies.

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:9.0.5 to 10.0.1

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.1.1 to 6.2.0
• Updated com.exasol:hamcrest-resultset-matcher:1.5.1 to 1.5.2
• Updated com.exasol:test-db-builder-java:3.3.2 to 3.3.4
• Updated com.exasol:udf-debugging-java:0.6.2 to 0.6.4
• Updated com.exasol:virtual-schema-common-jdbc:9.0.5 to 10.0.1
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.0 to 2.2.2
• Updated mysql:mysql-connector-java:8.0.29 to 8.0.30
• Updated org.junit.jupiter:junit-jupiter:5.8.2 to 5.9.1
• Updated org.mockito:mockito-junit-jupiter:4.6.1 to 4.8.0
• Updated org.testcontainers:junit-jupiter:1.17.2 to 1.17.3
• Updated org.testcontainers:mysql:1.17.2 to 1.17.3

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.1.1 to 1.1.2
• Updated com.exasol:project-keeper-maven-plugin:2.4.6 to 2.8.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0 to 3.1.0

3.0.0 Dependency Updates

Summary

In this release we updated dependencies and by that fixed the following security vulnerabilities: CVE-2022-24823, CVE-2016-5003, CVE-2016-5002, CVE-2021-22569, CVE-2021-43797, CVE-2022-21363, sonatype-2012-0050, CVE-2016-5004, CVE-2021-37136, CVE-2021-37137, sonatype-2021-0789.

Refactoring

• #11: Added virtual-schema-shared-integration-tests
• #14: Inverted scalar function capability definition, i.e. use a block list instead of an allow list

Dependency Updates

Compile Dependency Updates

• Removed com.exasol:error-reporting-java:0.4.0
• Updated com.exasol:virtual-schema-common-jdbc:9.0.3 to 9.0.5

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:4.0.0 to 6.1.1
• Updated com.exasol:hamcrest-resultset-matcher:1.4.1 to 1.5.1
• Updated com.exasol:test-db-builder-java:3.2.1 to 3.3.2
• Added com.exasol:udf-debugging-java:0.6.2
• Updated com.exasol:virtual-schema-common-jdbc:9.0.3 to 9.0.5
• Added com.exasol:virtual-schema-shared-integration-tests:2.2.0
• Updated mysql:mysql-connector-java:8.0.26 to 8.0.29
• Added org.jacoco:org.jacoco.agent:0.8.8
• Updated org.junit.jupiter:junit-jupiter:5.7.2 to 5.8.2
• Updated org.mockito:mockito-junit-jupiter:3.11.2 to 4.6.1
• Updated org.testcontainers:junit-jupiter:1.16.0 to 1.17.2
• Updated org.testcontainers:mysql:1.16.0 to 1.17.2

Plugin Dependency Updates

• Updated com.exasol:artifact-reference-checker-maven-plugin:0.3.1 to 0.4.0
• Updated com.exasol:error-code-crawler-maven-plugin:0.5.1 to 1.1.1
• Updated com.exasol:project-keeper-maven-plugin:0.10.0 to 2.4.6
• Updated io.github.zlika:reproducible-build-maven-plugin:0.13 to 0.15
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.8.1 to 3.10.1
• Updated org.apache.maven.plugins:maven-dependency-plugin:2.8 to 3.3.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3 to 3.0.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M3 to 3.0.0-M5
• Updated org.apache.maven.plugins:maven-jar-plugin:3.2.0 to 3.2.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M3 to 3.0.0-M5
• Added org.codehaus.mojo:flatten-maven-plugin:1.2.7
• Updated org.codehaus.mojo:versions-maven-plugin:2.8.1 to 2.11.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.6 to 0.8.8
• Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
• Updated org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0 to 3.2.0