#74: Fixed vulnerability CVE-2024-25638 by updating dependency dnsja……

…va:dnsjava:jar:3.4.0 (#75)

* #74: Fixed vulnerability CVE-2024-25638 by updating dependency dnsjava:dnsjava:jar:3.4.0

Co-authored-by: Christoph Pirkl <[email protected]>

doc/changes/changes_2.0.10.md

@@ -0,0 +1,28 @@
+# Parquet for Java 2.0.10, released 2024-07-29
+
+Code name: Fix CVE-2024-25638 in dependency
+
+## Summary
+
+This release fixes vulnerability CVE-2024-25638 by updating transitive dependency `dnsjava:dnsjava:jar:3.4.0`.
+
+## Security Issues
+
+* #74: Fixed vulnerability CVE-2024-25638 by updating dependency `dnsjava:dnsjava:jar:3.4.0`.
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Added `dnsjava:dnsjava:3.6.0`
+* Updated `org.apache.commons:commons-configuration2:2.10.1` to `2.11.0`
+* Updated `org.apache.parquet:parquet-hadoop:1.13.1` to `1.14.1`
+* Updated `org.scala-lang:scala-library:2.13.13` to `2.13.14`
+
+### Test Dependency Updates
+
+* Updated `org.junit.jupiter:junit-jupiter:5.10.2` to `5.10.3`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:project-keeper-maven-plugin:4.3.2` to `4.3.3`

pom.xml

@@ -3,26 +3,26 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.exasol</groupId>
     <artifactId>parquet-io-java</artifactId>
-    <version>2.0.9</version>
+    <version>2.0.10</version>
     <name>Parquet for Java</name>
     <description>This project provides a library that reads Parquet files into Java objects.</description>
     <url>https://github.com/exasol/parquet-io-java/</url>
     <parent>
         <artifactId>parquet-io-java-generated-parent</artifactId>
         <groupId>com.exasol</groupId>
-        <version>2.0.9</version>
+        <version>2.0.10</version>
         <relativePath>pk_generated_parent.pom</relativePath>
     </parent>
     <properties>
-        <scala.version>2.13.13</scala.version>
+        <scala.version>2.13.14</scala.version>
         <scala.compat.version>2.13</scala.compat.version>
         <mockito.version>5.12.0</mockito.version>
     </properties>
     <dependencies>
         <dependency>
             <groupId>org.apache.parquet</groupId>
             <artifactId>parquet-hadoop</artifactId>
-            <version>1.13.1</version>
+            <version>1.14.1</version>
         </dependency>
         <!-- Update transitive dependency of org.apache.parquet:parquet-hadoop to fix CVE-2024-36114 -->
         <dependency>
@@ -145,7 +145,13 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-configuration2</artifactId>
-            <version>2.10.1</version>
+            <version>2.11.0</version>
+        </dependency>
+        <!-- Upgrade transitive dependency of org.apache.hadoop:hadoop-client to fix CVE-2024-25638 -->
+        <dependency>
+            <groupId>dnsjava</groupId>
+            <artifactId>dnsjava</artifactId>
+            <version>3.6.0</version>
         </dependency>
         <dependency>
             <groupId>org.scala-lang</groupId>
@@ -161,7 +167,7 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>5.10.2</version>
+            <version>5.10.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -287,7 +293,7 @@
             <plugin>
                 <groupId>com.exasol</groupId>
                 <artifactId>project-keeper-maven-plugin</artifactId>
-                <version>4.3.2</version>
+                <version>4.3.3</version>
                 <executions>
                     <execution>
                         <goals>