Skip to content

Releases: exasol/s3-document-files-virtual-schema

3.1.2 Fix CVE-2024-47561 and CVE-2024-47535

19 Nov 07:33
0641f26
Compare
Choose a tag to compare

This release fixes the following vulnerabilities:

Security

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-document-files:8.1.2 to 8.1.5
  • Updated software.amazon.awssdk:s3:2.26.26 to 2.29.15

Runtime Dependency Updates

  • Updated org.slf4j:slf4j-jdk14:2.0.13 to 2.0.16

Test Dependency Updates

  • Updated com.amazonaws:aws-java-sdk-s3:1.12.766 to 1.12.778
  • Added com.exasol:bucketfs-java:3.2.0
  • Updated com.exasol:exasol-test-setup-abstraction-java:2.1.4 to 2.1.5
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.5 to 1.7.0
  • Updated com.exasol:small-json-files-test-fixture:0.1.10 to 0.1.11
  • Updated com.exasol:test-db-builder-java:3.5.4 to 3.6.0
  • Updated com.exasol:virtual-schema-common-document-files:8.1.2 to 8.1.5
  • Updated com.fasterxml.jackson.core:jackson-databind:2.17.2 to 2.18.1
  • Updated nl.jqno.equalsverifier:equalsverifier:3.16.1 to 3.17.3
  • Updated org.hamcrest:hamcrest:2.2 to 3.0
  • Updated org.junit.jupiter:junit-jupiter-engine:5.10.3 to 5.11.3
  • Updated org.junit.jupiter:junit-jupiter-params:5.10.3 to 5.11.3
  • Updated org.mockito:mockito-core:5.12.0 to 5.14.2
  • Updated org.testcontainers:junit-jupiter:1.20.0 to 1.20.3
  • Updated org.testcontainers:localstack:1.20.0 to 1.20.3

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:4.3.3 to 4.4.0
  • Added com.exasol:quality-summarizer-maven-plugin:0.2.0
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.16 to 0.17
  • Updated org.apache.maven.plugins:maven-dependency-plugin:3.6.1 to 3.8.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.5 to 3.5.1
  • Updated org.apache.maven.plugins:maven-install-plugin:2.4 to 3.1.3
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.4.1 to 3.4.2
  • Updated org.apache.maven.plugins:maven-resources-plugin:2.6 to 3.3.1
  • Updated org.apache.maven.plugins:maven-site-plugin:3.3 to 3.9.1
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.5 to 3.5.1
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.17.1

Extension

Development Dependency Updates

  • Updated eslint:^9.8.0 to 9.14.0
  • Updated ts-jest:^29.2.3 to ^29.2.5
  • Updated @types/jest:^29.5.12 to ^29.5.14
  • Updated typescript-eslint:^8.0.0-alpha.30 to ^8.14.0
  • Updated typescript:^5.5.4 to ^5.6.3
  • Updated esbuild:^0.23.0 to ^0.24.0

3.1.1 Fix CVE-2024-25638 in `dnsjava:dnsjava:jar:3.4.0:compile`

30 Jul 09:03
5890248
Compare
Choose a tag to compare

This release fixes vulnerability CVE-2024-25638 in dnsjava:dnsjava:jar:3.4.0:compile.

Security

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-document-files:8.1.0 to 8.1.2
  • Updated software.amazon.awssdk:s3:2.26.3 to 2.26.26

Test Dependency Updates

  • Updated com.amazonaws:aws-java-sdk-s3:1.12.744 to 1.12.766
  • Updated com.exasol:virtual-schema-common-document-files:8.1.0 to 8.1.2
  • Updated com.fasterxml.jackson.core:jackson-databind:2.17.1 to 2.17.2
  • Updated org.junit.jupiter:junit-jupiter-engine:5.10.2 to 5.10.3
  • Updated org.junit.jupiter:junit-jupiter-params:5.10.2 to 5.10.3
  • Updated org.testcontainers:junit-jupiter:1.19.8 to 1.20.0
  • Updated org.testcontainers:localstack:1.19.8 to 1.20.0

Extension

Development Dependency Updates

  • Updated eslint:^9.5.0 to ^9.8.0
  • Updated ts-jest:^29.1.5 to ^29.2.3
  • Updated typescript:^5.4.5 to ^5.5.4
  • Updated esbuild:^0.21.5 to ^0.23.0

3.1.0 Configure column names for automatic mapping inference

17 Jun 14:46
777e608
Compare
Choose a tag to compare

This release allows configuring the mapping of column names for the automatic mapping inference in Parquet and CSV files. Before, the virtual schema always converted source column names to UPPER_SNAKE_CASE to create the Exasol column names. This is now configurable with EDML property autoInferenceColumnNames. This property supports the following values:

  • CONVERT_TO_UPPER_SNAKE_CASE: Convert column names to UPPER_SNAKE_CASE (default).
  • KEEP_ORIGINAL_NAME: Do not convert column names, use column name from source.

See the EDML user guide for details.

Features

  • #168: Added option to keep original column name for auto inference

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-document-files:8.0.4 to 8.1.0
  • Updated software.amazon.awssdk:s3:2.25.45 to 2.26.3

Test Dependency Updates

  • Updated com.amazonaws:aws-java-sdk-s3:1.12.715 to 1.12.744
  • Updated com.exasol:exasol-test-setup-abstraction-java:2.1.3 to 2.1.4
  • Updated com.exasol:extension-manager-integration-test-java:0.5.11 to 0.5.12
  • Removed com.exasol:java-class-list-verifier:0.2.6
  • Updated com.exasol:virtual-schema-common-document-files:8.0.4 to 8.1.0
  • Updated org.mockito:mockito-core:5.11.0 to 5.12.0
  • Updated org.testcontainers:junit-jupiter:1.19.7 to 1.19.8
  • Updated org.testcontainers:localstack:1.19.7 to 1.19.8

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:4.3.2 to 4.3.3

Extension

Compile Dependency Updates

  • Updated @exasol/extension-manager-interface:0.4.2 to 0.4.3

Development Dependency Updates

  • Updated eslint:^8.57.0 to ^9.5.0
  • Updated ts-jest:^29.1.2 to ^29.1.5
  • Updated typescript-eslint:^7.8.0 to ^8.0.0-alpha.30
  • Updated esbuild:^0.20.2 to ^0.21.5

3.0.7 Security update - fix for CVE-2024-36114

04 Jun 08:52
0a5b729
Compare
Choose a tag to compare

Fixed CVE-2024-36114 GHSA-973x-65j7-xcf4.

Security

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-document-files:8.0.3 to 8.0.4

Test Dependency Updates

  • Updated com.exasol:virtual-schema-common-document-files:8.0.3 to 8.0.4
  • Updated org.jacoco:org.jacoco.agent:0.8.11 to 0.8.12

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.2 to 2.0.3
  • Updated com.exasol:project-keeper-maven-plugin:4.3.0 to 4.3.2
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.3.0 to 3.4.1
  • Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922 to 4.0.0.4121

3.0.6 Improve error handling for extension

08 May 09:02
6748d4c
Compare
Choose a tag to compare

This release improves error handling when creating a new Virtual Schema using the extension: the extension now checks if a schema with the same name exists and returns a helpful error message. This check is case-insensitive because Exasol's CONNECTION names are also case-insensitive.

Bugfix

  • #164: Improved error handling for creating Virtual Schema using the extension

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated software.amazon.awssdk:s3:2.25.27 to 2.25.45

Runtime Dependency Updates

  • Updated org.slf4j:slf4j-jdk14:2.0.12 to 2.0.13

Test Dependency Updates

  • Updated com.amazonaws:aws-java-sdk-s3:1.12.697 to 1.12.715
  • Updated com.exasol:exasol-test-setup-abstraction-java:2.1.2 to 2.1.3
  • Updated com.exasol:extension-manager-integration-test-java:0.5.8 to 0.5.11
  • Updated com.exasol:small-json-files-test-fixture:0.1.9 to 0.1.10
  • Updated com.exasol:udf-debugging-java:0.6.12 to 0.6.13
  • Updated com.fasterxml.jackson.core:jackson-databind:2.17.0 to 2.17.1

Extension

Compile Dependency Updates

  • Updated @exasol/extension-manager-interface:0.4.1 to 0.4.2

Development Dependency Updates

  • Updated typescript-eslint:^7.5.0 to ^7.8.0
  • Updated typescript:^5.4.4 to ^5.4.5

3.0.5 Fix permissions for performance tests

10 Apr 07:17
e7648a8
Compare
Choose a tag to compare

This release fixes permissions for performance regression tests.

3.0.4 Fixed vulnerabilities CVE-2024-29131, CVE-2024-29133 and CVE-2024-29025

09 Apr 09:56
bcf2aae
Compare
Choose a tag to compare

This release fixes the following three vulnerability:

CVE-2024-29025 (CWE-770) in dependency io.netty:netty-codec-http:jar:4.1.107.Final:runtime

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.

References

CVE-2024-29131 (CWE-787) in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.

Users are recommended to upgrade to version 2.10.1, which fixes the issue.

References

CVE-2024-29133 (CWE-787) in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.

Users are recommended to upgrade to version 2.10.1, which fixes the issue.

References

Security

  • #154: Fixed vulnerability CVE-2024-29131 in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile
  • #155: Fixed vulnerability CVE-2024-29133 in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile
  • #157: Fixed vulnerability CVE-2024-29025 in dependency io.netty:netty-codec-http:jar:4.1.107.Final:runtime

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-document-files:8.0.2 to 8.0.3
  • Updated software.amazon.awssdk:s3:2.25.8 to 2.25.27

Test Dependency Updates

  • Updated com.amazonaws:aws-java-sdk-s3:1.12.678 to 1.12.697
  • Updated com.exasol:exasol-test-setup-abstraction-java:2.1.1 to 2.1.2
  • Updated com.exasol:virtual-schema-common-document-files:8.0.2 to 8.0.3
  • Updated nl.jqno.equalsverifier:equalsverifier:3.15.8 to 3.16.1

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.0 to 2.0.2
  • Updated com.exasol:project-keeper-maven-plugin:4.1.0 to 4.3.0
  • Updated org.apache.maven.plugins:maven-assembly-plugin:3.6.0 to 3.7.1
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
  • Updated org.codehaus.mojo:exec-maven-plugin:3.1.1 to 3.2.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 3.11.0.3922

Extension

Development Dependency Updates

  • Updated eslint:^8.56.0 to ^8.57.0
  • Updated @types/jest:^29.5.11 to ^29.5.12
  • Added typescript-eslint:^7.5.0
  • Updated typescript:^5.3.3 to ^5.4.4
  • Updated esbuild:^0.19.12 to ^0.20.2
  • Removed @typescript-eslint/parser:^6.19.1
  • Removed @typescript-eslint/eslint-plugin:^6.19.1

3.0.3: Fix vulnerabilities CVE-2023-52428, CVE-2024-26308 and CVE-2024-25710 in compile dependencies

13 Mar 09:51
a232b73
Compare
Choose a tag to compare

Summary

This release vulnerabilities in the following compile dependencies:

Excluded Vulnerability We accept vulnerability CVE-2017-10355 (CWE-833: Deadlock) in test dependency xerces:xercesImpl:jar:2.12.2 as we assume that we only connect to the known endpoint ExaOperations.

Security

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-document-files:8.0.0 to 8.0.2
  • Updated software.amazon.awssdk:s3:2.23.9 to 2.25.8

Runtime Dependency Updates

  • Updated org.slf4j:slf4j-jdk14:2.0.11 to 2.0.12

Test Dependency Updates

  • Updated com.amazonaws:aws-java-sdk-s3:1.12.643 to 1.12.678
  • Updated com.exasol:exasol-test-setup-abstraction-java:2.1.0 to 2.1.1
  • Updated com.exasol:extension-manager-integration-test-java:0.5.7 to 0.5.8
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.4 to 1.6.5
  • Updated com.exasol:java-class-list-verifier:0.2.5 to 0.2.6
  • Updated com.exasol:test-db-builder-java:3.5.3 to 3.5.4
  • Updated com.exasol:udf-debugging-java:0.6.11 to 0.6.12
  • Updated com.exasol:virtual-schema-common-document-files:8.0.0 to 8.0.2
  • Updated com.fasterxml.jackson.core:jackson-databind:2.16.1 to 2.17.0
  • Updated nl.jqno.equalsverifier:equalsverifier:3.15.6 to 3.15.8
  • Updated org.junit.jupiter:junit-jupiter-engine:5.10.1 to 5.10.2
  • Updated org.junit.jupiter:junit-jupiter-params:5.10.1 to 5.10.2
  • Updated org.mockito:mockito-core:5.9.0 to 5.11.0
  • Updated org.testcontainers:junit-jupiter:1.19.3 to 1.19.7
  • Updated org.testcontainers:localstack:1.19.3 to 1.19.7

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.0
  • Updated com.exasol:project-keeper-maven-plugin:3.0.0 to 4.1.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.3 to 3.2.5
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.3 to 3.2.5
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0

3.0.2: Fix performance regression tests

24 Jan 12:27
febc256
Compare
Choose a tag to compare

Summary

This release fixes running the performance regression tests.

Bugfixes

  • #143: Fixed running performance regression tests

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated software.amazon.awssdk:s3:2.23.4 to 2.23.9

Test Dependency Updates

  • Updated com.amazonaws:aws-java-sdk-s3:1.12.638 to 1.12.643
  • Updated com.exasol:small-json-files-test-fixture:0.1.8 to 0.1.9

Extension

Compile Dependency Updates

  • Updated @exasol/extension-manager-interface:0.4.0 to 0.4.1

Development Dependency Updates

  • Updated eslint:^8.53.0 to ^8.56.0
  • Updated @typescript-eslint/parser:^6.9.1 to ^6.19.1
  • Updated ts-jest:^29.1.1 to ^29.1.2
  • Updated @types/jest:^29.5.7 to ^29.5.11
  • Updated typescript:^5.2.2 to ^5.3.3
  • Updated @typescript-eslint/eslint-plugin:^6.9.1 to ^6.19.1
  • Updated ts-node:^10.9.1 to ^10.9.2
  • Updated esbuild:^0.19.5 to ^0.19.12

3.0.1: Fix CVE-2024-21634 in test dependency `software.amazon.ion:ion-java`

18 Jan 13:47
2653c43
Compare
Choose a tag to compare

Summary

This release fixes CVE-2024-21634 (CWE-770: Allocation of Resources Without Limits or Throttling (7.5)) in test dependency software.amazon.ion:ion-java.

Security

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

  • Updated software.amazon.awssdk:s3:2.21.44 to 2.23.4

Runtime Dependency Updates

  • Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.11

Test Dependency Updates

  • Updated com.amazonaws:aws-java-sdk-s3:1.12.613 to 1.12.638
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.3 to 1.6.4
  • Updated com.fasterxml.jackson.core:jackson-databind:2.16.0 to 2.16.1
  • Updated nl.jqno.equalsverifier:equalsverifier:3.15.4 to 3.15.6
  • Updated org.mockito:mockito-core:5.8.0 to 5.9.0

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:2.9.17 to 3.0.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.2 to 3.2.3
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.2 to 3.2.3
  • Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0