Releases: exasol/s3-document-files-virtual-schema
3.1.2 Fix CVE-2024-47561 and CVE-2024-47535
This release fixes the following vulnerabilities:
- CVE-2024-47535 in
io.netty:netty-common:jar:4.1.111.Final:compile
- CVE-2024-47561 in
org.apache.avro:avro:jar:1.11.3:compile
Security
- #173: Fixed CVE-2024-47535 in
io.netty:netty-common:jar:4.1.111.Final:compile
- #174: Fixed CVE-2024-47561 in
org.apache.avro:avro:jar:1.11.3:compile
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
com.exasol:virtual-schema-common-document-files:8.1.2
to8.1.5
- Updated
software.amazon.awssdk:s3:2.26.26
to2.29.15
Runtime Dependency Updates
- Updated
org.slf4j:slf4j-jdk14:2.0.13
to2.0.16
Test Dependency Updates
- Updated
com.amazonaws:aws-java-sdk-s3:1.12.766
to1.12.778
- Added
com.exasol:bucketfs-java:3.2.0
- Updated
com.exasol:exasol-test-setup-abstraction-java:2.1.4
to2.1.5
- Updated
com.exasol:hamcrest-resultset-matcher:1.6.5
to1.7.0
- Updated
com.exasol:small-json-files-test-fixture:0.1.10
to0.1.11
- Updated
com.exasol:test-db-builder-java:3.5.4
to3.6.0
- Updated
com.exasol:virtual-schema-common-document-files:8.1.2
to8.1.5
- Updated
com.fasterxml.jackson.core:jackson-databind:2.17.2
to2.18.1
- Updated
nl.jqno.equalsverifier:equalsverifier:3.16.1
to3.17.3
- Updated
org.hamcrest:hamcrest:2.2
to3.0
- Updated
org.junit.jupiter:junit-jupiter-engine:5.10.3
to5.11.3
- Updated
org.junit.jupiter:junit-jupiter-params:5.10.3
to5.11.3
- Updated
org.mockito:mockito-core:5.12.0
to5.14.2
- Updated
org.testcontainers:junit-jupiter:1.20.0
to1.20.3
- Updated
org.testcontainers:localstack:1.20.0
to1.20.3
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:4.3.3
to4.4.0
- Added
com.exasol:quality-summarizer-maven-plugin:0.2.0
- Updated
io.github.zlika:reproducible-build-maven-plugin:0.16
to0.17
- Updated
org.apache.maven.plugins:maven-dependency-plugin:3.6.1
to3.8.0
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.2.5
to3.5.1
- Updated
org.apache.maven.plugins:maven-install-plugin:2.4
to3.1.3
- Updated
org.apache.maven.plugins:maven-jar-plugin:3.4.1
to3.4.2
- Updated
org.apache.maven.plugins:maven-resources-plugin:2.6
to3.3.1
- Updated
org.apache.maven.plugins:maven-site-plugin:3.3
to3.9.1
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.2.5
to3.5.1
- Updated
org.codehaus.mojo:versions-maven-plugin:2.16.2
to2.17.1
Extension
Development Dependency Updates
- Updated
eslint:^9.8.0
to9.14.0
- Updated
ts-jest:^29.2.3
to^29.2.5
- Updated
@types/jest:^29.5.12
to^29.5.14
- Updated
typescript-eslint:^8.0.0-alpha.30
to^8.14.0
- Updated
typescript:^5.5.4
to^5.6.3
- Updated
esbuild:^0.23.0
to^0.24.0
3.1.1 Fix CVE-2024-25638 in `dnsjava:dnsjava:jar:3.4.0:compile`
This release fixes vulnerability CVE-2024-25638 in dnsjava:dnsjava:jar:3.4.0:compile
.
Security
- #170: Fixed vulnerability CVE-2024-25638 in
dnsjava:dnsjava:jar:3.4.0:compile
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
com.exasol:virtual-schema-common-document-files:8.1.0
to8.1.2
- Updated
software.amazon.awssdk:s3:2.26.3
to2.26.26
Test Dependency Updates
- Updated
com.amazonaws:aws-java-sdk-s3:1.12.744
to1.12.766
- Updated
com.exasol:virtual-schema-common-document-files:8.1.0
to8.1.2
- Updated
com.fasterxml.jackson.core:jackson-databind:2.17.1
to2.17.2
- Updated
org.junit.jupiter:junit-jupiter-engine:5.10.2
to5.10.3
- Updated
org.junit.jupiter:junit-jupiter-params:5.10.2
to5.10.3
- Updated
org.testcontainers:junit-jupiter:1.19.8
to1.20.0
- Updated
org.testcontainers:localstack:1.19.8
to1.20.0
Extension
Development Dependency Updates
- Updated
eslint:^9.5.0
to^9.8.0
- Updated
ts-jest:^29.1.5
to^29.2.3
- Updated
typescript:^5.4.5
to^5.5.4
- Updated
esbuild:^0.21.5
to^0.23.0
3.1.0 Configure column names for automatic mapping inference
This release allows configuring the mapping of column names for the automatic mapping inference in Parquet and CSV files. Before, the virtual schema always converted source column names to UPPER_SNAKE_CASE
to create the Exasol column names. This is now configurable with EDML property autoInferenceColumnNames
. This property supports the following values:
CONVERT_TO_UPPER_SNAKE_CASE
: Convert column names toUPPER_SNAKE_CASE
(default).KEEP_ORIGINAL_NAME
: Do not convert column names, use column name from source.
See the EDML user guide for details.
Features
- #168: Added option to keep original column name for auto inference
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
com.exasol:virtual-schema-common-document-files:8.0.4
to8.1.0
- Updated
software.amazon.awssdk:s3:2.25.45
to2.26.3
Test Dependency Updates
- Updated
com.amazonaws:aws-java-sdk-s3:1.12.715
to1.12.744
- Updated
com.exasol:exasol-test-setup-abstraction-java:2.1.3
to2.1.4
- Updated
com.exasol:extension-manager-integration-test-java:0.5.11
to0.5.12
- Removed
com.exasol:java-class-list-verifier:0.2.6
- Updated
com.exasol:virtual-schema-common-document-files:8.0.4
to8.1.0
- Updated
org.mockito:mockito-core:5.11.0
to5.12.0
- Updated
org.testcontainers:junit-jupiter:1.19.7
to1.19.8
- Updated
org.testcontainers:localstack:1.19.7
to1.19.8
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:4.3.2
to4.3.3
Extension
Compile Dependency Updates
- Updated
@exasol/extension-manager-interface:0.4.2
to0.4.3
Development Dependency Updates
- Updated
eslint:^8.57.0
to^9.5.0
- Updated
ts-jest:^29.1.2
to^29.1.5
- Updated
typescript-eslint:^7.8.0
to^8.0.0-alpha.30
- Updated
esbuild:^0.20.2
to^0.21.5
3.0.7 Security update - fix for CVE-2024-36114
Fixed CVE-2024-36114 GHSA-973x-65j7-xcf4.
Security
- #166: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
com.exasol:virtual-schema-common-document-files:8.0.3
to8.0.4
Test Dependency Updates
- Updated
com.exasol:virtual-schema-common-document-files:8.0.3
to8.0.4
- Updated
org.jacoco:org.jacoco.agent:0.8.11
to0.8.12
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:2.0.2
to2.0.3
- Updated
com.exasol:project-keeper-maven-plugin:4.3.0
to4.3.2
- Updated
org.apache.maven.plugins:maven-enforcer-plugin:3.4.1
to3.5.0
- Updated
org.apache.maven.plugins:maven-jar-plugin:3.3.0
to3.4.1
- Updated
org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
to3.2.0
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922
to4.0.0.4121
3.0.6 Improve error handling for extension
This release improves error handling when creating a new Virtual Schema using the extension: the extension now checks if a schema with the same name exists and returns a helpful error message. This check is case-insensitive because Exasol's CONNECTION
names are also case-insensitive.
Bugfix
- #164: Improved error handling for creating Virtual Schema using the extension
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
software.amazon.awssdk:s3:2.25.27
to2.25.45
Runtime Dependency Updates
- Updated
org.slf4j:slf4j-jdk14:2.0.12
to2.0.13
Test Dependency Updates
- Updated
com.amazonaws:aws-java-sdk-s3:1.12.697
to1.12.715
- Updated
com.exasol:exasol-test-setup-abstraction-java:2.1.2
to2.1.3
- Updated
com.exasol:extension-manager-integration-test-java:0.5.8
to0.5.11
- Updated
com.exasol:small-json-files-test-fixture:0.1.9
to0.1.10
- Updated
com.exasol:udf-debugging-java:0.6.12
to0.6.13
- Updated
com.fasterxml.jackson.core:jackson-databind:2.17.0
to2.17.1
Extension
Compile Dependency Updates
- Updated
@exasol/extension-manager-interface:0.4.1
to0.4.2
Development Dependency Updates
- Updated
typescript-eslint:^7.5.0
to^7.8.0
- Updated
typescript:^5.4.4
to^5.4.5
3.0.5 Fix permissions for performance tests
This release fixes permissions for performance regression tests.
3.0.4 Fixed vulnerabilities CVE-2024-29131, CVE-2024-29133 and CVE-2024-29025
This release fixes the following three vulnerability:
CVE-2024-29025 (CWE-770) in dependency io.netty:netty-codec-http:jar:4.1.107.Final:runtime
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder
can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData
list. The decoder cumulates bytes in the undecodedChunk
buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
References
- https://ossindex.sonatype.org/vulnerability/CVE-2024-29025?component-type=maven&component-name=io.netty%2Fnetty-codec-http&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29025
- GHSA-5jpm-x58v-624v
CVE-2024-29131 (CWE-787) in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
References
- https://ossindex.sonatype.org/vulnerability/CVE-2024-29131?component-type=maven&component-name=org.apache.commons%2Fcommons-configuration2&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29131
- https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
- GHSA-xjp4-hw94-mvp5
CVE-2024-29133 (CWE-787) in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
References
- https://ossindex.sonatype.org/vulnerability/CVE-2024-29133?component-type=maven&component-name=org.apache.commons%2Fcommons-configuration2&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29133
- https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
Security
- #154: Fixed vulnerability CVE-2024-29131 in dependency
org.apache.commons:commons-configuration2:jar:2.8.0:compile
- #155: Fixed vulnerability CVE-2024-29133 in dependency
org.apache.commons:commons-configuration2:jar:2.8.0:compile
- #157: Fixed vulnerability CVE-2024-29025 in dependency
io.netty:netty-codec-http:jar:4.1.107.Final:runtime
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
com.exasol:virtual-schema-common-document-files:8.0.2
to8.0.3
- Updated
software.amazon.awssdk:s3:2.25.8
to2.25.27
Test Dependency Updates
- Updated
com.amazonaws:aws-java-sdk-s3:1.12.678
to1.12.697
- Updated
com.exasol:exasol-test-setup-abstraction-java:2.1.1
to2.1.2
- Updated
com.exasol:virtual-schema-common-document-files:8.0.2
to8.0.3
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.8
to3.16.1
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:2.0.0
to2.0.2
- Updated
com.exasol:project-keeper-maven-plugin:4.1.0
to4.3.0
- Updated
org.apache.maven.plugins:maven-assembly-plugin:3.6.0
to3.7.1
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.12.1
to3.13.0
- Updated
org.codehaus.mojo:exec-maven-plugin:3.1.1
to3.2.0
- Updated
org.jacoco:jacoco-maven-plugin:0.8.11
to0.8.12
- Updated
org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594
to3.11.0.3922
Extension
Development Dependency Updates
- Updated
eslint:^8.56.0
to^8.57.0
- Updated
@types/jest:^29.5.11
to^29.5.12
- Added
typescript-eslint:^7.5.0
- Updated
typescript:^5.3.3
to^5.4.4
- Updated
esbuild:^0.19.12
to^0.20.2
- Removed
@typescript-eslint/parser:^6.19.1
- Removed
@typescript-eslint/eslint-plugin:^6.19.1
3.0.3: Fix vulnerabilities CVE-2023-52428, CVE-2024-26308 and CVE-2024-25710 in compile dependencies
Summary
This release vulnerabilities in the following compile dependencies:
com.nimbusds:nimbus-jose-jwt:jar:9.8.1:compile
:org.apache.commons:commons-compress:jar:1.24.0:compile
:
Excluded Vulnerability We accept vulnerability CVE-2017-10355 (CWE-833: Deadlock) in test dependency xerces:xercesImpl:jar:2.12.2
as we assume that we only connect to the known endpoint ExaOperations.
Security
- #149: Fixed CVE-2023-52428 in
com.nimbusds:nimbus-jose-jwt:jar:9.8.1:compile
- #150: Fixed CVE-2024-25710 in
org.apache.commons:commons-compress:jar:1.24.0:compile
- #151: Fixed CVE-2024-26308 in
org.apache.commons:commons-compress:jar:1.24.0:compile
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
com.exasol:virtual-schema-common-document-files:8.0.0
to8.0.2
- Updated
software.amazon.awssdk:s3:2.23.9
to2.25.8
Runtime Dependency Updates
- Updated
org.slf4j:slf4j-jdk14:2.0.11
to2.0.12
Test Dependency Updates
- Updated
com.amazonaws:aws-java-sdk-s3:1.12.643
to1.12.678
- Updated
com.exasol:exasol-test-setup-abstraction-java:2.1.0
to2.1.1
- Updated
com.exasol:extension-manager-integration-test-java:0.5.7
to0.5.8
- Updated
com.exasol:hamcrest-resultset-matcher:1.6.4
to1.6.5
- Updated
com.exasol:java-class-list-verifier:0.2.5
to0.2.6
- Updated
com.exasol:test-db-builder-java:3.5.3
to3.5.4
- Updated
com.exasol:udf-debugging-java:0.6.11
to0.6.12
- Updated
com.exasol:virtual-schema-common-document-files:8.0.0
to8.0.2
- Updated
com.fasterxml.jackson.core:jackson-databind:2.16.1
to2.17.0
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.6
to3.15.8
- Updated
org.junit.jupiter:junit-jupiter-engine:5.10.1
to5.10.2
- Updated
org.junit.jupiter:junit-jupiter-params:5.10.1
to5.10.2
- Updated
org.mockito:mockito-core:5.9.0
to5.11.0
- Updated
org.testcontainers:junit-jupiter:1.19.3
to1.19.7
- Updated
org.testcontainers:localstack:1.19.3
to1.19.7
Plugin Dependency Updates
- Updated
com.exasol:error-code-crawler-maven-plugin:1.3.1
to2.0.0
- Updated
com.exasol:project-keeper-maven-plugin:3.0.0
to4.1.0
- Updated
org.apache.maven.plugins:maven-compiler-plugin:3.11.0
to3.12.1
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.2.3
to3.2.5
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.2.3
to3.2.5
- Updated
org.codehaus.mojo:flatten-maven-plugin:1.5.0
to1.6.0
3.0.2: Fix performance regression tests
Summary
This release fixes running the performance regression tests.
Bugfixes
- #143: Fixed running performance regression tests
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
software.amazon.awssdk:s3:2.23.4
to2.23.9
Test Dependency Updates
- Updated
com.amazonaws:aws-java-sdk-s3:1.12.638
to1.12.643
- Updated
com.exasol:small-json-files-test-fixture:0.1.8
to0.1.9
Extension
Compile Dependency Updates
- Updated
@exasol/extension-manager-interface:0.4.0
to0.4.1
Development Dependency Updates
- Updated
eslint:^8.53.0
to^8.56.0
- Updated
@typescript-eslint/parser:^6.9.1
to^6.19.1
- Updated
ts-jest:^29.1.1
to^29.1.2
- Updated
@types/jest:^29.5.7
to^29.5.11
- Updated
typescript:^5.2.2
to^5.3.3
- Updated
@typescript-eslint/eslint-plugin:^6.9.1
to^6.19.1
- Updated
ts-node:^10.9.1
to^10.9.2
- Updated
esbuild:^0.19.5
to^0.19.12
3.0.1: Fix CVE-2024-21634 in test dependency `software.amazon.ion:ion-java`
Summary
This release fixes CVE-2024-21634 (CWE-770: Allocation of Resources Without Limits or Throttling (7.5)) in test dependency software.amazon.ion:ion-java
.
Security
- #144: Fixed CVE-2024-21634 in test dependency
software.amazon.ion:ion-java
Dependency Updates
Virtual Schema for Document Data in Files on AWS S3
Compile Dependency Updates
- Updated
software.amazon.awssdk:s3:2.21.44
to2.23.4
Runtime Dependency Updates
- Updated
org.slf4j:slf4j-jdk14:2.0.9
to2.0.11
Test Dependency Updates
- Updated
com.amazonaws:aws-java-sdk-s3:1.12.613
to1.12.638
- Updated
com.exasol:hamcrest-resultset-matcher:1.6.3
to1.6.4
- Updated
com.fasterxml.jackson.core:jackson-databind:2.16.0
to2.16.1
- Updated
nl.jqno.equalsverifier:equalsverifier:3.15.4
to3.15.6
- Updated
org.mockito:mockito-core:5.8.0
to5.9.0
Plugin Dependency Updates
- Updated
com.exasol:project-keeper-maven-plugin:2.9.17
to3.0.0
- Updated
org.apache.maven.plugins:maven-failsafe-plugin:3.2.2
to3.2.3
- Updated
org.apache.maven.plugins:maven-surefire-plugin:3.2.2
to3.2.3
- Added
org.apache.maven.plugins:maven-toolchains-plugin:3.1.0