3.6.0 Fix CVE-2024-7254 in test dependency `com.google.protobuf:protobuf-java:3.25.1`

This release fixes CVE-2024-7254 in test dependency com.google.protobuf:protobuf-java:3.25.1.

The release also speeds up inserting rows into a table by using batch insert, allows specifying a charset when creating MySQL tables, see the user guide for details and supports databases that don't support transactions. TDBJ will then insert rows without a transaction.

Security

• #138: Fixed CVE-2024-7254 in test dependency com.google.protobuf:protobuf-java:3.25.1

Features

• #137: Updated AbstractImmediateDatabaseObjectWriter#write() to use batching for inserting rows
• #134: Allowed specifying charset for MySQL tables
• #136: Added support for databases without transaction support

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-jdbc:7.1.20 to 24.1.2
• Updated com.exasol:exasol-testcontainers:7.0.1 to 7.1.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.5 to 1.7.0
• Added com.google.protobuf:protobuf-java:4.28.2
• Updated com.mysql:mysql-connector-j:8.3.0 to 9.0.0
• Updated com.oracle.database.jdbc:ojdbc11:23.3.0.23.09 to 23.5.0.24.07
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.8 to 3.16.2
• Updated org.hamcrest:hamcrest:2.2 to 3.0
• Updated org.junit.jupiter:junit-jupiter-api:5.10.2 to 5.11.0
• Updated org.junit.jupiter:junit-jupiter-engine:5.10.2 to 5.11.0
• Updated org.mockito:mockito-junit-jupiter:5.11.0 to 5.13.0
• Updated org.postgresql:postgresql:42.7.2 to 42.7.4
• Updated org.slf4j:slf4j-jdk14:2.0.12 to 2.0.16
• Updated org.testcontainers:junit-jupiter:1.19.7 to 1.20.1
• Updated org.testcontainers:mysql:1.19.7 to 1.20.1
• Updated org.testcontainers:oracle-xe:1.19.7 to 1.20.1
• Updated org.testcontainers:postgresql:1.19.7 to 1.20.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.0 to 2.0.3
• Updated com.exasol:project-keeper-maven-plugin:4.1.0 to 4.3.3
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.1 to 3.1.2
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.1.0 to 3.2.4
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.3 to 3.7.0
• Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 4.0.0.4121
• Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 to 1.7.0

3.5.4: Fix CVE-2024-25710, CVE-2024-1597 and CVE-2024-26308 in test dependencies

Summary

This is a security release in which we updated test dependencies commons-compress and postgresql to fix the following CVEs:

CVE-2024-25710

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-25710?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25710
• https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-1597?component-type=maven&component-name=org.postgresql%2Fpostgresql&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1597
• GHSA-24rp-q3w6-vc56
• https://systemweakness.com/critical-vulnerability-in-postgresql-jdbc-driver-understanding-cve-2024-1597-18eec3bd2eaf

CVE-2024-26308

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-26308?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26308
• https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
• https://www.openwall.com/lists/oss-security/2024/02/19/2

Bugfixes

• #128: Fixed CVE-2024-25710 in org.apache.commons:commons-compress:jar:1.24.0:test
• #130: Fixed CVE-2024-1597 in org.postgresql:postgresql:jar:42.7.0:test
• #131: Fixed CVE-2024-26308 in `org.apache.commons:commons-compress:jar:1.24.0:test

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.0.0 to 7.0.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.3 to 1.6.5
• Updated com.mysql:mysql-connector-j:8.2.0 to 8.3.0
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.3 to 3.15.8
• Updated org.junit.jupiter:junit-jupiter-api:5.10.1 to 5.10.2
• Updated org.junit.jupiter:junit-jupiter-engine:5.10.1 to 5.10.2
• Updated org.mockito:mockito-junit-jupiter:5.7.0 to 5.11.0
• Updated org.postgresql:postgresql:42.7.0 to 42.7.2
• Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.12
• Updated org.testcontainers:junit-jupiter:1.19.3 to 1.19.7
• Updated org.testcontainers:mysql:1.19.3 to 1.19.7
• Updated org.testcontainers:oracle-xe:1.19.3 to 1.19.7
• Updated org.testcontainers:postgresql:1.19.3 to 1.19.7

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.16 to 4.1.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.2 to 3.2.5
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.2 to 3.6.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.2 to 3.2.5
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.1 to 2.16.2
• Updated org.itsallcode:openfasttrace-maven-plugin:1.6.1 to 1.8.0

3.5.3: Make DB objects `AutoClosable`

Summary

This release let's all database object classes implement the AutoClosable interface. This allows deleting them automatically using a try-with-resources block.

Features

• #115: Implemented AutoClosable interface in all database objects

Refactoring

• #119: Moved DatabaseObjectWriter.write(object) calls away from constructors

Dependency Updates

Compile Dependency Updates

• Removed org.slf4j:slf4j-jdk14:2.0.9

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.3 to 7.0.0
• Updated com.exasol:hamcrest-resultset-matcher:1.6.2 to 1.6.3
• Updated org.junit-pioneer:junit-pioneer:2.1.0 to 2.2.0
• Updated org.postgresql:postgresql:42.6.0 to 42.7.0
• Added org.slf4j:slf4j-jdk14:2.0.9
• Updated org.testcontainers:junit-jupiter:1.19.0 to 1.19.3
• Updated org.testcontainers:mysql:1.19.0 to 1.19.3
• Updated org.testcontainers:oracle-xe:1.19.0 to 1.19.3
• Updated org.testcontainers:postgresql:1.19.0 to 1.19.3

3.5.2: Improved "In a nutshell" section

Summary

Improved the "in a nutshell" section to make it clearer that we are talking about tests here and what goes typically into beforeAll(). Updated dependencies and fixed build.

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.2 to 6.6.3
• Updated com.exasol:hamcrest-resultset-matcher:1.6.0 to 1.6.2
• Updated com.mysql:mysql-connector-j:8.1.0 to 8.2.0
• Updated com.oracle.database.jdbc:ojdbc11:23.2.0.0 to 23.3.0.23.09
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.2 to 3.15.3
• Added org.junit.jupiter:junit-jupiter-api:5.10.1
• Added org.junit.jupiter:junit-jupiter-engine:5.10.1
• Removed org.junit.jupiter:junit-jupiter:5.9.3
• Updated org.mockito:mockito-junit-jupiter:5.5.0 to 5.7.0

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 1.3.1
• Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 2.9.16
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.2
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.5.0 to 3.6.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.2
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.1
• Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

3.5.1: Fix CVE-2023-42503

Summary

This release fixes CVE-2023-42503 in org.apache.commons:commons-compress by upgrading dependencies.

Security

• #120: Fixed CVE-2023-42503 in org.apache.commons:commons-compress

Dependency Updates

Compile Dependency Updates

• Updated org.slf4j:slf4j-jdk14:2.0.7 to 2.0.9

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.1 to 6.6.2
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.1 to 3.15.2
• Updated org.junit-pioneer:junit-pioneer:2.0.1 to 2.1.0

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.11 to 2.9.12

Mark Objects as Deleted & Support Python 3

This release marks deleted objects and rejects operations on deleted objects. The release also deprecates script language Python 2 (enum values UdfScript.Language.PYTHON and AdapterScript.Language.PYTHON) in favor of Python 3 (UdfScript.Language.PYTHON3 and AdapterScript.Language.PYTHON3) as newer versions of Exasol 7.1 dropped support for Python 2.

The release also updates dependencies on top of 3.4.2 and fixes broken links.

Features

• #34: Marked deleted objects

Documentation

• #112: Fixed broken links

Refactoring

• #53: Partially moved "write()" calls from constructors to factory

Security

• #117: Fixed failing dependency check

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:error-reporting-java:1.0.0 to 1.0.1
• Added org.slf4j:slf4j-jdk14:2.0.7

Test Dependency Updates

• Updated com.exasol:exasol-jdbc:7.1.17 to 7.1.20
• Updated com.exasol:exasol-testcontainers:6.5.0 to 6.6.1
• Updated com.exasol:hamcrest-resultset-matcher:1.5.2 to 1.6.0
• Removed com.google.protobuf:protobuf-java:3.21.12
• Added com.mysql:mysql-connector-j:8.1.0
• Updated com.oracle.database.jdbc:ojdbc11:21.8.0.0 to 23.2.0.0
• Removed mysql:mysql-connector-java:8.0.31
• Updated nl.jqno.equalsverifier:equalsverifier:3.12.3 to 3.15.1
• Updated org.junit-pioneer:junit-pioneer:1.9.1 to 2.0.1
• Removed org.junit.jupiter:junit-jupiter-api:5.9.2
• Updated org.junit.jupiter:junit-jupiter:5.9.2 to 5.9.3
• Updated org.mockito:mockito-junit-jupiter:5.0.0 to 5.5.0
• Updated org.postgresql:postgresql:42.5.1 to 42.6.0
• Updated org.testcontainers:junit-jupiter:1.17.6 to 1.19.0
• Updated org.testcontainers:mysql:1.17.6 to 1.19.0
• Updated org.testcontainers:oracle-xe:1.17.6 to 1.19.0
• Updated org.testcontainers:postgresql:1.17.6 to 1.19.0

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.1 to 1.3.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.1 to 2.9.11
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.11.0
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.0.0 to 3.1.1
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.4.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M7 to 3.1.2
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.0.1 to 3.1.0
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7 to 3.1.2
• Added org.basepom.maven:duplicate-finder-maven-plugin:2.0.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.3.0 to 1.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.13.0 to 2.16.0
• Updated org.itsallcode:openfasttrace-maven-plugin:1.5.0 to 1.6.1
• Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.10

3.4.2: Fix vulnerabilities in dependencies on top of 3.4.1

Summary

Updated dependencies on top of version 3.4.1 to fix vulnerability CVE-2022-41946 in test dependency to org.postgresql:postgresql:jar:42.5.0.

Bugfixes

• #110: Updated dependencies

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-jdbc:7.1.11 to 7.1.17
• Updated com.exasol:exasol-testcontainers:6.2.0 to 6.5.0
• Updated com.google.protobuf:protobuf-java:3.21.8 to 3.21.12
• Updated com.oracle.database.jdbc:ojdbc11:21.7.0.0 to 21.8.0.0
• Updated nl.jqno.equalsverifier:equalsverifier:3.10.1 to 3.12.3
• Updated org.junit-pioneer:junit-pioneer:1.7.1 to 1.9.1
• Updated org.junit.jupiter:junit-jupiter-api:5.9.1 to 5.9.2
• Updated org.junit.jupiter:junit-jupiter:5.9.1 to 5.9.2
• Updated org.mockito:mockito-junit-jupiter:4.8.1 to 5.0.0
• Updated org.postgresql:postgresql:42.5.0 to 42.5.1
• Updated org.testcontainers:junit-jupiter:1.17.5 to 1.17.6
• Updated org.testcontainers:mysql:1.17.5 to 1.17.6
• Updated org.testcontainers:oracle-xe:1.17.5 to 1.17.6
• Updated org.testcontainers:postgresql:1.17.5 to 1.17.6

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.1.2 to 1.2.1
• Updated com.exasol:project-keeper-maven-plugin:2.8.0 to 2.9.1
• Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.16
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1 to 3.0.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5 to 3.0.0-M7
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 to 3.0.0-M7
• Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.3.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.13.0

3.4.1: Fix vulnerabilities in dependencies

Summary

This release fixes CVE-2022-3171 in test dependency com.google.protobuf:protobuf-java.

Bugfixes

• #105: Fixed vulnerabilities in dependencies

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:db-fundamentals-java:0.1.2 to 0.1.3
• Updated com.exasol:error-reporting-java:0.4.1 to 1.0.0

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.1.2 to 6.2.0
• Updated com.exasol:hamcrest-resultset-matcher:1.5.1 to 1.5.2
• Added com.google.protobuf:protobuf-java:3.21.8
• Updated com.oracle.database.jdbc:ojdbc11:21.6.0.0.1 to 21.7.0.0
• Updated mysql:mysql-connector-java:8.0.30 to 8.0.31
• Updated org.junit.jupiter:junit-jupiter-api:5.9.0 to 5.9.1
• Updated org.junit.jupiter:junit-jupiter:5.9.0 to 5.9.1
• Updated org.mockito:mockito-junit-jupiter:4.6.1 to 4.8.1
• Updated org.postgresql:postgresql:42.4.1 to 42.5.0
• Updated org.testcontainers:junit-jupiter:1.17.3 to 1.17.5
• Updated org.testcontainers:mysql:1.17.3 to 1.17.5
• Updated org.testcontainers:oracle-xe:1.17.3 to 1.17.5
• Updated org.testcontainers:postgresql:1.17.3 to 1.17.5

3.4.0: Support system properties to set DEBUG_ADDRESS and LOG_LEVEL.

Summary

This release adds support to use properties to set DEBUG_ADDRESS and LOG_LEVEL for virtual schemas, please see the User Guide for details.

Features

• #103: Enabled to set DEBUG_ADDRESS and LOG_LEVEL based on properties.

Dependency Updates

Test Dependency Updates

• Added org.junit-pioneer:junit-pioneer:1.7.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.1.1 to 1.1.2
• Updated com.exasol:project-keeper-maven-plugin:2.5.0 to 2.8.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0 to 3.1.0

3.3.4: Dependency updates

Summary

This release upgrades dependencies to fix the following vulnerabilities:

• org.postgresql:postgresql:jar:42.3.6:test
  • sonatype-2022-4402

Bugfixes

• #101: Fix vulnerabilities in dependencies

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-jdbc:7.1.7 to 7.1.11
• Updated com.exasol:exasol-testcontainers:6.1.1 to 6.1.2
• Updated com.oracle.database.jdbc:ojdbc11:21.5.0.0 to 21.6.0.0.1
• Updated mysql:mysql-connector-java:8.0.29 to 8.0.30
• Updated nl.jqno.equalsverifier:equalsverifier:3.10 to 3.10.1
• Added org.junit.jupiter:junit-jupiter-api:5.9.0
• Removed org.junit.jupiter:junit-jupiter-engine:5.8.2
• Removed org.junit.jupiter:junit-jupiter-params:5.8.2
• Added org.junit.jupiter:junit-jupiter:5.9.0
• Updated org.postgresql:postgresql:42.3.6 to 42.4.1
• Updated org.testcontainers:junit-jupiter:1.17.2 to 1.17.3
• Updated org.testcontainers:mysql:1.17.2 to 1.17.3
• Updated org.testcontainers:oracle-xe:1.17.2 to 1.17.3
• Updated org.testcontainers:postgresql:1.17.2 to 1.17.3

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.4.6 to 2.5.0