Skip to content

Commit

Permalink
Update exasol-jdbc version, CVE fix (#229)
Browse files Browse the repository at this point in the history
* Update exasol-jdbc version

* New version, pk fix

* Update dnsjava

* Change workerId to comment

* Fix tests

* Fix

* Changelog

* Update doc/changes/changes_2.2.0.md

Co-authored-by: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com>

* Update doc/changes/changes_2.2.0.md

Co-authored-by: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com>

* Update parent-pom/pom.xml

Co-authored-by: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com>

* Exclusion is not needed

---------

Co-authored-by: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com>
  • Loading branch information
Shmuma and kaklakariada authored Aug 28, 2024
1 parent c83d655 commit 341fde9
Show file tree
Hide file tree
Showing 6 changed files with 45 additions and 8 deletions.
6 changes: 3 additions & 3 deletions dependencies.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/changes/changelog.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions doc/changes/changes_2.2.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Spark Connector 2.2.0, released 2024-08-28

Code name: Fix Exasol-JDBC compatibility, CVE CVE-2024-25638

## Summary
Fixed issue with Exasol-JDBC parameter change.
Fixed CVE-2024-25638 in dnsjava:dnsjava:jar:2.1.7:provided (hadoop-client dependency).

## Security

* #228: Fix vulnerability in dnsjava:dnsjava:jar:2.1.7:provided

## Bugfixes

* #227: Spark Connector is not compatible with exasol-jdbc V24+

## Dependency Updates

### Spark Exasol Connector With JDBC

#### Compile Dependency Updates

* Updated `com.exasol:exasol-jdbc:7.1.20` to `24.1.2`
* Updated `com.exasol:spark-connector-common-java:2.0.1` to `2.0.5`

### Spark Exasol Connector With S3

#### Compile Dependency Updates

* Updated `com.exasol:spark-connector-common-java:2.0.1` to `2.0.5`
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ final case class ExasolConnectionManager(options: ExasolOptions) {
.toSeq
.map { case ((host, port), idx) =>
val hostWithFingerprint = getHostWithFingerprint(host)
val url = s"$WORKER_CONNECTION_PREFIX:$hostWithFingerprint:$port;workerID=$idx;workertoken=$token"
val url = s"$WORKER_CONNECTION_PREFIX:$hostWithFingerprint:$port;comment=$idx;workertoken=$token"
getConnectionStringWithOptions(url)
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,5 @@ class ExasolConnectionManagerSuite extends AnyFunSuite with Matchers with Mockit
}

private[this] def getWorkerJdbcUrl(host: String, port: Int, id: Int, token: Long): String =
s"jdbc:exa-worker:$host:$port;workerID=$id;workertoken=$token"

s"jdbc:exa-worker:$host:$port;comment=$id;workertoken=$token"
}
11 changes: 9 additions & 2 deletions parent-pom/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<relativePath>pk_generated_parent.pom</relativePath>
</parent>
<properties>
<revision>2.1.8</revision>
<revision>2.2.0</revision>
<java.version>8</java.version>
<log4j.version>2.20.0</log4j.version>
<junit.version>5.10.0</junit.version>
Expand All @@ -32,7 +32,7 @@
<dependency>
<groupId>com.exasol</groupId>
<artifactId>exasol-jdbc</artifactId>
<version>7.1.20</version>
<version>24.1.2</version>
</dependency>
<dependency>
<groupId>com.exasol</groupId>
Expand Down Expand Up @@ -342,6 +342,13 @@
<artifactId>woodstox-core</artifactId>
<version>6.5.1</version>
</dependency>
<!-- Update transitive dependency of org.apache.hadoop:hadoop-client to fix CVE-2024-25638 -->
<dependency>
<groupId>dnsjava</groupId>
<artifactId>dnsjava</artifactId>
<version>3.6.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2023-42503 -->
<groupId>org.apache.commons</groupId>
Expand Down

0 comments on commit 341fde9

Please sign in to comment.