Skip to content

Commit

Permalink
Fix CVE-2023-42503 and update deps (#207)
Browse files Browse the repository at this point in the history 
* Update versions

* PK fix

* Deps

* Release prep
  • Loading branch information
@Shmuma
Shmuma authored Sep 27, 2023
1 parent c8a281d commit e3f997e
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 18 deletions.
2 changes: 1 addition & 1 deletion dependencies.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

40 changes: 38 additions & 2 deletions doc/changes/changes_2.1.2.md
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,18 @@
# Spark Connector 2.1.2, released 2023-??-??
# Spark Connector 2.1.2, released 2023-09-27

Code name:
Code name: Transaction commit fixes, security fixes in dependencies

## Summary

Fixes CVE-2023-42503 in org.apache.commons:commons-compress.
Fixes logic in transaction commit during the DB import.

## Features

* 194: Wrong name of Exasol JDBC format in documentation
* 197: Committing transaction in the finally handler
* 198: Remove unused `Statement` variable
* 206: Fix CVE-2023-42503 and update dependencies

## Dependency Updates

Expand All @@ -17,3 +21,35 @@ Code name:
#### Plugin Dependency Updates

* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.3.0` to `3.4.0`

### Spark Exasol Connector With JDBC

#### Compile Dependency Updates

* Updated `com.exasol:spark-connector-common-java:2.0.0` to `2.0.1`

#### Test Dependency Updates

* Updated `com.exasol:exasol-testcontainers:6.6.1` to `6.6.2`
* Updated `com.exasol:hamcrest-resultset-matcher:1.6.0` to `1.6.1`
* Updated `com.exasol:test-db-builder-java:3.4.2` to `3.5.1`
* Updated `org.mockito:mockito-core:5.4.0` to `5.5.0`
* Updated `org.mockito:mockito-junit-jupiter:5.4.0` to `5.5.0`
* Updated `org.scalatestplus:scalatestplus-mockito_2.13:1.0.0-M2` to `1.0.0-SNAP5`
* Updated `org.scalatest:scalatest_2.13:3.2.9` to `3.3.0-SNAP4`

### Spark Exasol Connector With S3

#### Compile Dependency Updates

* Updated `com.exasol:spark-connector-common-java:2.0.0` to `2.0.1`
* Updated `org.apache.hadoop:hadoop-aws:3.3.4` to `3.3.6`

#### Test Dependency Updates

* Updated `com.exasol:exasol-testcontainers:6.6.1` to `6.6.2`
* Updated `com.exasol:hamcrest-resultset-matcher:1.6.0` to `1.6.1`
* Updated `com.exasol:test-db-builder-java:3.4.2` to `3.5.1`
* Updated `org.mockito:mockito-junit-jupiter:5.4.0` to `5.5.0`
* Updated `org.testcontainers:junit-jupiter:1.18.3` to `1.19.0`
* Updated `org.testcontainers:localstack:1.18.3` to `1.19.0`
6 changes: 3 additions & 3 deletions exasol-jdbc/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro-mapred</artifactId>
<version>1.11.2</version>
<version>1.11.3</version>
<scope>provided</scope>
<exclusions>
<exclusion>
Expand Down Expand Up @@ -125,13 +125,13 @@
<dependency>
<groupId>org.scalatest</groupId>
<artifactId>scalatest_${scala.compat.version}</artifactId>
<version>3.2.9</version>
<version>3.3.0-SNAP4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.scalatestplus</groupId>
<artifactId>scalatestplus-mockito_${scala.compat.version}</artifactId>
<version>1.0.0-M2</version>
<version>1.0.0-SNAP5</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
30 changes: 18 additions & 12 deletions parent-pom/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
<java.version>8</java.version>
<log4j.version>2.20.0</log4j.version>
<junit.version>5.10.0</junit.version>
<mockito.version>5.4.0</mockito.version>
<mockito.version>5.5.0</mockito.version>
<jersey.version>3.1.3</jersey.version>
</properties>
<dependencyManagement>
Expand Down Expand Up @@ -47,7 +47,7 @@
<dependency>
<groupId>com.exasol</groupId>
<artifactId>spark-connector-common-java</artifactId>
<version>2.0.0</version>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
Expand Down Expand Up @@ -201,13 +201,13 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>32.1.1-jre</version>
<version>32.1.2-jre</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
<version>4.1.96.Final</version>
<version>4.1.98.Final</version>
<scope>provided</scope>
</dependency>
<dependency>
Expand Down Expand Up @@ -297,7 +297,7 @@
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<version>3.23.4</version>
<version>3.24.3</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
Expand All @@ -309,6 +309,12 @@
<artifactId>woodstox-core</artifactId>
<version>6.5.1</version>
</dependency>
<dependency>
<!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2023-42503 -->
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.24.0</version>
</dependency>
<!-- Test Dependencies -->
<dependency>
<groupId>org.junit.jupiter</groupId>
Expand Down Expand Up @@ -349,7 +355,7 @@
<dependency>
<groupId>com.exasol</groupId>
<artifactId>test-db-builder-java</artifactId>
<version>3.4.2</version>
<version>3.5.1</version>
<scope>test</scope>
</dependency>
<dependency>
Expand All @@ -361,31 +367,31 @@
<dependency>
<groupId>com.exasol</groupId>
<artifactId>hamcrest-resultset-matcher</artifactId>
<version>1.6.0</version>
<version>1.6.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.exasol</groupId>
<artifactId>exasol-testcontainers</artifactId>
<version>6.6.1</version>
<version>6.6.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>junit-jupiter</artifactId>
<version>1.18.3</version>
<version>1.19.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>localstack</artifactId>
<version>1.18.3</version>
<version>1.19.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>nl.jqno.equalsverifier</groupId>
<artifactId>equalsverifier</artifactId>
<version>3.15</version>
<version>3.15.2</version>
<scope>test</scope>
</dependency>
</dependencies>
Expand Down Expand Up @@ -494,7 +500,7 @@
<spark.version>3.4.1</spark.version>
<scala.version>2.13.11</scala.version>
<scala.compat.version>2.13</scala.compat.version>
<hadoop.version>3.3.4</hadoop.version>
<hadoop.version>3.3.6</hadoop.version>
<jackson.version>2.14.2</jackson.version>
</properties>
<modules>
Expand Down

0 comments on commit e3f997e

Please sign in to comment.