Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update exasol-jdbc version, CVE fix #229

Merged
merged 11 commits into from
Aug 28, 2024
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions dependencies.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/changes/changelog.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 27 additions & 0 deletions doc/changes/changes_2.2.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Spark Connector 2.2.0, released 2024-08-28

Code name: Fix Exasol-JDBC compatibility, CVE
Shmuma marked this conversation as resolved.
Show resolved Hide resolved

## Summary
Fixed issue with Exasol-JDBC parameter change.
Fixed CVE-2024-25638 in dnsjava:dnsjava:jar:2.1.7:provided (hadoop-client dependency).

## Features

* #227: Spark Connector is not compatible with exasol-jdbc V24+
* #228: Fix vulnerabilitiy in dnsjava:dnsjava:jar:2.1.7:provided
Shmuma marked this conversation as resolved.
Show resolved Hide resolved

## Dependency Updates

### Spark Exasol Connector With JDBC

#### Compile Dependency Updates

* Updated `com.exasol:exasol-jdbc:7.1.20` to `24.1.2`
* Updated `com.exasol:spark-connector-common-java:2.0.1` to `2.0.5`

### Spark Exasol Connector With S3

#### Compile Dependency Updates

* Updated `com.exasol:spark-connector-common-java:2.0.1` to `2.0.5`
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ final case class ExasolConnectionManager(options: ExasolOptions) {
.toSeq
.map { case ((host, port), idx) =>
val hostWithFingerprint = getHostWithFingerprint(host)
val url = s"$WORKER_CONNECTION_PREFIX:$hostWithFingerprint:$port;workerID=$idx;workertoken=$token"
val url = s"$WORKER_CONNECTION_PREFIX:$hostWithFingerprint:$port;comment=$idx;workertoken=$token"
getConnectionStringWithOptions(url)
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,5 @@ class ExasolConnectionManagerSuite extends AnyFunSuite with Matchers with Mockit
}

private[this] def getWorkerJdbcUrl(host: String, port: Int, id: Int, token: Long): String =
s"jdbc:exa-worker:$host:$port;workerID=$id;workertoken=$token"

s"jdbc:exa-worker:$host:$port;comment=$id;workertoken=$token"
}
14 changes: 12 additions & 2 deletions parent-pom/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<relativePath>pk_generated_parent.pom</relativePath>
</parent>
<properties>
<revision>2.1.8</revision>
<revision>2.2.0</revision>
<java.version>8</java.version>
<log4j.version>2.20.0</log4j.version>
<junit.version>5.10.0</junit.version>
Expand All @@ -32,7 +32,7 @@
<dependency>
<groupId>com.exasol</groupId>
<artifactId>exasol-jdbc</artifactId>
<version>7.1.20</version>
<version>24.1.2</version>
</dependency>
<dependency>
<groupId>com.exasol</groupId>
Expand Down Expand Up @@ -324,6 +324,11 @@
<groupId>org.xerial.snappy</groupId>
<artifactId>snappy-java</artifactId>
</exclusion>
<!-- Excluded to fix CVE-2024-25638 -->
<exclusion>
<groupId>dnsjava</groupId>
<artifactId>dnsjava</artifactId>
</exclusion>
kaklakariada marked this conversation as resolved.
Show resolved Hide resolved
</exclusions>
</dependency>
<!-- Dependencies that are forced higher to fix vulnerabilities -->
Expand All @@ -342,6 +347,11 @@
<artifactId>woodstox-core</artifactId>
<version>6.5.1</version>
</dependency>
<dependency>
<groupId>dnsjava</groupId>
<artifactId>dnsjava</artifactId>
<version>3.6.1</version>
</dependency>
Shmuma marked this conversation as resolved.
Show resolved Hide resolved
<dependency>
<!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2023-42503 -->
<groupId>org.apache.commons</groupId>
Expand Down