From 2cd7e4c3ab0c1a2c13537248d654db270bd2ec8b Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Mon, 18 Nov 2024 09:40:58 +0100 Subject: [PATCH 01/10] generate new version --- doc/changes/changelog.md | 1 + doc/changes/changes_2.1.2.md | 10 ++++++++++ pk_generated_parent.pom | 2 +- pom.xml | 4 ++-- 4 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 doc/changes/changes_2.1.2.md diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 92988db..66da152 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [2.1.2](changes_2.1.2.md) * [2.1.1](changes_2.1.1.md) * [2.1.0](changes_2.1.0.md) * [2.0.0](changes_2.0.0.md) diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md new file mode 100644 index 0000000..4676398 --- /dev/null +++ b/doc/changes/changes_2.1.2.md @@ -0,0 +1,10 @@ +# Bucketfs Client 2.1.2, released 2024-??-?? + +Code name: + +## Summary + +## Features + +* ISSUE_NUMBER: description + diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 7dbb154..472ede4 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol bucketfs-client-generated-parent - 2.1.1 + 2.1.2 pom UTF-8 diff --git a/pom.xml b/pom.xml index c226267..0f1294b 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 bucketfs-client - 2.1.1 + 2.1.2 Command line client for BucketFS https://github.com/exasol/bucketfs-client/ @@ -178,7 +178,7 @@ bucketfs-client-generated-parent com.exasol - 2.1.1 + 2.1.2 pk_generated_parent.pom From aa8c7b07f227b9d1b66744b50ba97104cd53b4e0 Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Mon, 18 Nov 2024 09:56:07 +0100 Subject: [PATCH 02/10] Update dependencies. Add explicit commons-io to fix transitive security issue --- dependencies.md | 142 +++++++++--------- doc/changes/changes_2.1.2.md | 28 +++- pom.xml | 28 ++-- .../com/exasol/bucketfs/ProcessExecutor.java | 5 +- 4 files changed, 116 insertions(+), 87 deletions(-) diff --git a/dependencies.md b/dependencies.md index 7edbecb..2b296a4 100644 --- a/dependencies.md +++ b/dependencies.md @@ -9,44 +9,45 @@ | [error-reporting-java][2] | [MIT License][3] | | [picocli][4] | [The Apache Software License, version 2.0][5] | | [java-ini-parser][6] | [Apache License, Version 2.0][5] | +| [Apache Commons IO][7] | [Apache-2.0][8] | ## Test Dependencies | Dependency | License | | ----------------------------------------------- | --------------------------------- | -| [JUnit Jupiter (Aggregator)][7] | [Eclipse Public License v2.0][8] | -| [JUnit Jupiter Params][7] | [Eclipse Public License v2.0][8] | -| [Hamcrest][9] | [BSD License 3][10] | -| [mockito-junit-jupiter][11] | [MIT][12] | -| [Test containers for Exasol on Docker][13] | [MIT License][14] | -| [Testcontainers :: JUnit Jupiter Extension][15] | [MIT][16] | -| [EqualsVerifier \| release normal jar][17] | [Apache License, Version 2.0][18] | -| [JUnit5 System Extensions][19] | [Eclipse Public License v2.0][20] | -| [junit-pioneer][21] | [Eclipse Public License v2.0][8] | -| [SLF4J JDK14 Provider][22] | [MIT License][23] | +| [JUnit Jupiter (Aggregator)][9] | [Eclipse Public License v2.0][10] | +| [JUnit Jupiter Params][9] | [Eclipse Public License v2.0][10] | +| [Hamcrest][11] | [BSD-3-Clause][12] | +| [mockito-junit-jupiter][13] | [MIT][14] | +| [Test containers for Exasol on Docker][15] | [MIT License][16] | +| [Testcontainers :: JUnit Jupiter Extension][17] | [MIT][18] | +| [EqualsVerifier \| release normal jar][19] | [Apache License, Version 2.0][8] | +| [JUnit5 System Extensions][20] | [Eclipse Public License v2.0][21] | +| [junit-pioneer][22] | [Eclipse Public License v2.0][10] | +| [SLF4J JDK14 Provider][23] | [MIT License][24] | ## Plugin Dependencies | Dependency | License | | ------------------------------------------------------- | ------------------------------------- | -| [SonarQube Scanner for Maven][24] | [GNU LGPL 3][25] | -| [Apache Maven Toolchains Plugin][26] | [Apache License, Version 2.0][18] | -| [OpenFastTrace Maven Plugin][27] | [GNU General Public License v3.0][28] | -| [Project Keeper Maven plugin][29] | [The MIT License][30] | -| [Apache Maven Compiler Plugin][31] | [Apache-2.0][18] | -| [Apache Maven Enforcer Plugin][32] | [Apache-2.0][18] | -| [Maven Flatten Plugin][33] | [Apache Software Licenese][18] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][34] | [ASL2][5] | -| [Maven Surefire Plugin][35] | [Apache-2.0][18] | -| [Versions Maven Plugin][36] | [Apache License, Version 2.0][18] | -| [duplicate-finder-maven-plugin Maven Mojo][37] | [Apache License 2.0][38] | -| [Apache Maven Assembly Plugin][39] | [Apache-2.0][18] | -| [Apache Maven JAR Plugin][40] | [Apache License, Version 2.0][18] | -| [Artifact reference checker and unifier][41] | [MIT License][42] | -| [Maven Failsafe Plugin][43] | [Apache-2.0][18] | -| [JaCoCo :: Maven Plugin][44] | [Eclipse Public License 2.0][45] | -| [error-code-crawler-maven-plugin][46] | [MIT License][47] | -| [Reproducible Build Maven Plugin][48] | [Apache 2.0][5] | +| [SonarQube Scanner for Maven][25] | [GNU LGPL 3][26] | +| [Apache Maven Toolchains Plugin][27] | [Apache License, Version 2.0][8] | +| [OpenFastTrace Maven Plugin][28] | [GNU General Public License v3.0][29] | +| [Project Keeper Maven plugin][30] | [The MIT License][31] | +| [Apache Maven Compiler Plugin][32] | [Apache-2.0][8] | +| [Apache Maven Enforcer Plugin][33] | [Apache-2.0][8] | +| [Maven Flatten Plugin][34] | [Apache Software Licenese][8] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][35] | [ASL2][5] | +| [Maven Surefire Plugin][36] | [Apache-2.0][8] | +| [Versions Maven Plugin][37] | [Apache License, Version 2.0][8] | +| [duplicate-finder-maven-plugin Maven Mojo][38] | [Apache License 2.0][39] | +| [Apache Maven Assembly Plugin][40] | [Apache-2.0][8] | +| [Apache Maven JAR Plugin][41] | [Apache License, Version 2.0][8] | +| [Artifact reference checker and unifier][42] | [MIT License][43] | +| [Maven Failsafe Plugin][44] | [Apache-2.0][8] | +| [JaCoCo :: Maven Plugin][45] | [Eclipse Public License 2.0][46] | +| [error-code-crawler-maven-plugin][47] | [MIT License][48] | +| [Reproducible Build Maven Plugin][49] | [Apache 2.0][5] | [0]: https://github.com/exasol/bucketfs-java/ [1]: https://github.com/exasol/bucketfs-java/blob/main/LICENSE @@ -55,45 +56,46 @@ [4]: https://picocli.info [5]: http://www.apache.org/licenses/LICENSE-2.0.txt [6]: https://github.com/vincentrussell/java-ini-parser -[7]: https://junit.org/junit5/ -[8]: https://www.eclipse.org/legal/epl-v20.html -[9]: http://hamcrest.org/JavaHamcrest/ -[10]: http://opensource.org/licenses/BSD-3-Clause -[11]: https://github.com/mockito/mockito -[12]: https://opensource.org/licenses/MIT -[13]: https://github.com/exasol/exasol-testcontainers/ -[14]: https://github.com/exasol/exasol-testcontainers/blob/main/LICENSE -[15]: https://java.testcontainers.org -[16]: http://opensource.org/licenses/MIT -[17]: https://www.jqno.nl/equalsverifier -[18]: https://www.apache.org/licenses/LICENSE-2.0.txt -[19]: https://github.com/itsallcode/junit5-system-extensions -[20]: http://www.eclipse.org/legal/epl-v20.html -[21]: https://junit-pioneer.org/ -[22]: http://www.slf4j.org -[23]: http://www.opensource.org/licenses/mit-license.php -[24]: http://sonarsource.github.io/sonar-scanner-maven/ -[25]: http://www.gnu.org/licenses/lgpl.txt -[26]: https://maven.apache.org/plugins/maven-toolchains-plugin/ -[27]: https://github.com/itsallcode/openfasttrace-maven-plugin -[28]: https://www.gnu.org/licenses/gpl-3.0.html -[29]: https://github.com/exasol/project-keeper/ -[30]: https://github.com/exasol/project-keeper/blob/main/LICENSE -[31]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[32]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[33]: https://www.mojohaus.org/flatten-maven-plugin/ -[34]: https://sonatype.github.io/ossindex-maven/maven-plugin/ -[35]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[36]: https://www.mojohaus.org/versions/versions-maven-plugin/ -[37]: https://basepom.github.io/duplicate-finder-maven-plugin -[38]: http://www.apache.org/licenses/LICENSE-2.0.html -[39]: https://maven.apache.org/plugins/maven-assembly-plugin/ -[40]: https://maven.apache.org/plugins/maven-jar-plugin/ -[41]: https://github.com/exasol/artifact-reference-checker-maven-plugin/ -[42]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE -[43]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[44]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[45]: https://www.eclipse.org/legal/epl-2.0/ -[46]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[47]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[48]: http://zlika.github.io/reproducible-build-maven-plugin +[7]: https://commons.apache.org/proper/commons-io/ +[8]: https://www.apache.org/licenses/LICENSE-2.0.txt +[9]: https://junit.org/junit5/ +[10]: https://www.eclipse.org/legal/epl-v20.html +[11]: http://hamcrest.org/JavaHamcrest/ +[12]: https://raw.githubusercontent.com/hamcrest/JavaHamcrest/master/LICENSE +[13]: https://github.com/mockito/mockito +[14]: https://opensource.org/licenses/MIT +[15]: https://github.com/exasol/exasol-testcontainers/ +[16]: https://github.com/exasol/exasol-testcontainers/blob/main/LICENSE +[17]: https://java.testcontainers.org +[18]: http://opensource.org/licenses/MIT +[19]: https://www.jqno.nl/equalsverifier +[20]: https://github.com/itsallcode/junit5-system-extensions +[21]: http://www.eclipse.org/legal/epl-v20.html +[22]: https://junit-pioneer.org/ +[23]: http://www.slf4j.org +[24]: http://www.opensource.org/licenses/mit-license.php +[25]: http://sonarsource.github.io/sonar-scanner-maven/ +[26]: http://www.gnu.org/licenses/lgpl.txt +[27]: https://maven.apache.org/plugins/maven-toolchains-plugin/ +[28]: https://github.com/itsallcode/openfasttrace-maven-plugin +[29]: https://www.gnu.org/licenses/gpl-3.0.html +[30]: https://github.com/exasol/project-keeper/ +[31]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[32]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[33]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[34]: https://www.mojohaus.org/flatten-maven-plugin/ +[35]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[36]: https://maven.apache.org/surefire/maven-surefire-plugin/ +[37]: https://www.mojohaus.org/versions/versions-maven-plugin/ +[38]: https://basepom.github.io/duplicate-finder-maven-plugin +[39]: http://www.apache.org/licenses/LICENSE-2.0.html +[40]: https://maven.apache.org/plugins/maven-assembly-plugin/ +[41]: https://maven.apache.org/plugins/maven-jar-plugin/ +[42]: https://github.com/exasol/artifact-reference-checker-maven-plugin/ +[43]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE +[44]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[45]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[46]: https://www.eclipse.org/legal/epl-2.0/ +[47]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[48]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[49]: http://zlika.github.io/reproducible-build-maven-plugin diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index 4676398..35abb4b 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -1,10 +1,32 @@ # Bucketfs Client 2.1.2, released 2024-??-?? -Code name: +Code name: Fix CVE-2024-47554: commons-io:commons-io:jar:2.7:compile ## Summary -## Features +This release fixes CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile`. -* ISSUE_NUMBER: description +## Security +* #35: Fixed CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile` + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `com.exasol:bucketfs-java:3.1.2` to `3.2.0` +* Updated `com.github.vincentrussell:java-ini-parser:1.6` to `1.7` +* Added `commons-io:commons-io:2.17.0` + +### Test Dependency Updates + +* Updated `com.exasol:exasol-testcontainers:7.1.0` to `7.1.1` +* Updated `nl.jqno.equalsverifier:equalsverifier:3.16.1` to `3.17.3` +* Updated `org.hamcrest:hamcrest:2.2` to `3.0` +* Updated `org.itsallcode:junit5-system-extensions:1.2.0` to `1.2.2` +* Updated `org.junit-pioneer:junit-pioneer:2.2.0` to `2.3.0` +* Updated `org.junit.jupiter:junit-jupiter-params:5.10.2` to `5.11.3` +* Updated `org.junit.jupiter:junit-jupiter:5.10.2` to `5.11.3` +* Updated `org.mockito:mockito-junit-jupiter:5.11.0` to `5.14.2` +* Updated `org.slf4j:slf4j-jdk14:2.0.13` to `2.0.16` +* Updated `org.testcontainers:junit-jupiter:1.19.7` to `1.20.3` diff --git a/pom.xml b/pom.xml index 0f1294b..fd776cb 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ https://github.com/exasol/bucketfs-client/ 17 - 5.10.2 + 5.11.3 4.7.6 @@ -28,7 +28,7 @@ com.exasol bucketfs-java - 3.1.2 + 3.2.0 com.exasol @@ -43,7 +43,13 @@ com.github.vincentrussell java-ini-parser - 1.6 + 1.7 + + + + commons-io + commons-io + 2.17.0 @@ -61,50 +67,50 @@ org.hamcrest hamcrest - 2.2 + 3.0 test org.mockito mockito-junit-jupiter - 5.11.0 + 5.14.2 test com.exasol exasol-testcontainers - 7.1.0 + 7.1.1 test org.testcontainers junit-jupiter - 1.19.7 + 1.20.3 test nl.jqno.equalsverifier equalsverifier - 3.16.1 + 3.17.3 test org.itsallcode junit5-system-extensions - 1.2.0 + 1.2.2 test org.junit-pioneer junit-pioneer - 2.2.0 + 2.3.0 test org.slf4j slf4j-jdk14 - 2.0.13 + 2.0.16 test diff --git a/src/test/java/com/exasol/bucketfs/ProcessExecutor.java b/src/test/java/com/exasol/bucketfs/ProcessExecutor.java index 487a0f1..9aeab44 100644 --- a/src/test/java/com/exasol/bucketfs/ProcessExecutor.java +++ b/src/test/java/com/exasol/bucketfs/ProcessExecutor.java @@ -21,7 +21,7 @@ public class ProcessExecutor { private static final Duration TIMEOUT = Duration.ofSeconds(5); /** Name of the JAR file */ - public static final String JAR_NAME = "bfsc-2.1.1.jar"; + public static final String JAR_NAME = "bfsc-2.1.2.jar"; /** * Create a {@link ProcessExecutor} for the jar built by for the current projects. The Jar file must be built before @@ -73,9 +73,8 @@ public ProcessExecutor workingDirectory(final Path workingDir) { * @param args additional command line arguments for execution * @return this for fluent programming * @throws IOException in case of errors - * @throws InterruptedException in case process was interrupted */ - public ProcessExecutor run(final String... args) throws IOException, InterruptedException { + public ProcessExecutor run(final String... args) throws IOException { final List commandLine = new ArrayList<>(asList(this.initialArgs)); commandLine.addAll(asList(args)); final File directory = Optional.ofNullable(workingDir).map(Path::toAbsolutePath).map(Path::toFile).orElse(null); From 81dc2e5cc4d5c9f75f7ec1849dc7b434924dfe96 Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Mon, 18 Nov 2024 09:56:22 +0100 Subject: [PATCH 03/10] fix release date --- doc/changes/changes_2.1.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index 35abb4b..b61fe4f 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -1,4 +1,4 @@ -# Bucketfs Client 2.1.2, released 2024-??-?? +# Bucketfs Client 2.1.2, released 2024-11-18 Code name: Fix CVE-2024-47554: commons-io:commons-io:jar:2.7:compile From b2f2fead1f1cb2bb7e3a343924ed90b2026b086f Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Mon, 18 Nov 2024 10:22:54 +0100 Subject: [PATCH 04/10] fix issue number --- doc/changes/changes_2.1.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index b61fe4f..0b14834 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -8,7 +8,7 @@ This release fixes CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile`. ## Security -* #35: Fixed CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile` +* #45: Fixed CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile` ## Dependency Updates From ca9032f2ed812e186056e615e0d2718be7aec4e7 Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Mon, 18 Nov 2024 10:24:23 +0100 Subject: [PATCH 05/10] fix issue number --- doc/changes/changes_2.1.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index 0b14834..933a89f 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -8,7 +8,7 @@ This release fixes CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile`. ## Security -* #45: Fixed CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile` +* #44: Fixed CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile` ## Dependency Updates From 3468986c442a5b07db343a7c3b9c647fdbb7b032 Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Mon, 18 Nov 2024 10:54:52 +0100 Subject: [PATCH 06/10] add commons-lang3 to avoid conflict --- dependencies.md | 140 ++++++++++++++++++----------------- doc/changes/changes_2.1.2.md | 1 + pom.xml | 8 +- 3 files changed, 79 insertions(+), 70 deletions(-) diff --git a/dependencies.md b/dependencies.md index 2b296a4..d85c77f 100644 --- a/dependencies.md +++ b/dependencies.md @@ -10,44 +10,45 @@ | [picocli][4] | [The Apache Software License, version 2.0][5] | | [java-ini-parser][6] | [Apache License, Version 2.0][5] | | [Apache Commons IO][7] | [Apache-2.0][8] | +| [Apache Commons Lang][9] | [Apache-2.0][8] | ## Test Dependencies | Dependency | License | | ----------------------------------------------- | --------------------------------- | -| [JUnit Jupiter (Aggregator)][9] | [Eclipse Public License v2.0][10] | -| [JUnit Jupiter Params][9] | [Eclipse Public License v2.0][10] | -| [Hamcrest][11] | [BSD-3-Clause][12] | -| [mockito-junit-jupiter][13] | [MIT][14] | -| [Test containers for Exasol on Docker][15] | [MIT License][16] | -| [Testcontainers :: JUnit Jupiter Extension][17] | [MIT][18] | -| [EqualsVerifier \| release normal jar][19] | [Apache License, Version 2.0][8] | -| [JUnit5 System Extensions][20] | [Eclipse Public License v2.0][21] | -| [junit-pioneer][22] | [Eclipse Public License v2.0][10] | -| [SLF4J JDK14 Provider][23] | [MIT License][24] | +| [JUnit Jupiter (Aggregator)][10] | [Eclipse Public License v2.0][11] | +| [JUnit Jupiter Params][10] | [Eclipse Public License v2.0][11] | +| [Hamcrest][12] | [BSD-3-Clause][13] | +| [mockito-junit-jupiter][14] | [MIT][15] | +| [Test containers for Exasol on Docker][16] | [MIT License][17] | +| [Testcontainers :: JUnit Jupiter Extension][18] | [MIT][19] | +| [EqualsVerifier \| release normal jar][20] | [Apache License, Version 2.0][8] | +| [JUnit5 System Extensions][21] | [Eclipse Public License v2.0][22] | +| [junit-pioneer][23] | [Eclipse Public License v2.0][11] | +| [SLF4J JDK14 Provider][24] | [MIT License][25] | ## Plugin Dependencies | Dependency | License | | ------------------------------------------------------- | ------------------------------------- | -| [SonarQube Scanner for Maven][25] | [GNU LGPL 3][26] | -| [Apache Maven Toolchains Plugin][27] | [Apache License, Version 2.0][8] | -| [OpenFastTrace Maven Plugin][28] | [GNU General Public License v3.0][29] | -| [Project Keeper Maven plugin][30] | [The MIT License][31] | -| [Apache Maven Compiler Plugin][32] | [Apache-2.0][8] | -| [Apache Maven Enforcer Plugin][33] | [Apache-2.0][8] | -| [Maven Flatten Plugin][34] | [Apache Software Licenese][8] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][35] | [ASL2][5] | -| [Maven Surefire Plugin][36] | [Apache-2.0][8] | -| [Versions Maven Plugin][37] | [Apache License, Version 2.0][8] | -| [duplicate-finder-maven-plugin Maven Mojo][38] | [Apache License 2.0][39] | -| [Apache Maven Assembly Plugin][40] | [Apache-2.0][8] | -| [Apache Maven JAR Plugin][41] | [Apache License, Version 2.0][8] | -| [Artifact reference checker and unifier][42] | [MIT License][43] | -| [Maven Failsafe Plugin][44] | [Apache-2.0][8] | -| [JaCoCo :: Maven Plugin][45] | [Eclipse Public License 2.0][46] | -| [error-code-crawler-maven-plugin][47] | [MIT License][48] | -| [Reproducible Build Maven Plugin][49] | [Apache 2.0][5] | +| [SonarQube Scanner for Maven][26] | [GNU LGPL 3][27] | +| [Apache Maven Toolchains Plugin][28] | [Apache License, Version 2.0][8] | +| [OpenFastTrace Maven Plugin][29] | [GNU General Public License v3.0][30] | +| [Project Keeper Maven plugin][31] | [The MIT License][32] | +| [Apache Maven Compiler Plugin][33] | [Apache-2.0][8] | +| [Apache Maven Enforcer Plugin][34] | [Apache-2.0][8] | +| [Maven Flatten Plugin][35] | [Apache Software Licenese][8] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][36] | [ASL2][5] | +| [Maven Surefire Plugin][37] | [Apache-2.0][8] | +| [Versions Maven Plugin][38] | [Apache License, Version 2.0][8] | +| [duplicate-finder-maven-plugin Maven Mojo][39] | [Apache License 2.0][40] | +| [Apache Maven Assembly Plugin][41] | [Apache-2.0][8] | +| [Apache Maven JAR Plugin][42] | [Apache License, Version 2.0][8] | +| [Artifact reference checker and unifier][43] | [MIT License][44] | +| [Maven Failsafe Plugin][45] | [Apache-2.0][8] | +| [JaCoCo :: Maven Plugin][46] | [Eclipse Public License 2.0][47] | +| [error-code-crawler-maven-plugin][48] | [MIT License][49] | +| [Reproducible Build Maven Plugin][50] | [Apache 2.0][5] | [0]: https://github.com/exasol/bucketfs-java/ [1]: https://github.com/exasol/bucketfs-java/blob/main/LICENSE @@ -58,44 +59,45 @@ [6]: https://github.com/vincentrussell/java-ini-parser [7]: https://commons.apache.org/proper/commons-io/ [8]: https://www.apache.org/licenses/LICENSE-2.0.txt -[9]: https://junit.org/junit5/ -[10]: https://www.eclipse.org/legal/epl-v20.html -[11]: http://hamcrest.org/JavaHamcrest/ -[12]: https://raw.githubusercontent.com/hamcrest/JavaHamcrest/master/LICENSE -[13]: https://github.com/mockito/mockito -[14]: https://opensource.org/licenses/MIT -[15]: https://github.com/exasol/exasol-testcontainers/ -[16]: https://github.com/exasol/exasol-testcontainers/blob/main/LICENSE -[17]: https://java.testcontainers.org -[18]: http://opensource.org/licenses/MIT -[19]: https://www.jqno.nl/equalsverifier -[20]: https://github.com/itsallcode/junit5-system-extensions -[21]: http://www.eclipse.org/legal/epl-v20.html -[22]: https://junit-pioneer.org/ -[23]: http://www.slf4j.org -[24]: http://www.opensource.org/licenses/mit-license.php -[25]: http://sonarsource.github.io/sonar-scanner-maven/ -[26]: http://www.gnu.org/licenses/lgpl.txt -[27]: https://maven.apache.org/plugins/maven-toolchains-plugin/ -[28]: https://github.com/itsallcode/openfasttrace-maven-plugin -[29]: https://www.gnu.org/licenses/gpl-3.0.html -[30]: https://github.com/exasol/project-keeper/ -[31]: https://github.com/exasol/project-keeper/blob/main/LICENSE -[32]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[33]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[34]: https://www.mojohaus.org/flatten-maven-plugin/ -[35]: https://sonatype.github.io/ossindex-maven/maven-plugin/ -[36]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[37]: https://www.mojohaus.org/versions/versions-maven-plugin/ -[38]: https://basepom.github.io/duplicate-finder-maven-plugin -[39]: http://www.apache.org/licenses/LICENSE-2.0.html -[40]: https://maven.apache.org/plugins/maven-assembly-plugin/ -[41]: https://maven.apache.org/plugins/maven-jar-plugin/ -[42]: https://github.com/exasol/artifact-reference-checker-maven-plugin/ -[43]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE -[44]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[45]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[46]: https://www.eclipse.org/legal/epl-2.0/ -[47]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[48]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[49]: http://zlika.github.io/reproducible-build-maven-plugin +[9]: https://commons.apache.org/proper/commons-lang/ +[10]: https://junit.org/junit5/ +[11]: https://www.eclipse.org/legal/epl-v20.html +[12]: http://hamcrest.org/JavaHamcrest/ +[13]: https://raw.githubusercontent.com/hamcrest/JavaHamcrest/master/LICENSE +[14]: https://github.com/mockito/mockito +[15]: https://opensource.org/licenses/MIT +[16]: https://github.com/exasol/exasol-testcontainers/ +[17]: https://github.com/exasol/exasol-testcontainers/blob/main/LICENSE +[18]: https://java.testcontainers.org +[19]: http://opensource.org/licenses/MIT +[20]: https://www.jqno.nl/equalsverifier +[21]: https://github.com/itsallcode/junit5-system-extensions +[22]: http://www.eclipse.org/legal/epl-v20.html +[23]: https://junit-pioneer.org/ +[24]: http://www.slf4j.org +[25]: http://www.opensource.org/licenses/mit-license.php +[26]: http://sonarsource.github.io/sonar-scanner-maven/ +[27]: http://www.gnu.org/licenses/lgpl.txt +[28]: https://maven.apache.org/plugins/maven-toolchains-plugin/ +[29]: https://github.com/itsallcode/openfasttrace-maven-plugin +[30]: https://www.gnu.org/licenses/gpl-3.0.html +[31]: https://github.com/exasol/project-keeper/ +[32]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[33]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[34]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[35]: https://www.mojohaus.org/flatten-maven-plugin/ +[36]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[37]: https://maven.apache.org/surefire/maven-surefire-plugin/ +[38]: https://www.mojohaus.org/versions/versions-maven-plugin/ +[39]: https://basepom.github.io/duplicate-finder-maven-plugin +[40]: http://www.apache.org/licenses/LICENSE-2.0.html +[41]: https://maven.apache.org/plugins/maven-assembly-plugin/ +[42]: https://maven.apache.org/plugins/maven-jar-plugin/ +[43]: https://github.com/exasol/artifact-reference-checker-maven-plugin/ +[44]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE +[45]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[46]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[47]: https://www.eclipse.org/legal/epl-2.0/ +[48]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[49]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[50]: http://zlika.github.io/reproducible-build-maven-plugin diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index 933a89f..aeb2ffc 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -17,6 +17,7 @@ This release fixes CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile`. * Updated `com.exasol:bucketfs-java:3.1.2` to `3.2.0` * Updated `com.github.vincentrussell:java-ini-parser:1.6` to `1.7` * Added `commons-io:commons-io:2.17.0` +* Added `org.apache.commons:commons-lang3:3.17.0` ### Test Dependency Updates diff --git a/pom.xml b/pom.xml index fd776cb..c41551f 100644 --- a/pom.xml +++ b/pom.xml @@ -46,11 +46,17 @@ 1.7 - + commons-io commons-io 2.17.0 + + + org.apache.commons + commons-lang3 + 3.17.0 + org.junit.jupiter From 37cc0c679b7e4543a127635d6f5657ba80f04931 Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Mon, 18 Nov 2024 15:19:24 +0100 Subject: [PATCH 07/10] update bucketfs-java --- doc/changes/changes_2.1.2.md | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index aeb2ffc..9df6f90 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -14,7 +14,7 @@ This release fixes CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile`. ### Compile Dependency Updates -* Updated `com.exasol:bucketfs-java:3.1.2` to `3.2.0` +* Updated `com.exasol:bucketfs-java:3.1.2` to `3.2.1` * Updated `com.github.vincentrussell:java-ini-parser:1.6` to `1.7` * Added `commons-io:commons-io:2.17.0` * Added `org.apache.commons:commons-lang3:3.17.0` diff --git a/pom.xml b/pom.xml index c41551f..559ee20 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ com.exasol bucketfs-java - 3.2.0 + 3.2.1 com.exasol From 50222e40b9f423f9e6833459ab2858ef913ab107 Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Tue, 19 Nov 2024 08:41:43 +0100 Subject: [PATCH 08/10] added feedback: explicitly state that is a transitive production dependency --- doc/changes/changes_2.1.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index 9df6f90..7a72223 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -4,7 +4,7 @@ Code name: Fix CVE-2024-47554: commons-io:commons-io:jar:2.7:compile ## Summary -This release fixes CVE-2024-47554 in `commons-io:commons-io:jar:2.7:compile`. +This release fixes CVE-2024-47554 in transitive production dependency `commons-io:commons-io:jar:2.7:compile`. ## Security From eb35231a5f66db8ac09dca2b3fa6843788891b09 Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Tue, 19 Nov 2024 08:43:45 +0100 Subject: [PATCH 09/10] added feedback: explicitly state that is a transitive production dependency --- doc/changes/changes_2.1.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index 7a72223..72a498e 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -4,7 +4,7 @@ Code name: Fix CVE-2024-47554: commons-io:commons-io:jar:2.7:compile ## Summary -This release fixes CVE-2024-47554 in transitive production dependency `commons-io:commons-io:jar:2.7:compile`. +This release fixes CVE-2024-47554 in transitive production dependency `commons-io:commons-io:jar:2.7:compile` added by `com.github.vincentrussell:java-ini-parser`. ## Security From 6c39aac92e2a893cd87a0467573d5b8cd4f14ded Mon Sep 17 00:00:00 2001 From: Antoni Reus Date: Tue, 19 Nov 2024 09:01:43 +0100 Subject: [PATCH 10/10] fixed release date --- doc/changes/changes_2.1.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md index 72a498e..db781de 100644 --- a/doc/changes/changes_2.1.2.md +++ b/doc/changes/changes_2.1.2.md @@ -1,4 +1,4 @@ -# Bucketfs Client 2.1.2, released 2024-11-18 +# Bucketfs Client 2.1.2, released 2024-11-19 Code name: Fix CVE-2024-47554: commons-io:commons-io:jar:2.7:compile