Skip to content

Releases: exasol/oracle-virtual-schema

3.0.3 Fixed vulnerability CVE-2024-47535 in io.netty:netty-common:jar:4.1.104.Final:test

18 Nov 17:26
b16162a
Compare
Choose a tag to compare

This release fixes the following vulnerability:

CVE-2024-47535 (CWE-400) in dependency io.netty:netty-common:jar:4.1.104.Final:test

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.

References

Security

  • #50: Fixed vulnerability CVE-2024-47535 in dependency io.netty:netty-common:jar:4.1.104.Final:test

Dependency Updates

Virtual Schema for Oracle

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.1.0 to 7.1.1
  • Updated com.exasol:extension-manager-integration-test-java:0.5.11 to 0.5.12
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.5 to 1.7.0
  • Updated com.exasol:test-db-builder-java:3.5.4 to 3.6.0
  • Updated com.oracle.database.jdbc:ojdbc8:23.4.0.24.05 to 23.6.0.24.10
  • Added io.netty:netty-common:4.1.115.Final
  • Updated nl.jqno.equalsverifier:equalsverifier:3.16.1 to 3.17.3
  • Updated org.hamcrest:hamcrest:2.2 to 3.0
  • Updated org.jacoco:org.jacoco.agent:0.8.11 to 0.8.12
  • Updated org.junit.jupiter:junit-jupiter:5.10.2 to 5.11.3
  • Updated org.mockito:mockito-junit-jupiter:5.11.0 to 5.14.2
  • Updated org.slf4j:slf4j-jdk14:2.0.13 to 2.0.16
  • Updated org.testcontainers:junit-jupiter:1.19.7 to 1.20.3
  • Updated org.testcontainers:oracle-xe:1.19.7 to 1.20.3

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.2 to 2.0.3
  • Updated com.exasol:project-keeper-maven-plugin:4.3.0 to 4.4.0
  • Added com.exasol:quality-summarizer-maven-plugin:0.2.0
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.16 to 0.17
  • Updated org.apache.maven.plugins:maven-dependency-plugin:3.6.1 to 3.8.0
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.5 to 3.5.1
  • Updated org.apache.maven.plugins:maven-install-plugin:2.4 to 3.1.3
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.3.0 to 3.4.2
  • Updated org.apache.maven.plugins:maven-resources-plugin:2.6 to 3.3.1
  • Updated org.apache.maven.plugins:maven-site-plugin:3.3 to 3.9.1
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.5 to 3.5.1
  • Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.17.1
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922 to 4.0.0.4121

Extension

Compile Dependency Updates

  • Updated @exasol/extension-manager-interface:0.4.2 to 0.4.3

Development Dependency Updates

  • Updated eslint:^8.54.0 to 9.14.0
  • Added @types/eslint__js:^8.42.3
  • Added @eslint/js:^9.15.0
  • Updated ts-jest:^29.1.2 to ^29.2.5
  • Updated @types/jest:^29.5.12 to ^29.5.14
  • Added typescript-eslint:^8.14.0
  • Updated typescript:^5.4.5 to ^5.6.3
  • Updated @typescript-eslint/eslint-plugin:^7.8.0 to ^8.14.1-alpha.6
  • Updated esbuild:^0.21.0 to ^0.24.0
  • Removed @typescript-eslint/parser:^7.8.0

3.0.2 Improve error handling for extension

07 May 11:42
d31f38b
Compare
Choose a tag to compare

This release improves error handling when creating a new Virtual Schema using the extension: the extension now checks if a schema with the same name exists and returns a helpful error message. This check is case-insensitive because Exasol's CONNECTION names are also case-insensitive.

Bugfix

  • #45: Added extension JS file to release assets

Dependency Updates

Virtual Schema for Oracle

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.0.1 to 7.1.0
  • Updated com.exasol:extension-manager-integration-test-java:0.5.9 to 0.5.11
  • Updated com.oracle.database.jdbc:ojdbc8:23.3.0.23.09 to 23.4.0.24.05
  • Updated org.slf4j:slf4j-jdk14:2.0.12 to 2.0.13

Extension

Compile Dependency Updates

  • Updated @exasol/extension-manager-interface:0.4.1 to 0.4.2

Development Dependency Updates

  • Updated eslint:^8.53.0 to ^8.54.0
  • Updated @typescript-eslint/parser:^6.10.0 to ^7.8.0
  • Updated ts-jest:^29.1.1 to ^29.1.2
  • Updated @types/jest:^29.5.8 to ^29.5.12
  • Updated typescript:^5.2.2 to ^5.4.5
  • Updated @typescript-eslint/eslint-plugin:^6.10.0 to ^7.8.0
  • Updated ts-node:^10.9.1 to ^10.9.2
  • Updated esbuild:^0.19.5 to ^0.21.0

3.0.1 Fix vulnerability CVE-2024-29025

09 Apr 13:22
d6d2c26
Compare
Choose a tag to compare

This release fixes vulnerabilities by updating dependencies.

Security

  • #46: Fixed vulnerability CVE-2024-29025 in test dependency io.netty:netty-codec-http:jar:4.1.100.Final

Dependency Updates

Virtual Schema for Oracle

Test Dependency Updates

  • Updated com.exasol:extension-manager-integration-test-java:0.5.7 to 0.5.9
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.4 to 1.6.5
  • Updated com.exasol:test-db-builder-java:3.5.3 to 3.5.4
  • Updated com.exasol:udf-debugging-java:0.6.11 to 0.6.13
  • Updated nl.jqno.equalsverifier:equalsverifier:3.15.6 to 3.16.1
  • Updated org.junit.jupiter:junit-jupiter:5.10.1 to 5.10.2
  • Updated org.mockito:mockito-junit-jupiter:5.10.0 to 5.11.0
  • Updated org.slf4j:slf4j-jdk14:2.0.11 to 2.0.12
  • Updated org.testcontainers:junit-jupiter:1.19.3 to 1.19.7
  • Updated org.testcontainers:oracle-xe:1.19.3 to 1.19.7

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.2
  • Updated com.exasol:project-keeper-maven-plugin:3.0.1 to 4.3.0
  • Updated org.apache.maven.plugins:maven-assembly-plugin:3.6.0 to 3.7.1
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.13.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.3 to 3.2.5
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.3 to 3.2.5
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 3.11.0.3922

3.0.0: Char set is always `utf-8`, deprecated IMPORT_DATA_TYPES `FROM_RESULT_SET` value

22 Feb 16:32
eb3e3b2
Compare
Choose a tag to compare

Summary

The behaviour when it comes to character sets is now simplified,
The target char set is now always UTF-8.
The IMPORT_DATA_TYPES property (and value FROM_RESULT_SET) are now deprecated (change in vs-common-jdbc):
An exception will be thrown when users use FROM_RESULT_SET. The exception message warns the user that the value is no longer supported and the property itself is also deprecated.

We also updated dependencies and resolved the following 2 CVEs in test dependency org.apache.commons:commons-compress:

Features

  • #42: Updated vs-common-jdbc to v12.0.0 for Exasol V8 changes + adapt tests refactoring

Security

Dependency Updates

Virtual Schema for Oracle

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-jdbc:11.0.2 to 12.0.0
  • Removed com.oracle.database.jdbc:ojdbc8:23.3.0.23.09

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.6.2 to 7.0.1
  • Added com.exasol:extension-manager-integration-test-java:0.5.7
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.1 to 1.6.4
  • Added com.exasol:maven-project-version-getter:1.2.0
  • Updated com.exasol:test-db-builder-java:3.5.1 to 3.5.3
  • Updated com.exasol:virtual-schema-common-jdbc:11.0.2 to 12.0.0
  • Updated com.exasol:virtual-schema-shared-integration-tests:2.2.5 to 3.0.0
  • Added com.oracle.database.jdbc:ojdbc8:23.3.0.23.09
  • Updated nl.jqno.equalsverifier:equalsverifier:3.15.2 to 3.15.6
  • Updated org.jacoco:org.jacoco.agent:0.8.10 to 0.8.11
  • Updated org.junit.jupiter:junit-jupiter:5.10.0 to 5.10.1
  • Updated org.mockito:mockito-junit-jupiter:5.5.0 to 5.10.0
  • Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.11
  • Updated org.testcontainers:junit-jupiter:1.19.1 to 1.19.3
  • Updated org.testcontainers:oracle-xe:1.19.1 to 1.19.3

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 1.3.1
  • Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 3.0.1
  • Updated org.apache.maven.plugins:maven-clean-plugin:2.5 to 3.3.2
  • Updated org.apache.maven.plugins:maven-dependency-plugin:3.6.0 to 3.6.1
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.3
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.3
  • Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
  • Added org.codehaus.mojo:exec-maven-plugin:3.1.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.2
  • Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

Extension

Compile Dependency Updates

  • Added @exasol/extension-manager-interface:0.4.1

Development Dependency Updates

  • Added eslint:^8.53.0
  • Added @typescript-eslint/parser:^6.10.0
  • Added ts-jest:^29.1.1
  • Added @types/jest:^29.5.8
  • Added typescript:^5.2.2
  • Added @typescript-eslint/eslint-plugin:^6.10.0
  • Added jest:29.7.0
  • Added ts-node:^10.9.1
  • Added esbuild:^0.19.5

2.4.2: Fix CVE-2023-42503 in test dependency

05 Oct 06:38
ceb80c8
Compare
Choose a tag to compare

Summary

This release fixes CVE-2023-42503 in test dependency org.apache.commons:commons-compress.

Security

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-jdbc:10.5.0 to 11.0.2
  • Updated com.oracle.database.jdbc:ojdbc8:21.9.0.0 to 23.3.0.23.09

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.5.1 to 6.6.2
  • Updated com.exasol:hamcrest-resultset-matcher:1.5.2 to 1.6.1
  • Updated com.exasol:test-db-builder-java:3.4.2 to 3.5.1
  • Updated com.exasol:udf-debugging-java:0.6.8 to 0.6.11
  • Updated com.exasol:virtual-schema-common-jdbc:10.5.0 to 11.0.2
  • Updated com.exasol:virtual-schema-shared-integration-tests:2.2.3 to 2.2.5
  • Updated nl.jqno.equalsverifier:equalsverifier:3.14 to 3.15.2
  • Updated org.jacoco:org.jacoco.agent:0.8.8 to 0.8.10
  • Updated org.junit.jupiter:junit-jupiter:5.9.2 to 5.10.0
  • Updated org.mockito:mockito-junit-jupiter:5.2.0 to 5.5.0
  • Updated org.slf4j:slf4j-jdk14:2.0.6 to 2.0.9
  • Updated org.testcontainers:junit-jupiter:1.17.6 to 1.19.1
  • Updated org.testcontainers:oracle-xe:1.17.6 to 1.19.1

Plugin Dependency Updates

  • Updated com.exasol:artifact-reference-checker-maven-plugin:0.4.0 to 0.4.2
  • Updated com.exasol:error-code-crawler-maven-plugin:1.1.1 to 1.3.0
  • Updated com.exasol:project-keeper-maven-plugin:2.4.6 to 2.9.12
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.16
  • Updated org.apache.maven.plugins:maven-assembly-plugin:3.3.0 to 3.6.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.11.0
  • Updated org.apache.maven.plugins:maven-dependency-plugin:3.3.0 to 3.6.0
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0 to 3.4.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5 to 3.1.2
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.2.2 to 3.3.0
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 to 3.1.2
  • Added org.basepom.maven:duplicate-finder-maven-plugin:2.0.1
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.5.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.16.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.10

2.4.1: Maintenance

16 Mar 09:30
e5d5d6e
Compare
Choose a tag to compare

Summary

Renamed error codes from VS-ORA to VSORA and updated dependencies to replace com.exasol:exasol-script-api by udf-api-java/1.0.1 as com.exasol:exasol-script-api had been available on discontinued maven repository maven.exasol.com.

Please note that updated dependency virtual-schema-common-jdbc adds support for a new adapter property MAX_TABLE_COUNT and fixes ambiguous results by escaping SQL wildcards such as underscore _ and percent % in names of catalogs, schemas, and tables when retrieving column metadata from JDBC driver.

Bugfixes

  • #25: Renamed error codes from VS-ORA to VSORA.
  • #30: Updated dependencies

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:error-reporting-java:1.0.0 to 1.0.1
  • Updated com.exasol:virtual-schema-common-jdbc:10.1.0 to 10.5.0
  • Updated com.oracle.database.jdbc:ojdbc8:21.7.0.0 to 21.9.0.0

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.4.0 to 6.5.1
  • Updated com.exasol:test-db-builder-java:3.4.1 to 3.4.2
  • Updated com.exasol:udf-debugging-java:0.6.5 to 0.6.8
  • Updated com.exasol:virtual-schema-common-jdbc:10.1.0 to 10.5.0
  • Updated com.exasol:virtual-schema-shared-integration-tests:2.2.2 to 2.2.3
  • Updated nl.jqno.equalsverifier:equalsverifier:3.12.1 to 3.14
  • Updated org.junit.jupiter:junit-jupiter:5.9.1 to 5.9.2
  • Updated org.mockito:mockito-junit-jupiter:4.9.0 to 5.2.0
  • Added org.slf4j:slf4j-jdk14:2.0.6

2.4.0: Dependency Upgrade

06 Dec 13:13
cf1dba4
Compare
Choose a tag to compare

Summary

Enabled to use Oracle database with characters not strictly ASCII by updating dependencies and using a new version of virtual-schema-common-jdbc.

Virtual-schema-common-jdbc version 10.0.0 introduced enhanced detection for data types of result sets.

Unfortunately with the new algorithm compatibility problems with the source database can happen under the following circumstances:

  • data type CHAR or VARCHAR
  • 8-bit character sets with encodings like latin1 or ISO-8859-1
  • characters being not strictly ASCII, e.g. German umlaut "Ãœ"

The current release therefore uses an updated version of virtual-schema-common-jdbc with an additional adapter property to configure the data type detection.

For details please see adapter Properties for JDBC-Based Virtual Schemas.

Features

  • #26: Enabled to use Oracle database with characters not strictly ASCII.

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:virtual-schema-common-jdbc:10.0.1 to 10.1.0

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.2.0 to 6.4.0
  • Updated com.exasol:test-db-builder-java:3.3.4 to 3.4.1
  • Updated com.exasol:udf-debugging-java:0.6.4 to 0.6.5
  • Updated com.exasol:virtual-schema-common-jdbc:10.0.1 to 10.1.0
  • Updated nl.jqno.equalsverifier:equalsverifier:3.10.1 to 3.12.1
  • Updated org.mockito:mockito-junit-jupiter:4.8.0 to 4.9.0
  • Updated org.testcontainers:junit-jupiter:1.17.3 to 1.17.6
  • Updated org.testcontainers:oracle-xe:1.17.3 to 1.17.6

2.3.0: Enhanced Data Type Detection for Result Sets and Fixed Vulnerabilities in Dependencies

29 Sep 10:49
9aac8b8
Compare
Choose a tag to compare

Summary

Starting with version 7.1.14 Exasol database uses the capabilities reported by each virtual schema to provide select list data types for each push down request. Based on this information the JDBC virtual schemas no longer need to infer the data types of the result set by inspecting its values. Instead the JDBC virtual schemas can now use the information provided by the database.

This release provides enhanced data type detection for result sets by updating virtual-schema-common-jdbc to version 10.0.1.

Additionally this release fixes vulnerabilities CVE-2022-38751 and CVE-2022-38752 reported for transitive dependency snakeyaml required by

Features

  • #23: Updated to VSCJDBC 10.0.1 and fixed vulnerabilities.

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:db-fundamentals-java:0.1.2 to 0.1.3
  • Updated com.exasol:error-reporting-java:0.4.1 to 1.0.0
  • Updated com.exasol:virtual-schema-common-jdbc:9.0.4 to 10.0.1
  • Updated com.oracle.database.jdbc:ojdbc8:21.5.0.0 to 21.7.0.0

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.1.1 to 6.2.0
  • Updated com.exasol:hamcrest-resultset-matcher:1.5.1 to 1.5.2
  • Updated com.exasol:test-db-builder-java:3.3.2 to 3.3.4
  • Updated com.exasol:udf-debugging-java:0.6.2 to 0.6.4
  • Updated com.exasol:virtual-schema-common-jdbc:9.0.4 to 10.0.1
  • Updated com.exasol:virtual-schema-shared-integration-tests:2.2.0 to 2.2.2
  • Updated nl.jqno.equalsverifier:equalsverifier:3.10 to 3.10.1
  • Updated org.junit.jupiter:junit-jupiter:5.8.2 to 5.9.1
  • Updated org.mockito:mockito-junit-jupiter:4.6.1 to 4.8.0
  • Updated org.testcontainers:junit-jupiter:1.17.2 to 1.17.3
  • Updated org.testcontainers:oracle-xe:1.17.2 to 1.17.3

2.2.2: Updated dependencies and plugins

15 Jun 10:14
3053330
Compare
Choose a tag to compare

Summary

Updated dependencies, plugins, fixed broken links checker

Dependency Updates

Runtime Dependency Updates

  • Added org.glassfish:jakarta.json:2.0.1

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.0.0 to 6.1.1
  • Updated com.exasol:test-db-builder-java:3.3.0 to 3.3.2
  • Updated com.exasol:udf-debugging-java:0.5.0 to 0.6.2
  • Updated nl.jqno.equalsverifier:equalsverifier:3.9 to 3.10
  • Updated org.jacoco:org.jacoco.agent:0.8.5 to 0.8.8
  • Updated org.mockito:mockito-junit-jupiter:4.3.1 to 4.6.1
  • Updated org.testcontainers:junit-jupiter:1.16.3 to 1.17.2
  • Updated org.testcontainers:oracle-xe:1.16.3 to 1.17.2

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.1.0 to 1.1.1
  • Updated com.exasol:project-keeper-maven-plugin:2.3.0 to 2.4.6
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.9.0 to 3.10.1
  • Updated org.apache.maven.plugins:maven-dependency-plugin:3.2.0 to 3.3.0
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.2.0 to 3.2.2
  • Updated org.codehaus.mojo:versions-maven-plugin:2.8.1 to 2.10.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.7 to 0.8.8
  • Updated org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0 to 3.2.0

2.2.0: Import from ora: explicit data types switch.

11 Apr 12:38
e7c772f
Compare
Choose a tag to compare

Features

  • #14: Explicitly state types when using IMPORT_FROM_ORA: Added GENERATE_JDBC_DATATYPE_MAPPING_FOR_OCI flag to virtual schema adapter for this functionality.

Dependency Updates

Test Dependency Updates

  • Updated com.exasol:virtual-schema-shared-integration-tests:2.1.1 to 2.2.0
  • Added org.jacoco:org.jacoco.agent:0.8.5

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:0.7.1 to 1.1.0
  • Updated com.exasol:project-keeper-maven-plugin:1.3.4 to 2.3.0
  • Updated org.apache.maven.plugins:maven-dependency-plugin:2.8 to 3.2.0
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.2.2 to 3.2.0
  • Added org.codehaus.mojo:flatten-maven-plugin:1.2.7
  • Updated org.codehaus.mojo:versions-maven-plugin:2.9.0 to 2.8.1
  • Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
  • Updated org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0 to 3.1.0