Skip to content

Commit

Permalink
Security update - fix for CVE-2024-36114 (#167)
Browse files Browse the repository at this point in the history 
* Security update - fix for CVE-2024-36114
  • Loading branch information
@pj-spoelders
pj-spoelders authored Jun 4, 2024
1 parent 6748d4c commit 0a5b729
Show file tree
Hide file tree
Showing 13 changed files with 66 additions and 42 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/broken_links_checker.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 0 additions & 7 deletions .github/workflows/ci-build-next-java.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions .github/workflows/ci-build.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 5 additions & 9 deletions .github/workflows/dependencies_update.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions dependencies.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/changes/changelog.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

33 changes: 33 additions & 0 deletions doc/changes/changes_3.0.7.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# S3 Document Files Virtual Schema 3.0.7, released 2024-06-04

Code name: Security update - fix for CVE-2024-36114

## Summary

Fixed CVE-2024-36114 https://github.com/advisories/GHSA-973x-65j7-xcf4.

## Security

* #166: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile

## Dependency Updates

### Virtual Schema for Document Data in Files on AWS S3

#### Compile Dependency Updates

* Updated `com.exasol:virtual-schema-common-document-files:8.0.3` to `8.0.4`

#### Test Dependency Updates

* Updated `com.exasol:virtual-schema-common-document-files:8.0.3` to `8.0.4`
* Updated `org.jacoco:org.jacoco.agent:0.8.11` to `0.8.12`

#### Plugin Dependency Updates

* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.2` to `2.0.3`
* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `4.3.2`
* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0`
* Updated `org.apache.maven.plugins:maven-jar-plugin:3.3.0` to `3.4.1`
* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `4.0.0.4121`
6 changes: 3 additions & 3 deletions doc/hands_on/hands_on.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ For the document Virtual Schemas, and by that also the S3 Virtual Schema, this i
To install the Virtual Schema adapter, download its latest jar from the [releases](https://github.com/exasol/s3-document-files-virtual-schema/releases) and upload to BucketFS:

``` shell script
curl -I -X PUT -T document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar http://w:writepw@<YOUR_DB_IP>:2580/default/
curl -I -X PUT -T document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar http://w:writepw@<YOUR_DB_IP>:2580/default/
```

(If you have never used BucketFS, you can check out [its documentation](https://docs.exasol.com/database_concepts/bucketfs/bucketfs.htm))
Expand All @@ -75,7 +75,7 @@ CREATE SCHEMA ADAPTER;
--/
CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.S3_FILES_ADAPTER AS
%scriptclass com.exasol.adapter.RequestDispatcher;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar;
/

--/
Expand All @@ -85,7 +85,7 @@ CREATE OR REPLACE JAVA SET SCRIPT ADAPTER.IMPORT_FROM_S3_DOCUMENT_FILES(
CONNECTION_NAME VARCHAR(500))
EMITS(...) AS
%scriptclass com.exasol.adapter.document.UdfEntryPoint;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar;
/
```

Expand Down
6 changes: 3 additions & 3 deletions doc/hands_on/hands_on_parquet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ For the document Virtual Schemas, and by that also the S3 Virtual Schema, this i
To install the Virtual Schema adapter, download its latest jar from the [releases](https://github.com/exasol/s3-document-files-virtual-schema/releases) and upload to BucketFS:

``` shell script
curl -I -X PUT -T document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar http://w:writepw@<YOUR_DB_IP>:2580/default/
curl -I -X PUT -T document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar http://w:writepw@<YOUR_DB_IP>:2580/default/
```

(If you have never used BucketFS, you can check out [its documentation](https://docs.exasol.com/database_concepts/bucketfs/bucketfs.htm))
Expand All @@ -59,7 +59,7 @@ CREATE SCHEMA ADAPTER;

CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.S3_FILES_ADAPTER AS
%scriptclass com.exasol.adapter.RequestDispatcher;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar;
/

CREATE OR REPLACE JAVA SET SCRIPT ADAPTER.IMPORT_FROM_S3_DOCUMENT_FILES(
Expand All @@ -68,7 +68,7 @@ CREATE OR REPLACE JAVA SET SCRIPT ADAPTER.IMPORT_FROM_S3_DOCUMENT_FILES(
CONNECTION_NAME VARCHAR(500))
EMITS(...) AS
%scriptclass com.exasol.adapter.document.UdfEntryPoint;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar;
/
```

Expand Down
6 changes: 3 additions & 3 deletions doc/user_guide/user_guide.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Next create the Adapter Script:
```sql
CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.S3_FILES_ADAPTER AS
%scriptclass com.exasol.adapter.RequestDispatcher;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar;
/
```

Expand All @@ -30,7 +30,7 @@ CREATE OR REPLACE JAVA SET SCRIPT ADAPTER.IMPORT_FROM_S3_DOCUMENT_FILES(
CONNECTION_NAME VARCHAR(500))
EMITS(...) AS
%scriptclass com.exasol.adapter.document.UdfEntryPoint;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar;
%jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar;
/
```

Expand Down Expand Up @@ -126,7 +126,7 @@ In DbVisualizer use exactly this command:
--/
CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.S3_FILES_ADAPTER AS
%scriptclass com.exasol.adapter.RequestDispatcher;
%jar /buckets/bfsdefault/default/vs/document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar;
%jar /buckets/bfsdefault/default/vs/document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar;
/
```

Expand Down
14 changes: 7 additions & 7 deletions pk_generated_parent.pom
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>s3-document-files-virtual-schema</artifactId>
<version>3.0.6</version>
<version>3.0.7</version>
<name>Virtual Schema for document data in files on AWS S3</name>
<description>Adapter for document data access from files from AWS S3.</description>
<url>https://github.com/exasol/s3-document-files-virtual-schema/</url>
<properties>
<junit.version>5.10.2</junit.version>
<org.testcontainers.version>1.19.7</org.testcontainers.version>
<vs-common-document-files.version>8.0.3</vs-common-document-files.version>
<vs-common-document-files.version>8.0.4</vs-common-document-files.version>
<!-- Additional sonar configuration for analyzing TypeScript extension -->
<sonar.sources>src/main/,extension/src/</sonar.sources>
<sonar.exclusions>extension/src/*.test.ts</sonar.exclusions>
Expand Down Expand Up @@ -237,7 +237,7 @@
<plugin>
<groupId>com.exasol</groupId>
<artifactId>project-keeper-maven-plugin</artifactId>
<version>4.3.0</version>
<version>4.3.2</version>
<executions>
<execution>
<goals>
Expand Down Expand Up @@ -363,7 +363,7 @@
<parent>
<artifactId>s3-document-files-virtual-schema-generated-parent</artifactId>
<groupId>com.exasol</groupId>
<version>3.0.6</version>
<version>3.0.7</version>
<relativePath>pk_generated_parent.pom</relativePath>
</parent>
</project>
2 changes: 1 addition & 1 deletion src/test/java/com/exasol/adapter/document/files/IntegrationTestSetup.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

public class IntegrationTestSetup implements AutoCloseable {
public static final Path CLOUD_SETUP_CONFIG = Path.of("cloudSetup/generated/testConfig.json");
public static final String ADAPTER_JAR = "document-files-virtual-schema-dist-8.0.3-s3-3.0.6.jar";
public static final String ADAPTER_JAR = "document-files-virtual-schema-dist-8.0.4-s3-3.0.7.jar";
public static final Path ADAPTER_JAR_LOCAL_PATH = Path.of("target", ADAPTER_JAR);
public final String s3BucketName;
private final ExasolTestSetup exasolTestSetup = new ExasolTestSetupFactory(CLOUD_SETUP_CONFIG).getTestSetup();
Expand Down

0 comments on commit 0a5b729

Please sign in to comment.