3.1.1 Fix CVE-2024-25638 in `dnsjava:dnsjava:jar:3.4.0:compile`

This release fixes vulnerability CVE-2024-25638 in dnsjava:dnsjava:jar:3.4.0:compile.

Security

• #170: Fixed vulnerability CVE-2024-25638 in dnsjava:dnsjava:jar:3.4.0:compile

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-document-files:8.1.0 to 8.1.2
• Updated software.amazon.awssdk:s3:2.26.3 to 2.26.26

Test Dependency Updates

• Updated com.amazonaws:aws-java-sdk-s3:1.12.744 to 1.12.766
• Updated com.exasol:virtual-schema-common-document-files:8.1.0 to 8.1.2
• Updated com.fasterxml.jackson.core:jackson-databind:2.17.1 to 2.17.2
• Updated org.junit.jupiter:junit-jupiter-engine:5.10.2 to 5.10.3
• Updated org.junit.jupiter:junit-jupiter-params:5.10.2 to 5.10.3
• Updated org.testcontainers:junit-jupiter:1.19.8 to 1.20.0
• Updated org.testcontainers:localstack:1.19.8 to 1.20.0

Extension

Development Dependency Updates

• Updated eslint:^9.5.0 to ^9.8.0
• Updated ts-jest:^29.1.5 to ^29.2.3
• Updated typescript:^5.4.5 to ^5.5.4
• Updated esbuild:^0.21.5 to ^0.23.0

3.1.0 Configure column names for automatic mapping inference

This release allows configuring the mapping of column names for the automatic mapping inference in Parquet and CSV files. Before, the virtual schema always converted source column names to UPPER_SNAKE_CASE to create the Exasol column names. This is now configurable with EDML property autoInferenceColumnNames. This property supports the following values:

• CONVERT_TO_UPPER_SNAKE_CASE: Convert column names to UPPER_SNAKE_CASE (default).
• KEEP_ORIGINAL_NAME: Do not convert column names, use column name from source.

See the EDML user guide for details.

Features

• #168: Added option to keep original column name for auto inference

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-document-files:8.0.4 to 8.1.0
• Updated software.amazon.awssdk:s3:2.25.45 to 2.26.3

Test Dependency Updates

• Updated com.amazonaws:aws-java-sdk-s3:1.12.715 to 1.12.744
• Updated com.exasol:exasol-test-setup-abstraction-java:2.1.3 to 2.1.4
• Updated com.exasol:extension-manager-integration-test-java:0.5.11 to 0.5.12
• Removed com.exasol:java-class-list-verifier:0.2.6
• Updated com.exasol:virtual-schema-common-document-files:8.0.4 to 8.1.0
• Updated org.mockito:mockito-core:5.11.0 to 5.12.0
• Updated org.testcontainers:junit-jupiter:1.19.7 to 1.19.8
• Updated org.testcontainers:localstack:1.19.7 to 1.19.8

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:4.3.2 to 4.3.3

Extension

Compile Dependency Updates

• Updated @exasol/extension-manager-interface:0.4.2 to 0.4.3

Development Dependency Updates

• Updated eslint:^8.57.0 to ^9.5.0
• Updated ts-jest:^29.1.2 to ^29.1.5
• Updated typescript-eslint:^7.8.0 to ^8.0.0-alpha.30
• Updated esbuild:^0.20.2 to ^0.21.5

3.0.7 Security update - fix for CVE-2024-36114

Fixed CVE-2024-36114 GHSA-973x-65j7-xcf4.

Security

• #166: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-document-files:8.0.3 to 8.0.4

Test Dependency Updates

• Updated com.exasol:virtual-schema-common-document-files:8.0.3 to 8.0.4
• Updated org.jacoco:org.jacoco.agent:0.8.11 to 0.8.12

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.2 to 2.0.3
• Updated com.exasol:project-keeper-maven-plugin:4.3.0 to 4.3.2
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-jar-plugin:3.3.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922 to 4.0.0.4121

3.0.6 Improve error handling for extension

This release improves error handling when creating a new Virtual Schema using the extension: the extension now checks if a schema with the same name exists and returns a helpful error message. This check is case-insensitive because Exasol's CONNECTION names are also case-insensitive.

Bugfix

• #164: Improved error handling for creating Virtual Schema using the extension

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated software.amazon.awssdk:s3:2.25.27 to 2.25.45

Runtime Dependency Updates

• Updated org.slf4j:slf4j-jdk14:2.0.12 to 2.0.13

Test Dependency Updates

• Updated com.amazonaws:aws-java-sdk-s3:1.12.697 to 1.12.715
• Updated com.exasol:exasol-test-setup-abstraction-java:2.1.2 to 2.1.3
• Updated com.exasol:extension-manager-integration-test-java:0.5.8 to 0.5.11
• Updated com.exasol:small-json-files-test-fixture:0.1.9 to 0.1.10
• Updated com.exasol:udf-debugging-java:0.6.12 to 0.6.13
• Updated com.fasterxml.jackson.core:jackson-databind:2.17.0 to 2.17.1

Extension

Compile Dependency Updates

• Updated @exasol/extension-manager-interface:0.4.1 to 0.4.2

Development Dependency Updates

• Updated typescript-eslint:^7.5.0 to ^7.8.0
• Updated typescript:^5.4.4 to ^5.4.5

3.0.5 Fix permissions for performance tests

This release fixes permissions for performance regression tests.

3.0.4 Fixed vulnerabilities CVE-2024-29131, CVE-2024-29133 and CVE-2024-29025

This release fixes the following three vulnerability:

CVE-2024-29025 (CWE-770) in dependency io.netty:netty-codec-http:jar:4.1.107.Final:runtime

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-29025?component-type=maven&component-name=io.netty%2Fnetty-codec-http&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29025
• GHSA-5jpm-x58v-624v

CVE-2024-29131 (CWE-787) in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.

Users are recommended to upgrade to version 2.10.1, which fixes the issue.

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-29131?component-type=maven&component-name=org.apache.commons%2Fcommons-configuration2&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29131
• https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
• GHSA-xjp4-hw94-mvp5

CVE-2024-29133 (CWE-787) in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.

Users are recommended to upgrade to version 2.10.1, which fixes the issue.

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-29133?component-type=maven&component-name=org.apache.commons%2Fcommons-configuration2&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29133
• https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2

Security

• #154: Fixed vulnerability CVE-2024-29131 in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile
• #155: Fixed vulnerability CVE-2024-29133 in dependency org.apache.commons:commons-configuration2:jar:2.8.0:compile
• #157: Fixed vulnerability CVE-2024-29025 in dependency io.netty:netty-codec-http:jar:4.1.107.Final:runtime

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-document-files:8.0.2 to 8.0.3
• Updated software.amazon.awssdk:s3:2.25.8 to 2.25.27

Test Dependency Updates

• Updated com.amazonaws:aws-java-sdk-s3:1.12.678 to 1.12.697
• Updated com.exasol:exasol-test-setup-abstraction-java:2.1.1 to 2.1.2
• Updated com.exasol:virtual-schema-common-document-files:8.0.2 to 8.0.3
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.8 to 3.16.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.0 to 2.0.2
• Updated com.exasol:project-keeper-maven-plugin:4.1.0 to 4.3.0
• Updated org.apache.maven.plugins:maven-assembly-plugin:3.6.0 to 3.7.1
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
• Updated org.codehaus.mojo:exec-maven-plugin:3.1.1 to 3.2.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 3.11.0.3922

Extension

Development Dependency Updates

• Updated eslint:^8.56.0 to ^8.57.0
• Updated @types/jest:^29.5.11 to ^29.5.12
• Added typescript-eslint:^7.5.0
• Updated typescript:^5.3.3 to ^5.4.4
• Updated esbuild:^0.19.12 to ^0.20.2
• Removed @typescript-eslint/parser:^6.19.1
• Removed @typescript-eslint/eslint-plugin:^6.19.1

3.0.3: Fix vulnerabilities CVE-2023-52428, CVE-2024-26308 and CVE-2024-25710 in compile dependencies

Summary

This release vulnerabilities in the following compile dependencies:

• com.nimbusds:nimbus-jose-jwt:jar:9.8.1:compile:
  • CVE-2023-52428
• org.apache.commons:commons-compress:jar:1.24.0:compile:
  • CVE-2024-26308
  • CVE-2024-25710

Excluded Vulnerability We accept vulnerability CVE-2017-10355 (CWE-833: Deadlock) in test dependency xerces:xercesImpl:jar:2.12.2 as we assume that we only connect to the known endpoint ExaOperations.

Security

• #149: Fixed CVE-2023-52428 in com.nimbusds:nimbus-jose-jwt:jar:9.8.1:compile
• #150: Fixed CVE-2024-25710 in org.apache.commons:commons-compress:jar:1.24.0:compile
• #151: Fixed CVE-2024-26308 in org.apache.commons:commons-compress:jar:1.24.0:compile

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-document-files:8.0.0 to 8.0.2
• Updated software.amazon.awssdk:s3:2.23.9 to 2.25.8

Runtime Dependency Updates

• Updated org.slf4j:slf4j-jdk14:2.0.11 to 2.0.12

Test Dependency Updates

• Updated com.amazonaws:aws-java-sdk-s3:1.12.643 to 1.12.678
• Updated com.exasol:exasol-test-setup-abstraction-java:2.1.0 to 2.1.1
• Updated com.exasol:extension-manager-integration-test-java:0.5.7 to 0.5.8
• Updated com.exasol:hamcrest-resultset-matcher:1.6.4 to 1.6.5
• Updated com.exasol:java-class-list-verifier:0.2.5 to 0.2.6
• Updated com.exasol:test-db-builder-java:3.5.3 to 3.5.4
• Updated com.exasol:udf-debugging-java:0.6.11 to 0.6.12
• Updated com.exasol:virtual-schema-common-document-files:8.0.0 to 8.0.2
• Updated com.fasterxml.jackson.core:jackson-databind:2.16.1 to 2.17.0
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.6 to 3.15.8
• Updated org.junit.jupiter:junit-jupiter-engine:5.10.1 to 5.10.2
• Updated org.junit.jupiter:junit-jupiter-params:5.10.1 to 5.10.2
• Updated org.mockito:mockito-core:5.9.0 to 5.11.0
• Updated org.testcontainers:junit-jupiter:1.19.3 to 1.19.7
• Updated org.testcontainers:localstack:1.19.3 to 1.19.7

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.0
• Updated com.exasol:project-keeper-maven-plugin:3.0.0 to 4.1.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.3 to 3.2.5
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.3 to 3.2.5
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0

3.0.2: Fix performance regression tests

Summary

This release fixes running the performance regression tests.

Bugfixes

• #143: Fixed running performance regression tests

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated software.amazon.awssdk:s3:2.23.4 to 2.23.9

Test Dependency Updates

• Updated com.amazonaws:aws-java-sdk-s3:1.12.638 to 1.12.643
• Updated com.exasol:small-json-files-test-fixture:0.1.8 to 0.1.9

Extension

Compile Dependency Updates

• Updated @exasol/extension-manager-interface:0.4.0 to 0.4.1

Development Dependency Updates

• Updated eslint:^8.53.0 to ^8.56.0
• Updated @typescript-eslint/parser:^6.9.1 to ^6.19.1
• Updated ts-jest:^29.1.1 to ^29.1.2
• Updated @types/jest:^29.5.7 to ^29.5.11
• Updated typescript:^5.2.2 to ^5.3.3
• Updated @typescript-eslint/eslint-plugin:^6.9.1 to ^6.19.1
• Updated ts-node:^10.9.1 to ^10.9.2
• Updated esbuild:^0.19.5 to ^0.19.12

3.0.1: Fix CVE-2024-21634 in test dependency `software.amazon.ion:ion-java`

Summary

This release fixes CVE-2024-21634 (CWE-770: Allocation of Resources Without Limits or Throttling (7.5)) in test dependency software.amazon.ion:ion-java.

Security

• #144: Fixed CVE-2024-21634 in test dependency software.amazon.ion:ion-java

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated software.amazon.awssdk:s3:2.21.44 to 2.23.4

Runtime Dependency Updates

• Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.11

Test Dependency Updates

• Updated com.amazonaws:aws-java-sdk-s3:1.12.613 to 1.12.638
• Updated com.exasol:hamcrest-resultset-matcher:1.6.3 to 1.6.4
• Updated com.fasterxml.jackson.core:jackson-databind:2.16.0 to 2.16.1
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.4 to 3.15.6
• Updated org.mockito:mockito-core:5.8.0 to 5.9.0

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.17 to 3.0.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.2 to 3.2.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.2 to 3.2.3
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0

3.0.0: Support Exasol 8

Summary

This release adds support for Exasol 8. This brings the following changes:

Remove support for TIMESTAMP WITH LOCAL TIME ZONE

This release removes support for data type TIMESTAMP WITH LOCAL TIME ZONE. This type caused problems with the stricter type checks enabled by default in Exasol 8, causing pushdown queries for document based virtual schemas to fail with the following error:

Data type mismatch in column number 5 (1-indexed).Expected TIMESTAMP(3) WITH LOCAL TIME ZONE, but got TIMESTAMP(3).

We fixed this error by removing support TIMESTAMP WITH LOCAL TIME ZONE completely.

Support ALTER VIRTUAL SCHEMA SET

This release adds support for ALTER VIRTUAL SCHEMA SET. This will allow changing properties like MAPPING of a virtual schema without dropping and re-creating it:

-- Update EDML mapping of the virtual schema
ALTER VIRTUAL SCHEMA MY_VIRTUAL_SCHEMA SET MAPPING = '...';

-- Enable remote logging or change the log level
ALTER VIRTUAL SCHEMA MY_VIRTUAL_SCHEMA SET DEBUG_ADDRESS = 'host:3000' LOG_LEVEL = 'FINEST';
ALTER VIRTUAL SCHEMA MY_VIRTUAL_SCHEMA SET LOG_LEVEL = 'INFO';

See the documentation for ALTER SCHEMA for details.

Features

• #140: Added support for Exasol 8

Dependency Updates

Virtual Schema for Document Data in Files on AWS S3

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-document-files:7.3.6 to 8.0.0
• Updated software.amazon.awssdk:s3:2.21.16 to 2.21.44

Test Dependency Updates

• Updated com.amazonaws:aws-java-sdk-s3:1.12.582 to 1.12.613
• Updated com.exasol:exasol-test-setup-abstraction-java:2.0.4 to 2.1.0
• Updated com.exasol:extension-manager-integration-test-java:0.5.5 to 0.5.7
• Updated com.exasol:hamcrest-resultset-matcher:1.6.2 to 1.6.3
• Updated com.exasol:small-json-files-test-fixture:0.1.7 to 0.1.8
• Updated com.exasol:test-db-builder-java:3.5.1 to 3.5.3
• Updated com.exasol:virtual-schema-common-document-files:7.3.6 to 8.0.0
• Updated com.fasterxml.jackson.core:jackson-databind:2.15.3 to 2.16.0
• Updated nl.jqno.equalsverifier:equalsverifier:3.15.3 to 3.15.4
• Updated org.mockito:mockito-core:5.7.0 to 5.8.0
• Updated org.testcontainers:junit-jupiter:1.19.1 to 1.19.3
• Updated org.testcontainers:localstack:1.19.1 to 1.19.3

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.15 to 2.9.17
• Updated org.apache.maven.plugins:maven-dependency-plugin:3.6.0 to 3.6.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.2
• Updated org.codehaus.mojo:exec-maven-plugin:3.1.0 to 3.1.1
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.1 to 2.16.2