Update exasol-jdbc version, CVE fix (#229)

* Update exasol-jdbc version * New version, pk fix * Update dnsjava * Change workerId to comment * Fix tests * Fix * Changelog * Update doc/changes/changes_2.2.0.md Co-authored-by: Christoph Pirkl <[email protected]> * Update doc/changes/changes_2.2.0.md Co-authored-by: Christoph Pirkl <[email protected]> * Update parent-pom/pom.xml Co-authored-by: Christoph Pirkl <[email protected]> * Exclusion is not needed --------- Co-authored-by: Christoph Pirkl <[email protected]>
exasol · Aug 28, 2024 · 341fde9 · 341fde9
1 parent c83d655
commit 341fde9
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 8 deletions.
diff --git a/dependencies.md b/dependencies.md
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
diff --git a/doc/changes/changes_2.2.0.md b/doc/changes/changes_2.2.0.md
@@ -0,0 +1,30 @@
+# Spark Connector 2.2.0, released 2024-08-28
+
+Code name: Fix Exasol-JDBC compatibility, CVE CVE-2024-25638
+
+## Summary
+Fixed issue with Exasol-JDBC parameter change.
+Fixed CVE-2024-25638 in dnsjava:dnsjava:jar:2.1.7:provided (hadoop-client dependency).
+
+## Security
+
+* #228: Fix vulnerability in dnsjava:dnsjava:jar:2.1.7:provided
+
+## Bugfixes
+
+* #227: Spark Connector is not compatible with exasol-jdbc V24+
+
+## Dependency Updates
+
+### Spark Exasol Connector With JDBC
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:exasol-jdbc:7.1.20` to `24.1.2`
+* Updated `com.exasol:spark-connector-common-java:2.0.1` to `2.0.5`
+
+### Spark Exasol Connector With S3
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:spark-connector-common-java:2.0.1` to `2.0.5`
diff --git a/exasol-jdbc/src/main/scala/com/exasol/spark/util/ExasolConnectionManager.scala b/exasol-jdbc/src/main/scala/com/exasol/spark/util/ExasolConnectionManager.scala
@@ -82,7 +82,7 @@ final case class ExasolConnectionManager(options: ExasolOptions) {
       .toSeq
       .map { case ((host, port), idx) =>
         val hostWithFingerprint = getHostWithFingerprint(host)
-        val url = s"$WORKER_CONNECTION_PREFIX:$hostWithFingerprint:$port;workerID=$idx;workertoken=$token"
+        val url = s"$WORKER_CONNECTION_PREFIX:$hostWithFingerprint:$port;comment=$idx;workertoken=$token"
         getConnectionStringWithOptions(url)
       }
   }

diff --git a/exasol-jdbc/src/test/scala/com/exasol/spark/util/ExasolConnectionManagerSuite.scala b/exasol-jdbc/src/test/scala/com/exasol/spark/util/ExasolConnectionManagerSuite.scala
@@ -88,6 +88,5 @@ class ExasolConnectionManagerSuite extends AnyFunSuite with Matchers with Mockit
   }
 
   private[this] def getWorkerJdbcUrl(host: String, port: Int, id: Int, token: Long): String =
-    s"jdbc:exa-worker:$host:$port;workerID=$id;workertoken=$token"
-
+    s"jdbc:exa-worker:$host:$port;comment=$id;workertoken=$token"
 }
diff --git a/parent-pom/pom.xml b/parent-pom/pom.xml
@@ -15,7 +15,7 @@
         <relativePath>pk_generated_parent.pom</relativePath>
     </parent>
     <properties>
-        <revision>2.1.8</revision>
+        <revision>2.2.0</revision>
         <java.version>8</java.version>
         <log4j.version>2.20.0</log4j.version>
         <junit.version>5.10.0</junit.version>
@@ -32,7 +32,7 @@
             <dependency>
                 <groupId>com.exasol</groupId>
                 <artifactId>exasol-jdbc</artifactId>
-                <version>7.1.20</version>
+                <version>24.1.2</version>
             </dependency>
             <dependency>
                 <groupId>com.exasol</groupId>
@@ -342,6 +342,13 @@
                 <artifactId>woodstox-core</artifactId>
                 <version>6.5.1</version>
             </dependency>
+            <!-- Update transitive dependency of org.apache.hadoop:hadoop-client to fix CVE-2024-25638 -->
+            <dependency>
+                <groupId>dnsjava</groupId>
+                <artifactId>dnsjava</artifactId>
+                <version>3.6.1</version>
+                <scope>provided</scope>
+            </dependency>
             <dependency>
                 <!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2023-42503 -->
                 <groupId>org.apache.commons</groupId>