From 6db89417d2fa531b05c170ee0df7fe547ebd0ea5 Mon Sep 17 00:00:00 2001 From: Pieterjan Spoelders Date: Tue, 4 Jun 2024 07:45:02 -0400 Subject: [PATCH] #318: CVE-2024-36114: io.airlift:aircompressor:jar:0.25:compile (#321) * #318: CVE-2024-36114: io.airlift:aircompressor:jar:0.25:compile --- .github/workflows/dependencies_update.yml | 14 +- dependencies.md | 302 +++++++++++----------- doc/changes/changelog.md | 1 + doc/changes/changes_2.8.1.md | 26 ++ doc/user_guide/user_guide.md | 20 +- pk_generated_parent.pom | 6 +- pom.xml | 12 +- 7 files changed, 206 insertions(+), 175 deletions(-) create mode 100644 doc/changes/changes_2.8.1.md diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml index 9f536ee3..1bf502f0 100644 --- a/.github/workflows/dependencies_update.yml +++ b/.github/workflows/dependencies_update.yml @@ -61,14 +61,6 @@ jobs: env: { CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' } - - name: Project Keeper Fix - id: project-keeper-fix - run: | - mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - - name: Project Keeper Fix for updated Project Keeper version - id: project-keeper-fix-2 - run: | - mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - name: Generate Pull Request comment id: pr-comment run: | @@ -81,7 +73,11 @@ jobs: echo 'It updates dependencies.' >> "$GITHUB_OUTPUT" fi echo >> "$GITHUB_OUTPUT" - echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT" + echo '# ⚠️ Notes ⚠️' >> "$GITHUB_OUTPUT" + echo '## Run PK fix manually' >> "$GITHUB_OUTPUT" + echo 'Due to restrictions workflow `dependencies_update.yml` can't update other workflows, see https://github.com/exasol/project-keeper/issues/578 for details.' >> "$GITHUB_OUTPUT" + echo 'Please checkout this PR locally and run `mvn com.exasol:project-keeper-maven-plugin:fix --projects .`' >> "$GITHUB_OUTPUT" + echo '## This PR does not trigger CI workflows' >> "$GITHUB_OUTPUT" echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT" echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT" echo 'EOF' >> "$GITHUB_OUTPUT" diff --git a/dependencies.md b/dependencies.md index a24a8e9b..4fc04e11 100644 --- a/dependencies.md +++ b/dependencies.md @@ -31,80 +31,81 @@ | [gcs-connector-hadoop3][27] | [Apache License, Version 2.0][6] | | [Google OAuth Client Library for Java][28] | [The Apache Software License, Version 2.0][3] | | [ORC Core][29] | [Apache License, Version 2.0][3] | -| [Apache Avro][30] | [Apache-2.0][3] | -| [Apache Commons Compress][31] | [Apache-2.0][3] | -| [Nimbus JOSE+JWT][32] | [The Apache Software License, Version 2.0][3] | -| [delta-core][33] | [Apache-2.0][34] | -| [Spark Project SQL][35] | [Apache 2.0 License][36] | -| [Apache Ivy][37] | [The Apache Software License, Version 2.0][6] | -| [Parquet for Java][38] | [MIT License][39] | -| [JUL to SLF4J bridge][40] | [MIT License][41] | -| [Apache Log4j API][42] | [Apache-2.0][3] | -| [Apache Log4j 1.x Compatibility API][43] | [Apache-2.0][3] | -| [Apache Log4j Core][44] | [Apache-2.0][3] | -| [scala-logging][45] | [Apache 2.0 License][36] | -| [jersey-core-common][46] | [EPL 2.0][47]; [The GNU General Public License (GPL), Version 2, With Classpath Exception][48]; [Apache License, 2.0][36]; [Public Domain][49] | -| [jersey-core-client][50] | [EPL 2.0][47]; [GPL2 w/ CPE][48]; [EDL 1.0][51]; [BSD 2-Clause][52]; [Apache License, 2.0][36]; [Public Domain][49]; [Modified BSD][53]; [jQuery license][54]; [MIT license][41]; [W3C license][55] | -| [jersey-core-server][56] | [EPL 2.0][47]; [The GNU General Public License (GPL), Version 2, With Classpath Exception][48]; [Apache License, 2.0][36]; [Modified BSD][53] | -| [jersey-container-servlet][57] | [EPL 2.0][47]; [GPL2 w/ CPE][48]; [EDL 1.0][51]; [BSD 2-Clause][52]; [Apache License, 2.0][36]; [Public Domain][49]; [Modified BSD][53]; [jQuery license][54]; [MIT license][41]; [W3C license][55] | -| [jersey-container-servlet-core][58] | [EPL 2.0][47]; [GPL2 w/ CPE][48]; [EDL 1.0][51]; [BSD 2-Clause][52]; [Apache License, 2.0][36]; [Public Domain][49]; [Modified BSD][53]; [jQuery license][54]; [MIT license][41]; [W3C license][55] | -| [jersey-inject-hk2][59] | [EPL 2.0][47]; [GPL2 w/ CPE][48]; [EDL 1.0][51]; [BSD 2-Clause][52]; [Apache License, 2.0][36]; [Public Domain][49]; [Modified BSD][53]; [jQuery license][54]; [MIT license][41]; [W3C license][55] | +| [aircompressor][30] | [Apache License 2.0][11] | +| [Apache Avro][31] | [Apache-2.0][3] | +| [Apache Commons Compress][32] | [Apache-2.0][3] | +| [Nimbus JOSE+JWT][33] | [The Apache Software License, Version 2.0][3] | +| [delta-core][34] | [Apache-2.0][35] | +| [Spark Project SQL][36] | [Apache 2.0 License][37] | +| [Apache Ivy][38] | [The Apache Software License, Version 2.0][6] | +| [Parquet for Java][39] | [MIT License][40] | +| [JUL to SLF4J bridge][41] | [MIT License][42] | +| [Apache Log4j API][43] | [Apache-2.0][3] | +| [Apache Log4j 1.x Compatibility API][44] | [Apache-2.0][3] | +| [Apache Log4j Core][45] | [Apache-2.0][3] | +| [scala-logging][46] | [Apache 2.0 License][37] | +| [jersey-core-common][47] | [EPL 2.0][48]; [The GNU General Public License (GPL), Version 2, With Classpath Exception][49]; [Apache License, 2.0][37]; [Public Domain][50] | +| [jersey-core-client][51] | [EPL 2.0][48]; [GPL2 w/ CPE][49]; [EDL 1.0][52]; [BSD 2-Clause][53]; [Apache License, 2.0][37]; [Public Domain][50]; [Modified BSD][54]; [jQuery license][55]; [MIT license][42]; [W3C license][56] | +| [jersey-core-server][57] | [EPL 2.0][48]; [The GNU General Public License (GPL), Version 2, With Classpath Exception][49]; [Apache License, 2.0][37]; [Modified BSD][54] | +| [jersey-container-servlet][58] | [EPL 2.0][48]; [GPL2 w/ CPE][49]; [EDL 1.0][52]; [BSD 2-Clause][53]; [Apache License, 2.0][37]; [Public Domain][50]; [Modified BSD][54]; [jQuery license][55]; [MIT license][42]; [W3C license][56] | +| [jersey-container-servlet-core][59] | [EPL 2.0][48]; [GPL2 w/ CPE][49]; [EDL 1.0][52]; [BSD 2-Clause][53]; [Apache License, 2.0][37]; [Public Domain][50]; [Modified BSD][54]; [jQuery license][55]; [MIT license][42]; [W3C license][56] | +| [jersey-inject-hk2][60] | [EPL 2.0][48]; [GPL2 w/ CPE][49]; [EDL 1.0][52]; [BSD 2-Clause][53]; [Apache License, 2.0][37]; [Public Domain][50]; [Modified BSD][54]; [jQuery license][55]; [MIT license][42]; [W3C license][56] | ### Test Dependencies | Dependency | License | | ------------------------------------------ | ----------------------------------------- | -| [scalatest][60] | [the Apache License, ASL Version 2.0][34] | -| [scalatestplus-mockito][61] | [Apache-2.0][34] | -| [mockito-core][62] | [MIT][63] | -| [Hamcrest][64] | [BSD License 3][65] | -| [testcontainers-scala-scalatest][66] | [The MIT License (MIT)][63] | -| [Testcontainers :: Localstack][67] | [MIT][68] | -| [Test containers for Exasol on Docker][69] | [MIT License][70] | -| [Test Database Builder for Java][71] | [MIT License][72] | -| [Matcher for SQL Result Sets][73] | [MIT License][74] | -| [EqualsVerifier \| release normal jar][75] | [Apache License, Version 2.0][3] | -| [JUnit Jupiter Engine][76] | [Eclipse Public License v2.0][77] | -| [Maven Project Version Getter][78] | [MIT License][79] | -| [Extension integration tests library][80] | [MIT License][81] | +| [scalatest][61] | [the Apache License, ASL Version 2.0][35] | +| [scalatestplus-mockito][62] | [Apache-2.0][35] | +| [mockito-core][63] | [MIT][64] | +| [Hamcrest][65] | [BSD License 3][66] | +| [testcontainers-scala-scalatest][67] | [The MIT License (MIT)][64] | +| [Testcontainers :: Localstack][68] | [MIT][69] | +| [Test containers for Exasol on Docker][70] | [MIT License][71] | +| [Test Database Builder for Java][72] | [MIT License][73] | +| [Matcher for SQL Result Sets][74] | [MIT License][75] | +| [EqualsVerifier \| release normal jar][76] | [Apache License, Version 2.0][3] | +| [JUnit Jupiter Engine][77] | [Eclipse Public License v2.0][78] | +| [Maven Project Version Getter][79] | [MIT License][80] | +| [Extension integration tests library][81] | [MIT License][82] | ### Runtime Dependencies | Dependency | License | | ---------------------------- | ----------------------------------------------------------------------------- | -| [Logback Classic Module][82] | [Eclipse Public License - v 1.0][83]; [GNU Lesser General Public License][84] | -| [Logback Core Module][85] | [Eclipse Public License - v 1.0][83]; [GNU Lesser General Public License][84] | +| [Logback Classic Module][83] | [Eclipse Public License - v 1.0][84]; [GNU Lesser General Public License][85] | +| [Logback Core Module][86] | [Eclipse Public License - v 1.0][84]; [GNU Lesser General Public License][85] | ### Plugin Dependencies | Dependency | License | | ------------------------------------------------------- | --------------------------------------------- | -| [SonarQube Scanner for Maven][86] | [GNU LGPL 3][87] | -| [Apache Maven Toolchains Plugin][88] | [Apache-2.0][3] | -| [Apache Maven Compiler Plugin][89] | [Apache-2.0][3] | -| [Apache Maven Enforcer Plugin][90] | [Apache-2.0][3] | -| [Maven Flatten Plugin][91] | [Apache Software Licenese][3] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][92] | [ASL2][6] | -| [scala-maven-plugin][93] | [Public domain (Unlicense)][94] | -| [ScalaTest Maven Plugin][95] | [the Apache License, ASL Version 2.0][34] | -| [Apache Maven Javadoc Plugin][96] | [Apache-2.0][3] | -| [Maven Surefire Plugin][97] | [Apache-2.0][3] | -| [Versions Maven Plugin][98] | [Apache License, Version 2.0][3] | -| [duplicate-finder-maven-plugin Maven Mojo][99] | [Apache License 2.0][36] | -| [Apache Maven Assembly Plugin][100] | [Apache-2.0][3] | -| [Apache Maven JAR Plugin][101] | [Apache-2.0][3] | -| [Artifact reference checker and unifier][102] | [MIT License][103] | -| [Maven Failsafe Plugin][104] | [Apache-2.0][3] | -| [JaCoCo :: Maven Plugin][105] | [EPL-2.0][106] | -| [error-code-crawler-maven-plugin][107] | [MIT License][108] | -| [Reproducible Build Maven Plugin][109] | [Apache 2.0][6] | -| [Project Keeper Maven plugin][110] | [The MIT License][111] | -| [OpenFastTrace Maven Plugin][112] | [GNU General Public License v3.0][113] | -| [Scalastyle Maven Plugin][114] | [Apache 2.0][36] | -| [spotless-maven-plugin][115] | [The Apache Software License, Version 2.0][3] | -| [scalafix-maven-plugin][116] | [BSD-3-Clause][26] | -| [Exec Maven Plugin][117] | [Apache License 2][3] | -| [Apache Maven Clean Plugin][118] | [Apache-2.0][3] | +| [SonarQube Scanner for Maven][87] | [GNU LGPL 3][88] | +| [Apache Maven Toolchains Plugin][89] | [Apache-2.0][3] | +| [Apache Maven Compiler Plugin][90] | [Apache-2.0][3] | +| [Apache Maven Enforcer Plugin][91] | [Apache-2.0][3] | +| [Maven Flatten Plugin][92] | [Apache Software Licenese][3] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][93] | [ASL2][6] | +| [scala-maven-plugin][94] | [Public domain (Unlicense)][95] | +| [ScalaTest Maven Plugin][96] | [the Apache License, ASL Version 2.0][35] | +| [Apache Maven Javadoc Plugin][97] | [Apache-2.0][3] | +| [Maven Surefire Plugin][98] | [Apache-2.0][3] | +| [Versions Maven Plugin][99] | [Apache License, Version 2.0][3] | +| [duplicate-finder-maven-plugin Maven Mojo][100] | [Apache License 2.0][37] | +| [Apache Maven Assembly Plugin][101] | [Apache-2.0][3] | +| [Apache Maven JAR Plugin][102] | [Apache-2.0][3] | +| [Artifact reference checker and unifier][103] | [MIT License][104] | +| [Maven Failsafe Plugin][105] | [Apache-2.0][3] | +| [JaCoCo :: Maven Plugin][106] | [EPL-2.0][107] | +| [error-code-crawler-maven-plugin][108] | [MIT License][109] | +| [Reproducible Build Maven Plugin][110] | [Apache 2.0][6] | +| [Project Keeper Maven plugin][111] | [The MIT License][112] | +| [OpenFastTrace Maven Plugin][113] | [GNU General Public License v3.0][114] | +| [Scalastyle Maven Plugin][115] | [Apache 2.0][37] | +| [spotless-maven-plugin][116] | [The Apache Software License, Version 2.0][3] | +| [scalafix-maven-plugin][117] | [BSD-3-Clause][26] | +| [Exec Maven Plugin][118] | [Apache License 2][3] | +| [Apache Maven Clean Plugin][119] | [Apache-2.0][3] | ## Extension @@ -112,7 +113,7 @@ | Dependency | License | | ------------------------------------------ | ------- | -| [@exasol/extension-manager-interface][119] | MIT | +| [@exasol/extension-manager-interface][120] | MIT | [0]: https://www.scala-lang.org/ [1]: https://www.apache.org/licenses/LICENSE-2.0 @@ -144,93 +145,94 @@ [27]: https://github.com/GoogleCloudPlatform/BigData-interop/gcs-connector/ [28]: https://github.com/googleapis/google-oauth-java-client/google-oauth-client [29]: https://orc.apache.org/orc-core -[30]: https://avro.apache.org -[31]: https://commons.apache.org/proper/commons-compress/ -[32]: https://bitbucket.org/connect2id/nimbus-jose-jwt -[33]: https://delta.io/ -[34]: http://www.apache.org/licenses/LICENSE-2.0 -[35]: https://spark.apache.org/ -[36]: http://www.apache.org/licenses/LICENSE-2.0.html -[37]: http://ant.apache.org/ivy/ -[38]: https://github.com/exasol/parquet-io-java/ -[39]: https://github.com/exasol/parquet-io-java/blob/main/LICENSE -[40]: http://www.slf4j.org -[41]: http://www.opensource.org/licenses/mit-license.php -[42]: https://logging.apache.org/log4j/2.x/log4j/log4j-api/ -[43]: https://logging.apache.org/log4j/2.x/log4j/log4j-1.2-api/ -[44]: https://logging.apache.org/log4j/2.x/log4j/log4j-core/ -[45]: https://github.com/lightbend/scala-logging -[46]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-common -[47]: http://www.eclipse.org/legal/epl-2.0 -[48]: https://www.gnu.org/software/classpath/license.html -[49]: https://creativecommons.org/publicdomain/zero/1.0/ -[50]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-client -[51]: http://www.eclipse.org/org/documents/edl-v10.php -[52]: https://opensource.org/licenses/BSD-2-Clause -[53]: https://asm.ow2.io/license.html -[54]: jquery.org/license -[55]: https://www.w3.org/Consortium/Legal/copyright-documents-19990405 -[56]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-server -[57]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-container-servlet -[58]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-container-servlet-core -[59]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-hk2 -[60]: http://www.scalatest.org -[61]: https://github.com/scalatest/scalatestplus-mockito -[62]: https://github.com/mockito/mockito -[63]: https://opensource.org/licenses/MIT -[64]: http://hamcrest.org/JavaHamcrest/ -[65]: http://opensource.org/licenses/BSD-3-Clause -[66]: https://github.com/testcontainers/testcontainers-scala -[67]: https://java.testcontainers.org -[68]: http://opensource.org/licenses/MIT -[69]: https://github.com/exasol/exasol-testcontainers/ -[70]: https://github.com/exasol/exasol-testcontainers/blob/main/LICENSE -[71]: https://github.com/exasol/test-db-builder-java/ -[72]: https://github.com/exasol/test-db-builder-java/blob/main/LICENSE -[73]: https://github.com/exasol/hamcrest-resultset-matcher/ -[74]: https://github.com/exasol/hamcrest-resultset-matcher/blob/main/LICENSE -[75]: https://www.jqno.nl/equalsverifier -[76]: https://junit.org/junit5/ -[77]: https://www.eclipse.org/legal/epl-v20.html -[78]: https://github.com/exasol/maven-project-version-getter/ -[79]: https://github.com/exasol/maven-project-version-getter/blob/main/LICENSE -[80]: https://github.com/exasol/extension-manager/ -[81]: https://github.com/exasol/extension-manager/blob/main/LICENSE -[82]: http://logback.qos.ch/logback-classic -[83]: http://www.eclipse.org/legal/epl-v10.html -[84]: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html -[85]: http://logback.qos.ch/logback-core -[86]: http://sonarsource.github.io/sonar-scanner-maven/ -[87]: http://www.gnu.org/licenses/lgpl.txt -[88]: https://maven.apache.org/plugins/maven-toolchains-plugin/ -[89]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[90]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[91]: https://www.mojohaus.org/flatten-maven-plugin/ -[92]: https://sonatype.github.io/ossindex-maven/maven-plugin/ -[93]: http://github.com/davidB/scala-maven-plugin -[94]: http://unlicense.org/ -[95]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin -[96]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[97]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[98]: https://www.mojohaus.org/versions/versions-maven-plugin/ -[99]: https://basepom.github.io/duplicate-finder-maven-plugin -[100]: https://maven.apache.org/plugins/maven-assembly-plugin/ -[101]: https://maven.apache.org/plugins/maven-jar-plugin/ -[102]: https://github.com/exasol/artifact-reference-checker-maven-plugin/ -[103]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE -[104]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[105]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[106]: https://www.eclipse.org/legal/epl-2.0/ -[107]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[108]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[109]: http://zlika.github.io/reproducible-build-maven-plugin -[110]: https://github.com/exasol/project-keeper/ -[111]: https://github.com/exasol/project-keeper/blob/main/LICENSE -[112]: https://github.com/itsallcode/openfasttrace-maven-plugin -[113]: https://www.gnu.org/licenses/gpl-3.0.html -[114]: http://www.scalastyle.org -[115]: https://github.com/diffplug/spotless -[116]: https://github.com/evis/scalafix-maven-plugin -[117]: https://www.mojohaus.org/exec-maven-plugin -[118]: https://maven.apache.org/plugins/maven-clean-plugin/ -[119]: https://registry.npmjs.org/@exasol/extension-manager-interface/-/extension-manager-interface-0.4.2.tgz +[30]: https://github.com/airlift/aircompressor +[31]: https://avro.apache.org +[32]: https://commons.apache.org/proper/commons-compress/ +[33]: https://bitbucket.org/connect2id/nimbus-jose-jwt +[34]: https://delta.io/ +[35]: http://www.apache.org/licenses/LICENSE-2.0 +[36]: https://spark.apache.org/ +[37]: http://www.apache.org/licenses/LICENSE-2.0.html +[38]: http://ant.apache.org/ivy/ +[39]: https://github.com/exasol/parquet-io-java/ +[40]: https://github.com/exasol/parquet-io-java/blob/main/LICENSE +[41]: http://www.slf4j.org +[42]: http://www.opensource.org/licenses/mit-license.php +[43]: https://logging.apache.org/log4j/2.x/log4j/log4j-api/ +[44]: https://logging.apache.org/log4j/2.x/log4j/log4j-1.2-api/ +[45]: https://logging.apache.org/log4j/2.x/log4j/log4j-core/ +[46]: https://github.com/lightbend/scala-logging +[47]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-common +[48]: http://www.eclipse.org/legal/epl-2.0 +[49]: https://www.gnu.org/software/classpath/license.html +[50]: https://creativecommons.org/publicdomain/zero/1.0/ +[51]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-client +[52]: http://www.eclipse.org/org/documents/edl-v10.php +[53]: https://opensource.org/licenses/BSD-2-Clause +[54]: https://asm.ow2.io/license.html +[55]: jquery.org/license +[56]: https://www.w3.org/Consortium/Legal/copyright-documents-19990405 +[57]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-server +[58]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-container-servlet +[59]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-container-servlet-core +[60]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-hk2 +[61]: http://www.scalatest.org +[62]: https://github.com/scalatest/scalatestplus-mockito +[63]: https://github.com/mockito/mockito +[64]: https://opensource.org/licenses/MIT +[65]: http://hamcrest.org/JavaHamcrest/ +[66]: http://opensource.org/licenses/BSD-3-Clause +[67]: https://github.com/testcontainers/testcontainers-scala +[68]: https://java.testcontainers.org +[69]: http://opensource.org/licenses/MIT +[70]: https://github.com/exasol/exasol-testcontainers/ +[71]: https://github.com/exasol/exasol-testcontainers/blob/main/LICENSE +[72]: https://github.com/exasol/test-db-builder-java/ +[73]: https://github.com/exasol/test-db-builder-java/blob/main/LICENSE +[74]: https://github.com/exasol/hamcrest-resultset-matcher/ +[75]: https://github.com/exasol/hamcrest-resultset-matcher/blob/main/LICENSE +[76]: https://www.jqno.nl/equalsverifier +[77]: https://junit.org/junit5/ +[78]: https://www.eclipse.org/legal/epl-v20.html +[79]: https://github.com/exasol/maven-project-version-getter/ +[80]: https://github.com/exasol/maven-project-version-getter/blob/main/LICENSE +[81]: https://github.com/exasol/extension-manager/ +[82]: https://github.com/exasol/extension-manager/blob/main/LICENSE +[83]: http://logback.qos.ch/logback-classic +[84]: http://www.eclipse.org/legal/epl-v10.html +[85]: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html +[86]: http://logback.qos.ch/logback-core +[87]: http://sonarsource.github.io/sonar-scanner-maven/ +[88]: http://www.gnu.org/licenses/lgpl.txt +[89]: https://maven.apache.org/plugins/maven-toolchains-plugin/ +[90]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[91]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[92]: https://www.mojohaus.org/flatten-maven-plugin/ +[93]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[94]: http://github.com/davidB/scala-maven-plugin +[95]: http://unlicense.org/ +[96]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin +[97]: https://maven.apache.org/plugins/maven-javadoc-plugin/ +[98]: https://maven.apache.org/surefire/maven-surefire-plugin/ +[99]: https://www.mojohaus.org/versions/versions-maven-plugin/ +[100]: https://basepom.github.io/duplicate-finder-maven-plugin +[101]: https://maven.apache.org/plugins/maven-assembly-plugin/ +[102]: https://maven.apache.org/plugins/maven-jar-plugin/ +[103]: https://github.com/exasol/artifact-reference-checker-maven-plugin/ +[104]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE +[105]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[106]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[107]: https://www.eclipse.org/legal/epl-2.0/ +[108]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[109]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[110]: http://zlika.github.io/reproducible-build-maven-plugin +[111]: https://github.com/exasol/project-keeper/ +[112]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[113]: https://github.com/itsallcode/openfasttrace-maven-plugin +[114]: https://www.gnu.org/licenses/gpl-3.0.html +[115]: http://www.scalastyle.org +[116]: https://github.com/diffplug/spotless +[117]: https://github.com/evis/scalafix-maven-plugin +[118]: https://www.mojohaus.org/exec-maven-plugin +[119]: https://maven.apache.org/plugins/maven-clean-plugin/ +[120]: https://registry.npmjs.org/@exasol/extension-manager-interface/-/extension-manager-interface-0.4.2.tgz diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 86b9d6e8..2e49baf9 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [2.8.1](changes_2.8.1.md) * [2.8.0](changes_2.8.0.md) * [2.7.12](changes_2.7.12.md) * [2.7.11](changes_2.7.11.md) diff --git a/doc/changes/changes_2.8.1.md b/doc/changes/changes_2.8.1.md new file mode 100644 index 00000000..d6a5cd21 --- /dev/null +++ b/doc/changes/changes_2.8.1.md @@ -0,0 +1,26 @@ +# Cloud Storage Extension 2.8.1, released 2024-06-04 + +Code name: Security update - fix for CVE-2024-36114 + +## Summary + +Fixed CVE-2024-36114 https://github.com/advisories/GHSA-973x-65j7-xcf4 via transitive version update. +Updated dependencies. + +## Security + +* #318: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile + +## Dependency Updates + +### Cloud Storage Extension + +#### Compile Dependency Updates + +* Added `io.airlift:aircompressor:0.27` + +#### Plugin Dependency Updates + +* Updated `com.exasol:project-keeper-maven-plugin:4.3.1` to `4.3.2` +* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `4.0.0.4121` diff --git a/doc/user_guide/user_guide.md b/doc/user_guide/user_guide.md index 174a5a29..6415decf 100644 --- a/doc/user_guide/user_guide.md +++ b/doc/user_guide/user_guide.md @@ -150,7 +150,7 @@ downloaded jar file is the same as the checksum provided in the releases. To check the SHA256 result of the local jar, run the command: ```sh -sha256sum exasol-cloud-storage-extension-2.8.0.jar +sha256sum exasol-cloud-storage-extension-2.8.1.jar ``` ### Building From Source @@ -180,7 +180,7 @@ mvn clean package -DskipTests=true ``` The assembled jar file should be located at -`target/exasol-cloud-storage-extension-2.8.0.jar`. +`target/exasol-cloud-storage-extension-2.8.1.jar`. ### Create an Exasol Bucket @@ -202,7 +202,7 @@ for the HTTP protocol. Upload the jar file using curl command: ```sh -curl -X PUT -T exasol-cloud-storage-extension-2.8.0.jar \ +curl -X PUT -T exasol-cloud-storage-extension-2.8.1.jar \ http://w:@exasol.datanode.domain.com:2580// ``` @@ -234,7 +234,7 @@ OPEN SCHEMA CLOUD_STORAGE_EXTENSION; CREATE OR REPLACE JAVA SET SCRIPT IMPORT_PATH(...) EMITS (...) AS %scriptclass com.exasol.cloudetl.scriptclasses.FilesImportQueryGenerator; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.0.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.1.jar; / CREATE OR REPLACE JAVA SCALAR SCRIPT IMPORT_METADATA(...) EMITS ( @@ -244,12 +244,12 @@ CREATE OR REPLACE JAVA SCALAR SCRIPT IMPORT_METADATA(...) EMITS ( end_index DECIMAL(36, 0) ) AS %scriptclass com.exasol.cloudetl.scriptclasses.FilesMetadataReader; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.0.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.1.jar; / CREATE OR REPLACE JAVA SET SCRIPT IMPORT_FILES(...) EMITS (...) AS %scriptclass com.exasol.cloudetl.scriptclasses.FilesDataImporter; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.0.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.1.jar; / ``` @@ -268,12 +268,12 @@ OPEN SCHEMA CLOUD_STORAGE_EXTENSION; CREATE OR REPLACE JAVA SET SCRIPT EXPORT_PATH(...) EMITS (...) AS %scriptclass com.exasol.cloudetl.scriptclasses.TableExportQueryGenerator; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.0.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.1.jar; / CREATE OR REPLACE JAVA SET SCRIPT EXPORT_TABLE(...) EMITS (ROWS_AFFECTED INT) AS %scriptclass com.exasol.cloudetl.scriptclasses.TableDataExporter; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.0.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.1.jar; / ``` @@ -407,13 +407,13 @@ CREATE OR REPLACE JAVA SCALAR SCRIPT IMPORT_METADATA(...) EMITS ( ) AS %jvmoption -DHTTPS_PROXY=http://username:password@10.10.1.10:1180 %scriptclass com.exasol.cloudetl.scriptclasses.FilesMetadataReader; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.0.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.1.jar; / CREATE OR REPLACE JAVA SET SCRIPT IMPORT_FILES(...) EMITS (...) AS %jvmoption -DHTTPS_PROXY=http://username:password@10.10.1.10:1180 %scriptclass com.exasol.cloudetl.scriptclasses.FilesDataImporter; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.0.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.8.1.jar; / ``` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 967503c3..21b50a55 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol cloud-storage-extension-generated-parent - 2.8.0 + 2.8.1 pom UTF-8 @@ -39,7 +39,7 @@ org.sonarsource.scanner.maven sonar-maven-plugin - 3.11.0.3922 + 4.0.0.4121 org.apache.maven.plugins @@ -77,7 +77,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.4.1 + 3.5.0 enforce-maven diff --git a/pom.xml b/pom.xml index 9860bbe8..814f10d2 100644 --- a/pom.xml +++ b/pom.xml @@ -3,14 +3,14 @@ 4.0.0 com.exasol cloud-storage-extension - 2.8.0 + 2.8.1 Cloud Storage Extension Exasol Cloud Storage Import And Export Extension https://github.com/exasol/cloud-storage-extension/ cloud-storage-extension-generated-parent com.exasol - 2.8.0 + 2.8.1 pk_generated_parent.pom @@ -431,6 +431,12 @@ + + + io.airlift + aircompressor + 0.27 + org.apache.avro avro @@ -877,7 +883,7 @@ com.exasol project-keeper-maven-plugin - 4.3.1 + 4.3.2