#62 Fix CVE-2023-43642 in org.xerial.snappy:snappy-java (#63)

exasol · Sep 27, 2023 · 5f915fd · 5f915fd
1 parent dfc015f
commit 5f915fd
Show file tree

Hide file tree

Showing 15 changed files with 129 additions and 75 deletions.
diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml
diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml
diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml
diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml
diff --git a/.gitignore b/.gitignore
@@ -7,6 +7,7 @@ pom.xml.versionsBackup
 # .settings : we need Eclipse settings for code formatter and clean-up rules
 .settings/org.eclipse.core.resources.prefs
 .settings/org.eclipse.jdt.apt.core.prefs
+.settings/org.eclipse.m2e.core.prefs
 target
 .cache
 dependency-reduced-pom.xml

diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
@@ -111,7 +111,7 @@ org.eclipse.jdt.core.compiler.problem.unusedPrivateMember=warning
 org.eclipse.jdt.core.compiler.problem.unusedTypeParameter=ignore
 org.eclipse.jdt.core.compiler.problem.unusedWarningToken=warning
 org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
-org.eclipse.jdt.core.compiler.processAnnotations=enabled
+org.eclipse.jdt.core.compiler.processAnnotations=disabled
 org.eclipse.jdt.core.compiler.release=disabled
 org.eclipse.jdt.core.compiler.source=11
 org.eclipse.jdt.core.formatter.align_assignment_statements_on_columns=false

diff --git a/dependencies.md b/dependencies.md
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
diff --git a/doc/changes/changes_2.0.5.md b/doc/changes/changes_2.0.5.md
@@ -0,0 +1,38 @@
+# Parquet for Java 2.0.5, released 2023-09-27
+
+Code name: Fixed CVE-2023-43642
+
+## Summary
+
+This release fixes CVE-2023-43642 in `org.xerial.snappy:snappy-java`.
+
+## Security
+
+* #62: Fixed CVE-2023-43642 in `org.xerial.snappy:snappy-java`
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `org.scala-lang:scala-library:2.13.11` to `2.13.12`
+* Updated `org.xerial.snappy:snappy-java:1.1.10.1` to `1.1.10.5`
+
+### Test Dependency Updates
+
+* Updated `org.junit.jupiter:junit-jupiter:5.9.3` to `5.10.0`
+* Updated `org.mockito:mockito-core:5.4.0` to `5.5.0`
+* Updated `org.mockito:mockito-junit-jupiter:5.4.0` to `5.5.0`
+* Updated `org.scalatest:scalatest_2.13:3.2.15` to `3.3.0-SNAP4`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.2.3` to `1.3.0`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.7` to `2.9.12`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.3.0` to `3.4.0`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.0.0` to `3.1.2`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.0.1` to `3.1.0`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0` to `3.1.2`
+* Updated `org.basepom.maven:duplicate-finder-maven-plugin:1.5.1` to `2.0.1`
+* Updated `org.codehaus.mojo:flatten-maven-plugin:1.4.1` to `1.5.0`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.15.0` to `2.16.0`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.9` to `0.8.10`