#214: Fix CVE-2024-21634 in software.amazon.ion:ion-java (#215)

exasol · Jan 19, 2024 · f922c6c · f922c6c
1 parent 045f133
commit f922c6c
Show file tree

Hide file tree

Showing 19 changed files with 360 additions and 273 deletions.
diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
@@ -14,15 +14,15 @@ jobs:
       cancel-in-progress: true
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
-          distribution: 'temurin'
+          distribution: "temurin"
           java-version: 17
-          cache: 'maven'
+          cache: "maven"
       - name: Run tests and build with Maven
         if: ${{ false }}
         run: |

diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
@@ -11,29 +11,29 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
+  matrix-build:
     name: Building with ${{ matrix.profile }} and Exasol ${{ matrix.exasol-docker-version }}
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        exasol-docker-version: [ 8.18.1 ]
+        exasol-docker-version: [ 8.24.0 ]
         profile: [ '-Pspark3.4', '-Pspark3.4-scala2.12', '-Pspark3.3', '-Pspark3.3-scala2.12' ]
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Set up JDK 11 & 17
-        uses: actions/setup-java@v3
+      - name: Set up JDKs
+        uses: actions/setup-java@v4
         with:
-          distribution: 'temurin'
+          distribution: "temurin"
           java-version: |
-            17
             11
-          cache: 'maven'
+            17
+          cache: "maven"
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
@@ -44,7 +44,7 @@ jobs:
         run: docker pull exasol/docker-db:${{ matrix.exasol-docker-version }}
       - name: Run tests and build with Maven
         run: |
-          JAVA_HOME=$JAVA_HOME_11_X64 mvn --batch-mode verify ${{ matrix.profile }} \
+          mvn --batch-mode verify ${{ matrix.profile }} \
               -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
               -DtrimStackTrace=false
         env:
@@ -57,7 +57,7 @@ jobs:
       - name: Sonar analysis
         if: ${{ env.SONAR_TOKEN != null && matrix.profile == '-Pspark3.4' }}
         run: |
-          JAVA_HOME=$JAVA_HOME_17_X64 mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+          mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
               -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
               -DtrimStackTrace=false \
               -Dsonar.organization=exasol \
@@ -66,3 +66,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  build:
+    needs: matrix-build
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "Build successful"
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
diff --git a/.github/workflows/pk-verify.yml b/.github/workflows/pk-verify.yml
@@ -16,17 +16,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Set up JDK 11
-        uses: actions/setup-java@v3
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
         with:
           distribution: "temurin"
-          java-version: 11
+          java-version: 17
           cache: "maven"
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar

diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml
@@ -8,23 +8,25 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Set up JDK 11
-        uses: actions/setup-java@v3
+      - name: Set up JDKs
+        uses: actions/setup-java@v4
         with:
-          distribution: 'temurin'
-          java-version: 11
-          cache: 'maven'
+          distribution: "temurin"
+          java-version: |
+            11
+            17
+          cache: "maven"
       - name: Enable testcontainer reuse
         run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
       - name: Run tests and build with Maven
         run: mvn --batch-mode clean verify
       - name: Prepare checksum
         run: find */target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum
       - name: Upload checksum to the artifactory
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: original_checksum
           retention-days: 5

diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml
@@ -8,15 +8,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Set up JDK 11
-        uses: actions/setup-java@v3
+      - name: Set up JDKs
+        uses: actions/setup-java@v4
         with:
-          distribution: 'temurin'
-          java-version: 11
-          cache: 'maven'
+          distribution: "temurin"
+          java-version: |
+            11
+            17
+          cache: "maven"
       - name: Build with Maven skipping tests
         run: mvn --batch-mode clean verify -DskipTests
       - name: Print checksum

diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml
@@ -12,15 +12,17 @@ jobs:
         profile: [ '-Pspark3.4', '-Pspark3.4-scala2.12', '-Pspark3.3', '-Pspark3.3-scala2.12' ]
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set up Maven Central Repository
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
-          distribution: 'temurin'
-          java-version: 11
-          cache: 'maven'
+          distribution: "temurin"
+          java-version: |
+            11
+            17
+          cache: "maven"
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD

diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml
@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
     inputs:
       upload_url:
-        description: 'Assets upload URL'
+        description: "Assets upload URL"
         required: true
 
 jobs:
@@ -16,15 +16,17 @@ jobs:
         profile: [ '-Pspark3.4', '-Pspark3.4-scala2.12', '-Pspark3.3', '-Pspark3.3-scala2.12' ]
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Set up JDK 11
-        uses: actions/setup-java@v3
+      - name: Set up JDKs
+        uses: actions/setup-java@v4
         with:
-          distribution: 'temurin'
-          java-version: 11
-          cache: 'maven'
+          distribution: "temurin"
+          java-version: |
+            11
+            17
+          cache: "maven"
       - name: Build with Maven skipping tests
         run: mvn --batch-mode clean verify ${{ matrix.profile }} -DskipTests
       - name: Generate sha256sum files
@@ -33,12 +35,12 @@ jobs:
         uses: shogo82148/actions-upload-release-asset@v1
         with:
           upload_url: ${{ github.event.inputs.upload_url }}
-          asset_path: '**/target/*.jar'
+          asset_path: "**/target/*.jar"
       - name: Upload sha256sum files
         uses: shogo82148/actions-upload-release-asset@v1
         with:
           upload_url: ${{ github.event.inputs.upload_url }}
-          asset_path: '**/target/*.sha256'
+          asset_path: "**/target/*.sha256"
       - name: Create a zip file from error code report JSON files
         run: zip -v error_code_report.zip */target/error_code_report.json
       - name: Upload error-code-report

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,9 +1,9 @@
 {
     "editor.formatOnSave": true,
     "editor.codeActionsOnSave": {
-        "source.organizeImports": true,
-        "source.generate.finalModifiers": true,
-        "source.fixAll": true
+        "source.organizeImports": "explicit",
+        "source.generate.finalModifiers": "explicit",
+        "source.fixAll": "explicit"
     },
     "java.codeGeneration.useBlocks": true,
     "java.saveActions.organizeImports": true,