Skip to content

Releases: exasol/udf-debugging-java

0.6.20 Code Coverage > 80%

Choose a tag to compare

@github-actions github-actions released this 16 Jul 12:38
34eee76

In this release we fixed Sonar findings and raised the code coverage ot over 80%.

We added an integration test for PushDownTesting.

Features

  • Fixed Sonar findings and raised test coverage. (PR #86)

0.6.19 Fixed vulnerabilities CVE-2017-7503, CVE-2017-10355, CVE-2026-9563

Choose a tag to compare

@github-actions github-actions released this 15 Jul 07:22
17a1b1c

This release fixes the following 3 vulnerabilities:

CVE-2017-7503 (CWE-611) in dependency xerces:xercesImpl:jar:2.12.2:provided

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.

References

CVE-2017-10355 (CWE-833) in dependency xerces:xercesImpl:jar:2.12.2:provided

sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)

References

CVE-2026-9563 (CWE-400) in dependency org.eclipse.parsson:parsson:jar:1.1.7:runtime

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker-controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.

References

Security

  • #81: Fixed vulnerability CVE-2017-7503 in dependency xerces:xercesImpl:jar:2.12.2:provided
  • #82: Fixed vulnerability CVE-2017-10355 in dependency xerces:xercesImpl:jar:2.12.2:provided
  • #83: Fixed vulnerability CVE-2026-9563 in dependency org.eclipse.parsson:parsson:jar:1.1.7:runtime

Dependency Updates

Compile Dependency Updates

  • Updated org.jacoco:org.jacoco.core:0.8.14 to 0.8.15
  • Updated org.slf4j:slf4j-jdk14:2.0.17 to 2.0.18

Runtime Dependency Updates

  • Updated org.eclipse.parsson:parsson:1.1.7 to 1.1.9

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.2.0 to 7.3.0
  • Updated com.exasol:test-db-builder-java:3.6.4 to 4.0.1
  • Updated org.itsallcode:junit5-system-extensions:1.2.2 to 1.2.3
  • Updated org.jacoco:org.jacoco.agent:0.8.14 to 0.8.15
  • Updated org.junit.jupiter:junit-jupiter-params:5.13.4 to 5.14.4
  • Updated org.mockito:mockito-junit-jupiter:5.20.0 to 5.23.0
  • Updated org.testcontainers:testcontainers-junit-jupiter:2.0.1 to 2.0.5

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.5 to 2.1.0
  • Updated com.exasol:project-keeper-maven-plugin:5.4.3 to 5.7.3
  • Removed com.exasol:quality-summarizer-maven-plugin:0.2.1
  • Updated io.github.git-commit-id:git-commit-id-maven-plugin:9.0.2 to 10.0.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.14.1 to 3.15.0
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.6.2 to 3.6.3
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.5.4 to 3.5.6
  • Updated org.apache.maven.plugins:maven-resources-plugin:3.3.1 to 3.5.0
  • Updated org.apache.maven.plugins:maven-site-plugin:3.21.0 to 3.22.0
  • Updated org.apache.maven.plugins:maven-source-plugin:3.2.1 to 3.4.0
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.5.4 to 3.5.6
  • Added org.codehaus.mojo:build-helper-maven-plugin:3.6.1
  • Updated org.codehaus.mojo:versions-maven-plugin:2.19.1 to 2.21.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.14 to 0.8.15
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:5.2.0.4988 to 5.7.0.6970
  • Updated org.sonatype.central:central-publishing-maven-plugin:0.9.0 to 0.11.0
  • Added org.spdx:spdx-maven-plugin:1.0.4

0.6.18 Upgrade Project Keeper and Dependencies

Choose a tag to compare

@github-actions github-actions released this 31 Oct 15:43
23d1e85

This release upgrades Project Keeper and dependencies.

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:bucketfs-java:3.2.1 to 4.0.0
  • Updated com.exasol:error-reporting-java:1.0.1 to 1.0.2
  • Updated org.jacoco:org.jacoco.core:0.8.13 to 0.8.14

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.1.5 to 7.2.0
  • Updated com.exasol:test-db-builder-java:3.6.1 to 3.6.4
  • Updated org.jacoco:org.jacoco.agent:0.8.13 to 0.8.14
  • Removed org.junit.jupiter:junit-jupiter-engine:5.13.0
  • Updated org.junit.jupiter:junit-jupiter-params:5.13.0 to 5.13.4
  • Updated org.mockito:mockito-junit-jupiter:5.18.0 to 5.20.0
  • Removed org.testcontainers:junit-jupiter:1.21.1
  • Added org.testcontainers:testcontainers-junit-jupiter:2.0.1

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.4 to 2.0.5
  • Updated com.exasol:project-keeper-maven-plugin:5.2.3 to 5.4.3
  • Updated com.exasol:quality-summarizer-maven-plugin:0.2.0 to 0.2.1
  • Updated io.github.git-commit-id:git-commit-id-maven-plugin:9.0.1 to 9.0.2
  • Updated org.apache.maven.plugins:maven-artifact-plugin:3.6.0 to 3.6.1
  • Updated org.apache.maven.plugins:maven-clean-plugin:3.4.1 to 3.5.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.14.0 to 3.14.1
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.5.0 to 3.6.2
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.5.3 to 3.5.4
  • Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.7 to 3.2.8
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.11.2 to 3.12.0
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.5.3 to 3.5.4
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.7.0 to 1.7.3
  • Updated org.codehaus.mojo:versions-maven-plugin:2.18.0 to 2.19.1
  • Updated org.jacoco:jacoco-maven-plugin:0.8.13 to 0.8.14
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:5.1.0.4751 to 5.2.0.4988
  • Updated org.sonatype.central:central-publishing-maven-plugin:0.7.0 to 0.9.0

0.6.17 Fix CVE-2025-48924 in `org.apache.commons:commons-lang3:jar:3.16.0:compile`

Choose a tag to compare

@github-actions github-actions released this 31 Jul 10:07
e04eb6b

This release fixes the following vulnerabilities:

CVE-2025-48924 (CWE-674) in dependency org.apache.commons:commons-lang3:jar:3.16.0:compile

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CVE: CVE-2025-48924
CWE: CWE-674

References

Security

  • #77: Fixed vulnerability CVE-2025-48924 in dependency org.apache.commons:commons-lang3:jar:3.16.0:compile

Dependency Updates

Compile Dependency Updates

  • Updated org.apache.commons:commons-compress:1.27.1 to 1.28.0

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.3 to 2.0.4
  • Updated com.exasol:project-keeper-maven-plugin:5.1.0 to 5.2.3
  • Added org.sonatype.central:central-publishing-maven-plugin:0.7.0
  • Removed org.sonatype.plugins:nexus-staging-maven-plugin:1.7.0

0.6.16 Security updates on top of 0.6.15

Choose a tag to compare

@github-actions github-actions released this 02 Jun 10:11
b23448a

This release is a security update. We updated the dependencies of the project to fix transitive security issues.

We also added an exception for the OSSIndex for CVE-2024-55551, which is a false positive in Exasol's JDBC driver.
This issue has been fixed quite a while back now, but the OSSIndex unfortunately does not contain the fix version of 24.2.1 (2024-12-10) set.

Security

Dependency Updates

Compile Dependency Updates

  • Updated org.jacoco:org.jacoco.core:0.8.12 to 0.8.13
  • Updated org.slf4j:slf4j-jdk14:2.0.16 to 2.0.17

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.1.3 to 7.1.5
  • Updated com.exasol:test-db-builder-java:3.6.0 to 3.6.1
  • Updated org.jacoco:org.jacoco.agent:0.8.12 to 0.8.13
  • Updated org.junit.jupiter:junit-jupiter-engine:5.11.4 to 5.13.0
  • Updated org.junit.jupiter:junit-jupiter-params:5.11.4 to 5.13.0
  • Updated org.mockito:mockito-junit-jupiter:5.15.2 to 5.18.0
  • Updated org.testcontainers:junit-jupiter:1.20.4 to 1.21.1

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:4.5.0 to 5.1.0
  • Added io.github.git-commit-id:git-commit-id-maven-plugin:9.0.1
  • Removed io.github.zlika:reproducible-build-maven-plugin:0.17
  • Added org.apache.maven.plugins:maven-artifact-plugin:3.6.0
  • Updated org.apache.maven.plugins:maven-clean-plugin:3.4.0 to 3.4.1
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.13.0 to 3.14.0
  • Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.3 to 3.1.4
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.5.2 to 3.5.3
  • Updated org.apache.maven.plugins:maven-install-plugin:3.1.3 to 3.1.4
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.11.1 to 3.11.2
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.5.2 to 3.5.3
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.6.0 to 1.7.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.12 to 0.8.13
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:5.0.0.4389 to 5.1.0.4751

0.6.15 Fix vulnerabilities CVE-2025-25193 and CVE-2025-24970 in test dependencies

Choose a tag to compare

@github-actions github-actions released this 12 Feb 15:00
a758a06

This release fixes the following vulnerabilities in test dependencies:

Security

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:bucketfs-java:3.2.0 to 3.2.1

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.1.1 to 7.1.3
  • Removed org.hamcrest:hamcrest-all:1.3
  • Added org.hamcrest:hamcrest:3.0
  • Updated org.junit.jupiter:junit-jupiter-engine:5.11.3 to 5.11.4
  • Updated org.junit.jupiter:junit-jupiter-params:5.11.3 to 5.11.4
  • Updated org.mockito:mockito-junit-jupiter:5.14.2 to 5.15.2
  • Updated org.testcontainers:junit-jupiter:1.20.3 to 1.20.4

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:4.4.0 to 4.5.0
  • Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.2 to 3.1.3
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.5.1 to 3.5.2
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.10.1 to 3.11.1
  • Updated org.apache.maven.plugins:maven-site-plugin:3.9.1 to 3.21.0
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.5.1 to 3.5.2
  • Updated org.codehaus.mojo:versions-maven-plugin:2.17.1 to 2.18.0
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121 to 5.0.0.4389

0.6.14 Fix CVE-2024-47535: io.netty:netty-common:jar:4.1.108.Final:provided

Choose a tag to compare

@github-actions github-actions released this 19 Nov 09:41
8153cef

This release fixes CVE-2024-47535 in transitive production dependency io.netty:netty-common:jar:4.1.108.Final:provided added by com.exasol:exasol-test-setup-abstraction-java.

Security

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:bucketfs-java:3.1.2 to 3.2.0
  • Updated org.apache.commons:commons-compress:1.26.1 to 1.27.1
  • Updated org.slf4j:slf4j-jdk14:2.0.12 to 2.0.16

Runtime Dependency Updates

  • Updated org.eclipse.parsson:parsson:1.1.6 to 1.1.7

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:7.0.1 to 7.1.1
  • Updated com.exasol:test-db-builder-java:3.5.4 to 3.6.0
  • Updated org.itsallcode:junit5-system-extensions:1.2.0 to 1.2.2
  • Updated org.junit.jupiter:junit-jupiter-engine:5.10.2 to 5.11.3
  • Updated org.junit.jupiter:junit-jupiter-params:5.10.2 to 5.11.3
  • Updated org.mockito:mockito-junit-jupiter:5.11.0 to 5.14.2
  • Updated org.testcontainers:junit-jupiter:1.19.7 to 1.20.3

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.2 to 2.0.3
  • Updated com.exasol:project-keeper-maven-plugin:4.3.0 to 4.4.0
  • Added com.exasol:quality-summarizer-maven-plugin:0.2.0
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.16 to 0.17
  • Updated org.apache.maven.plugins:maven-clean-plugin:2.5 to 3.4.0
  • Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.1 to 3.1.2
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.5 to 3.5.1
  • Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.2 to 3.2.7
  • Updated org.apache.maven.plugins:maven-install-plugin:2.4 to 3.1.3
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.3 to 3.10.1
  • Updated org.apache.maven.plugins:maven-resources-plugin:2.6 to 3.3.1
  • Updated org.apache.maven.plugins:maven-site-plugin:3.3 to 3.9.1
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.5 to 3.5.1
  • Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.17.1
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922 to 4.0.0.4121
  • Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 to 1.7.0

0.6.13 Fixes CVE-2024-29025 in io.netty:netty-codec-http:jar:4.1.100.Final:provided

Choose a tag to compare

@github-actions github-actions released this 09 Apr 06:28
3b29bbc

This release fixes vulnerability CVE-2024-29025 in io.netty:netty-codec-http:jar:4.1.100.Final:provided.

Excluded vulnerability This release contains vulnerability CVE-2017-10355 in fr.turri:aXMLRPC for connecting to ExaOperation during tests. We accept this vulnerability (CWE-833: Deadlock) as we assume that we only connect to the known endpoint ExaOperations.

Security

Dependency Updates

Compile Dependency Updates

  • Updated org.apache.commons:commons-compress:1.26.0 to 1.26.1
  • Updated org.jacoco:org.jacoco.core:0.8.11 to 0.8.12

Runtime Dependency Updates

  • Updated org.eclipse.parsson:parsson:1.1.5 to 1.1.6

Test Dependency Updates

  • Updated com.exasol:test-db-builder-java:3.5.3 to 3.5.4
  • Updated org.jacoco:org.jacoco.agent:0.8.11 to 0.8.12
  • Updated org.mockito:mockito-junit-jupiter:5.10.0 to 5.11.0
  • Updated org.testcontainers:junit-jupiter:1.19.6 to 1.19.7

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.0 to 2.0.2
  • Updated com.exasol:project-keeper-maven-plugin:4.1.0 to 4.3.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
  • Updated org.apache.maven.plugins:maven-gpg-plugin:3.1.0 to 3.2.2
  • Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 3.11.0.3922

0.6.12: Fix CVE-2024-25710 and CVE-2024-26308 in compile dependency `org.apache.commons:commons-compress`

Choose a tag to compare

@kaklakariada kaklakariada released this 04 Mar 05:35
4e5fc95

Summary

This release fixes vulnerabilities CVE-2024-25710 and CVE-2024-26308 in compile dependency org.apache.commons:commons-compress.

Security

Dependency Updates

Compile Dependency Updates

  • Updated com.exasol:bucketfs-java:3.1.0 to 3.1.2
  • Updated jakarta.json:jakarta.json-api:2.1.2 to 2.1.3
  • Updated org.apache.commons:commons-compress:1.24.0 to 1.26.0
  • Updated org.jacoco:org.jacoco.core:0.8.10 to 0.8.11
  • Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.12

Runtime Dependency Updates

  • Updated org.eclipse.parsson:parsson:1.1.4 to 1.1.5

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.6.2 to 7.0.1
  • Updated com.exasol:test-db-builder-java:3.5.0 to 3.5.3
  • Updated org.jacoco:org.jacoco.agent:0.8.10 to 0.8.11
  • Updated org.junit.jupiter:junit-jupiter-engine:5.10.0 to 5.10.2
  • Updated org.junit.jupiter:junit-jupiter-params:5.10.0 to 5.10.2
  • Updated org.mockito:mockito-junit-jupiter:5.5.0 to 5.10.0
  • Updated org.testcontainers:junit-jupiter:1.19.0 to 1.19.6

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 2.0.0
  • Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 4.1.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.5
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.5.0 to 3.6.3
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.5
  • Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.2
  • Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

0.6.11: Fix CVE-2023-42503

Choose a tag to compare

@kaklakariada kaklakariada released this 26 Sep 07:45
3665f1a

Summary

This release fixes CVE-2023-42503 in org.apache.commons:commons-compress by upgrading dependencies.

Known issue: Transitive dependency io.netty:netty-handler used by software.amazon.awssdk:cloudformation in scope provided contains vulnerability CVE-2023-4586. We assume that the AWS SDK's usage of netty is not affected.

Security

Dependency Updates

Compile Dependency Updates

  • Updated org.apache.commons:commons-compress:1.23.0 to 1.24.0
  • Updated org.slf4j:slf4j-jdk14:2.0.7 to 2.0.9

Runtime Dependency Updates

  • Updated org.eclipse.parsson:parsson:1.1.2 to 1.1.4

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.6.0 to 6.6.2
  • Updated com.exasol:test-db-builder-java:3.4.2 to 3.5.0
  • Updated org.junit.jupiter:junit-jupiter-engine:5.9.3 to 5.10.0
  • Updated org.junit.jupiter:junit-jupiter-params:5.9.3 to 5.10.0
  • Updated org.mockito:mockito-junit-jupiter:5.4.0 to 5.5.0
  • Updated org.testcontainers:junit-jupiter:1.18.3 to 1.19.0

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:1.2.3 to 1.3.0
  • Updated com.exasol:project-keeper-maven-plugin:2.9.7 to 2.9.12
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.3.0 to 3.4.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0 to 3.1.2
  • Updated org.apache.maven.plugins:maven-gpg-plugin:3.0.1 to 3.1.0
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0 to 3.1.2
  • Updated org.basepom.maven:duplicate-finder-maven-plugin:1.5.1 to 2.0.1
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.4.1 to 1.5.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.15.0 to 2.16.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.9 to 0.8.10