diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
index d7a38b4..39612b7 100644
--- a/.github/workflows/broken_links_checker.yml
+++ b/.github/workflows/broken_links_checker.yml
@@ -13,6 +13,8 @@ on:
jobs:
linkChecker:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
defaults:
run:
shell: "bash"
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
index 8886e10..e8302fe 100644
--- a/.github/workflows/ci-build-next-java.yml
+++ b/.github/workflows/ci-build-next-java.yml
@@ -15,7 +15,6 @@ jobs:
shell: "bash"
permissions:
contents: read
- checks: write # Allow scacap/action-surefire-report
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
@@ -35,9 +34,3 @@ jobs:
mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
-Djava.version=17 \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
- - name: Publish Test Report for Java 17
- uses: scacap/action-surefire-report@v1
- if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
- with:
- github_token: ${{ secrets.GITHUB_TOKEN }}
- fail_if_no_tests: false
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index 94b1040..aec44e2 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -15,8 +15,7 @@ jobs:
shell: bash
}
permissions: {
- contents: read,
- checks: write
+ contents: read
}
concurrency: {
group: '${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }}',
diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml
index 9f536ee..1bf502f 100644
--- a/.github/workflows/dependencies_update.yml
+++ b/.github/workflows/dependencies_update.yml
@@ -61,14 +61,6 @@ jobs:
env: {
CREATED_ISSUES: '${{ inputs.vulnerability_issues }}'
}
- - name: Project Keeper Fix
- id: project-keeper-fix
- run: |
- mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- - name: Project Keeper Fix for updated Project Keeper version
- id: project-keeper-fix-2
- run: |
- mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- name: Generate Pull Request comment
id: pr-comment
run: |
@@ -81,7 +73,11 @@ jobs:
echo 'It updates dependencies.' >> "$GITHUB_OUTPUT"
fi
echo >> "$GITHUB_OUTPUT"
- echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT"
+ echo '# ⚠️ Notes ⚠️' >> "$GITHUB_OUTPUT"
+ echo '## Run PK fix manually' >> "$GITHUB_OUTPUT"
+ echo 'Due to restrictions workflow `dependencies_update.yml` can't update other workflows, see https://github.com/exasol/project-keeper/issues/578 for details.' >> "$GITHUB_OUTPUT"
+ echo 'Please checkout this PR locally and run `mvn com.exasol:project-keeper-maven-plugin:fix --projects .`' >> "$GITHUB_OUTPUT"
+ echo '## This PR does not trigger CI workflows' >> "$GITHUB_OUTPUT"
echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT"
echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT"
echo 'EOF' >> "$GITHUB_OUTPUT"
diff --git a/dependencies.md b/dependencies.md
index 0299f37..ce6bf53 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -24,7 +24,7 @@
| [Matcher for SQL Result Sets][19] | [MIT License][20] |
| [exasol-test-setup-abstraction-java][21] | [MIT License][22] |
| [Performance Test Recorder Java][23] | [MIT License][24] |
-| [JaCoCo :: Agent][25] | [Eclipse Public License 2.0][26] |
+| [JaCoCo :: Agent][25] | [EPL-2.0][26] |
## Runtime Dependencies
@@ -37,7 +37,7 @@
| Dependency | License |
| ------------------------------------------------------- | --------------------------------- |
| [SonarQube Scanner for Maven][27] | [GNU LGPL 3][28] |
-| [Apache Maven Toolchains Plugin][29] | [Apache License, Version 2.0][30] |
+| [Apache Maven Toolchains Plugin][29] | [Apache-2.0][30] |
| [Apache Maven Compiler Plugin][31] | [Apache-2.0][30] |
| [Apache Maven Enforcer Plugin][32] | [Apache-2.0][30] |
| [Maven Flatten Plugin][33] | [Apache Software Licenese][30] |
@@ -47,7 +47,7 @@
| [duplicate-finder-maven-plugin Maven Mojo][38] | [Apache License 2.0][39] |
| [Project Keeper Maven plugin][40] | [The MIT License][41] |
| [Apache Maven Assembly Plugin][42] | [Apache-2.0][30] |
-| [Apache Maven JAR Plugin][43] | [Apache License, Version 2.0][30] |
+| [Apache Maven JAR Plugin][43] | [Apache-2.0][30] |
| [Artifact reference checker and unifier][44] | [MIT License][45] |
| [Apache Maven Dependency Plugin][46] | [Apache-2.0][30] |
| [Maven Failsafe Plugin][47] | [Apache-2.0][30] |
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 5fa81e0..cac6d82 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [2.0.5](changes_2.0.5.md)
* [2.0.4](changes_2.0.4.md)
* [2.0.3](changes_2.0.3.md)
* [2.0.2](changes_2.0.2.md)
diff --git a/doc/changes/changes_2.0.5.md b/doc/changes/changes_2.0.5.md
new file mode 100644
index 0000000..6c59653
--- /dev/null
+++ b/doc/changes/changes_2.0.5.md
@@ -0,0 +1,31 @@
+# Virtual Schema for Document Data in Files on Azure Blob Storage 2.0.5, released 2024-06-04
+
+Code name: Security update - fix for CVE-2024-36114
+
+## Summary
+
+Fixed CVE-2024-36114 https://github.com/advisories/GHSA-973x-65j7-xcf4.
+
+## Security
+
+* #56: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `com.exasol:virtual-schema-common-document-files:8.0.3` to `8.0.4`
+
+### Test Dependency Updates
+
+* Updated `com.exasol:virtual-schema-common-document-files:8.0.3` to `8.0.4`
+* Updated `org.jacoco:org.jacoco.agent:0.8.11` to `0.8.12`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.2` to `2.0.3`
+* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `4.3.2`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0`
+* Updated `org.apache.maven.plugins:maven-jar-plugin:3.3.0` to `3.4.1`
+* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0`
+* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `4.0.0.4121`
diff --git a/doc/user_guide/user_guide.md b/doc/user_guide/user_guide.md
index 0c22eae..bdc4e4f 100644
--- a/doc/user_guide/user_guide.md
+++ b/doc/user_guide/user_guide.md
@@ -17,7 +17,7 @@ Next create the Adapter Script:
```sql
CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.AZURE_BLOB_STORAGE_FILES_ADAPTER AS
%scriptclass com.exasol.adapter.RequestDispatcher;
- %jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.3-azure-blob-storage-2.0.4.jar;
+ %jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.4-azure-blob-storage-2.0.5.jar;
/
```
@@ -30,7 +30,7 @@ CREATE OR REPLACE JAVA SET SCRIPT ADAPTER.IMPORT_FROM_AZURE_BLOB_STORAGE_DOCUMEN
CONNECTION_NAME VARCHAR(500))
EMITS(...) AS
%scriptclass com.exasol.adapter.document.UdfEntryPoint;
- %jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.3-azure-blob-storage-2.0.4.jar;
+ %jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.0.4-azure-blob-storage-2.0.5.jar;
/
```
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index 12e6f49..4aee705 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
azure-blob-storage-document-files-virtual-schema-generated-parent
- 2.0.4
+ 2.0.5
pom
UTF-8
@@ -37,7 +37,7 @@
org.jacoco
org.jacoco.agent
- 0.8.11
+ 0.8.12
test
runtime
@@ -47,12 +47,12 @@
org.sonarsource.scanner.maven
sonar-maven-plugin
- 3.11.0.3922
+ 4.0.0.4121
org.apache.maven.plugins
maven-toolchains-plugin
- 3.1.0
+ 3.2.0
@@ -85,7 +85,7 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.4.1
+ 3.5.0
enforce-maven
@@ -238,7 +238,7 @@
org.apache.maven.plugins
maven-jar-plugin
- 3.3.0
+ 3.4.1
default-jar
@@ -351,7 +351,7 @@
com.exasol
error-code-crawler-maven-plugin
- 2.0.2
+ 2.0.3
verify
diff --git a/pom.xml b/pom.xml
index fa8f203..4f8fca1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,12 +2,12 @@
4.0.0
azure-blob-storage-document-files-virtual-schema
- 2.0.4
+ 2.0.5
Virtual Schema for document data in files on Azure Blob Storage
Adapter for document data access from files from Azure Blob Storage.
https://github.com/exasol/azure-blob-storage-document-files-virtual-schema/
- 8.0.3
+ 8.0.4
@@ -153,7 +153,7 @@
com.exasol
project-keeper-maven-plugin
- 4.3.0
+ 4.3.2
@@ -188,7 +188,7 @@
azure-blob-storage-document-files-virtual-schema-generated-parent
com.exasol
- 2.0.4
+ 2.0.5
pk_generated_parent.pom
diff --git a/src/test/java/com/exasol/adapter/document/files/IntegrationTestSetup.java b/src/test/java/com/exasol/adapter/document/files/IntegrationTestSetup.java
index b01e7ae..7b6f818 100644
--- a/src/test/java/com/exasol/adapter/document/files/IntegrationTestSetup.java
+++ b/src/test/java/com/exasol/adapter/document/files/IntegrationTestSetup.java
@@ -26,7 +26,7 @@
import jakarta.json.*;
public class IntegrationTestSetup implements AutoCloseable {
- private static final String ADAPTER_JAR = "document-files-virtual-schema-dist-8.0.3-azure-blob-storage-2.0.4.jar";
+ private static final String ADAPTER_JAR = "document-files-virtual-schema-dist-8.0.4-azure-blob-storage-2.0.5.jar";
private final ExasolTestSetup exasolTestSetup;
private final Connection exasolConnection;
private final Statement exasolStatement;