0.5.4: Fix CVE-2024-25710, CVE-2024-26308 in test dependencies

Summary

In this security release we fixed CVE-2024-25710 and CVE-2024-26308 by updating test dependencies that contained the vulnerable org.apache.commons:commons-compress 1.24.0.

Features

• 50: Fixed CVE-2024-25710 in test dependency
• 51: Fixed CVE-2024-26308 in test dependency

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.3 to 7.0.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.2 to 1.6.5
• Updated com.exasol:test-db-builder-java:3.5.2 to 3.5.4
• Updated org.junit.jupiter:junit-jupiter-api:5.10.1 to 5.10.2
• Updated org.junit.jupiter:junit-jupiter-params:5.10.1 to 5.10.2
• Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.12
• Updated org.testcontainers:junit-jupiter:1.19.2 to 1.19.7

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.16 to 4.1.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.2 to 3.2.5
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.2 to 3.2.5
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.1 to 2.16.2
• Updated org.itsallcode:openfasttrace-maven-plugin:1.6.2 to 1.8.0

0.5.3: Fix CVE-2023-4043 in test dependency `org.eclipse.parsson:parsson`

Summary

This release fixes vulnerability CVE-2023-4043 in test dependency org.eclipse.parsson:parsson.

Security

• #48: Fixed CVE-2023-4043 in test dependency org.eclipse.parsson:parsson

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.2 to 6.6.3
• Updated com.exasol:hamcrest-resultset-matcher:1.6.1 to 1.6.2
• Updated com.exasol:test-db-builder-java:3.5.1 to 3.5.2
• Updated org.junit.jupiter:junit-jupiter-api:5.10.0 to 5.10.1
• Updated org.junit.jupiter:junit-jupiter-params:5.10.0 to 5.10.1
• Updated org.testcontainers:junit-jupiter:1.19.1 to 1.19.2

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 2.9.16
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.2
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.1
• Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

0.5.2: Fix CVE-2023-42503 in test dependency

In this release we replaced a testing dependency that was vulnerable to CVE-2023-42503. Production code was not affected.

We also changed the namespace for the virtual schema adapter in the code from exasolvs to exasol.evsl for uniformity across projects. This has no impact on the function of the virtual schema.

Features

• #38: Changed namespace exasolvs to exasol.evsl
• #45: Fixed CVE-2023-42503 in test dependency

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.1 to 6.6.2
• Updated com.exasol:hamcrest-resultset-matcher:1.6.0 to 1.6.1
• Updated com.exasol:test-db-builder-java:3.4.2 to 3.5.1
• Updated org.junit.jupiter:junit-jupiter-api:5.9.3 to 5.10.0
• Updated org.junit.jupiter:junit-jupiter-params:5.9.3 to 5.10.0
• Updated org.slf4j:slf4j-jdk14:2.0.7 to 2.0.9
• Updated org.testcontainers:junit-jupiter:1.18.3 to 1.19.1

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.9 to 2.9.12
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.3.0 to 3.4.0

0.5.1: Fix Issue With Integer Constants in `GROUP BY`

Summary

This release fixes an issue with queries using DISTINCT with integer constants. The Exasol SQL processor turns DISTINCT <integer> into GROUP BY <integer> before push-down as an optimization. The adapter must not feed this back as Exasol interprets integers in GROUP BY clauses as column numbers which could lead to invalid results or the following error:

42000:Wrong column number. Too small value 0 as select list column reference in GROUP BY (smallest possible value is 1)

To fix this, Exasol VS now replaces integer constants in GROUP BY clauses with a constant string.

Please that you can still safely use GROUP BY <column-number> in your original query, since Exasol internally converts this to GROUP BY "<column-name>", so that the virtual schema adapter can tell both situations apart.

The release also adds integration tests using Exasol v8 to the CI build.

We also extracted the common parts of EVSL and RLSL to base libraries for a unified code base.

Bugfixes

• #42: Fixed issue with integer constants in GROUP BY

Refactoring

• #31: Added integration tests using Exasol v8 to CI build
• #38: Based on EVSCL

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-jdbc:7.1.19 to 7.1.20
• Updated com.exasol:exasol-testcontainers:6.5.2 to 6.6.1
• Updated org.junit.jupiter:junit-jupiter-api:5.9.2 to 5.9.3
• Updated org.junit.jupiter:junit-jupiter-params:5.9.2 to 5.9.3
• Updated org.testcontainers:junit-jupiter:1.18.0 to 1.18.3

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.2 to 1.3.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.7 to 2.9.9
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0 to 3.1.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0 to 3.1.2
• Updated org.basepom.maven:duplicate-finder-maven-plugin:1.5.1 to 2.0.1
• Updated org.codehaus.mojo:build-helper-maven-plugin:3.3.0 to 3.4.0
• Updated org.codehaus.mojo:flatten-maven-plugin:1.4.1 to 1.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.15.0 to 2.16.0
• Updated org.itsallcode:openfasttrace-maven-plugin:1.6.1 to 1.6.2
• Updated org.jacoco:jacoco-maven-plugin:0.8.9 to 0.8.10

0.5.0: Partial TLS Support (without certificate validation)

Summary

With version 0.5.0 the connection between the Virtual Schema Adapter and the remote Exasol uses TLS for encrypting the communication.

Note however, that this feature is not complete yet. It lacks validation of the peer certificate. The reason is that Lua does not yet have access to the certificate store, so the feature requires a change in the Exasol database. Once certificate validation is available, the EVSL will reach version 1.0.0.

What does this mean for users? They can test connecting the Exasol Virtual Schema to a remote Exasol server with an encrypted connection. The connection cannot be treated as secure though, because validating the peer certificate is a required step in establishing trust between the VS and the remote server. Without this attackers can pretend to be an Exasol server or run a man-in-the-middle attack.

If you need an actually secure connection you will unfortunately have to wait until version 1.0.0.

Features

• #23: Added TLS Support

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-jdbc:7.1.17 to 7.1.19
• Updated com.exasol:exasol-testcontainers:6.5.1 to 6.5.2
• Updated com.exasol:hamcrest-resultset-matcher:1.5.2 to 1.6.0
• Updated org.slf4j:slf4j-jdk14:2.0.6 to 2.0.7
• Updated org.testcontainers:junit-jupiter:1.17.6 to 1.18.0

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.3 to 2.9.7
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.11.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.3.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M8 to 3.0.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8 to 3.0.0
• Added org.basepom.maven:duplicate-finder-maven-plugin:1.5.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.3.0 to 1.4.1
• Updated org.codehaus.mojo:versions-maven-plugin:2.14.2 to 2.15.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.9

0.4.0: Remote EVSL (without TLS)

Summary

In this release we added support for connecting to a remote Exasol database. Note that you cannot use remote Exasol VS yet, since the libraries required are not yet available in production release of the Exasol database. That means while the feature is generally available, it only works with very recent development builds of Exasol. We will update the EVSL release once an Exasol version with the required libraries becomes available.

Features

• #20: Added remote metadata reading

Dependency Updates

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.0 to 1.2.2

0.3.0: `IS [NOT] JSON` and `LISTAGG` support

Summary

We added support for the IS [NOT] JSON predicate and the LISTAGG aggregate function.

We also added a test that evaluates the performance overhead of running queries directly against Exasol and via the Virtual Schema.

Additionally, we improved tests that ensure the package, module and rockspec all have the correct version numbers.

Bufixes

• #8: Added missing test for performance overhead
• #18: Added IS [NOT] JSON predicate
• #24: Added LISTAGG aggregate function

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-jdbc:7.1.11 to 7.1.17
• Updated com.exasol:exasol-testcontainers:6.2.0 to 6.5.1
• Updated com.exasol:test-db-builder-java:3.3.4 to 3.4.2
• Updated org.junit.jupiter:junit-jupiter-api:5.9.1 to 5.9.2
• Updated org.junit.jupiter:junit-jupiter-params:5.9.1 to 5.9.2
• Updated org.slf4j:slf4j-jdk14:2.0.3 to 2.0.6
• Updated org.testcontainers:junit-jupiter:1.17.3 to 1.17.6

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.8.0 to 2.9.3
• Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.16
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5 to 3.0.0-M8
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 to 3.0.0-M8
• Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.3.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.14.2

0.2.0: Join support

Summary

In version 0.2.0 of the Exasol Virtual Schema for Lua we activated support for JOINs.

We also updated the dependencies.

Features

• #13: Join support
• #16: Support of all predicates (except JSON predicates)

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.1.2 to 6.2.0
• Updated com.exasol:hamcrest-resultset-matcher:1.5.1 to 1.5.2
• Updated com.exasol:maven-project-version-getter:1.1.0 to 1.2.0
• Updated com.exasol:test-db-builder-java:3.3.3 to 3.3.4
• Added org.junit.jupiter:junit-jupiter-api:5.9.1
• Removed org.junit.jupiter:junit-jupiter-engine:5.8.2
• Updated org.junit.jupiter:junit-jupiter-params:5.8.2 to 5.9.1
• Updated org.slf4j:slf4j-jdk14:1.7.36 to 2.0.3

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.1.1 to 1.2.0
• Updated com.exasol:project-keeper-maven-plugin:2.4.6 to 2.8.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0 to 3.1.0
• Updated org.apache.maven.plugins:maven-jar-plugin:3.2.2 to 3.3.0
• Updated org.codehaus.mojo:exec-maven-plugin:3.0.0 to 3.1.0
• Updated org.itsallcode:openfasttrace-maven-plugin:1.5.0 to 1.6.1

0.1.1: Documentation complete

Summary

Version 0.1.1 brings updated (and now complete) user requirements, design and requirement tracing.

We also fixed an issue in the "set properties" request. The VS API does not behave like it was described in the API documentation, causing property changes to be ignored. The API documentation was fixed in virtual-schema-common-java #247 after which we fixed the Lua implementation.

Features

• #1: Completed system requirements, design and requirement tracing.

Dependency Updates

Test Dependency Updates

• Added com.exasol:exasol-jdbc:7.1.11
• Added com.exasol:exasol-testcontainers:6.1.2
• Added com.exasol:hamcrest-resultset-matcher:1.5.1
• Added com.exasol:maven-project-version-getter:1.1.0
• Added com.exasol:test-db-builder-java:3.3.3
• Added org.hamcrest:hamcrest:2.2
• Added org.junit.jupiter:junit-jupiter-engine:5.8.2
• Added org.junit.jupiter:junit-jupiter-params:5.8.2
• Added org.slf4j:slf4j-jdk14:1.7.36
• Added org.testcontainers:junit-jupiter:1.17.3

Plugin Dependency Updates

• Added com.exasol:error-code-crawler-maven-plugin:1.1.1
• Added com.exasol:project-keeper-maven-plugin:2.4.6
• Added com.github.funthomas424242:plantuml-maven-plugin:1.5.2
• Added io.github.zlika:reproducible-build-maven-plugin:0.15
• Added org.apache.maven.plugins:maven-clean-plugin:2.5
• Added org.apache.maven.plugins:maven-compiler-plugin:3.10.1
• Added org.apache.maven.plugins:maven-deploy-plugin:2.7
• Added org.apache.maven.plugins:maven-enforcer-plugin:3.0.0
• Added org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5
• Added org.apache.maven.plugins:maven-install-plugin:2.4
• Added org.apache.maven.plugins:maven-jar-plugin:3.2.2
• Added org.apache.maven.plugins:maven-resources-plugin:2.6
• Added org.apache.maven.plugins:maven-site-plugin:3.3
• Added org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5
• Added org.codehaus.mojo:build-helper-maven-plugin:3.3.0
• Added org.codehaus.mojo:exec-maven-plugin:3.0.0
• Added org.codehaus.mojo:flatten-maven-plugin:1.2.7
• Added org.codehaus.mojo:versions-maven-plugin:2.10.0
• Added org.itsallcode:openfasttrace-maven-plugin:1.5.0
• Added org.jacoco:jacoco-maven-plugin:0.8.8
• Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
• Added org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0