2.0.1 Fix CVE-2024-47561 in org.apache.avro:avro:jar:1.11.3:compile

This release fixes CVE-2024-47561 in org.apache.avro:avro:jar:1.11.3:compile.

Security

• #56: Fixed CVE-2024-47561 in org.apache.avro:avro:jar:1.11.3:compile

Refactoring

• #53: Fixed sonar warning about Java version during CI build

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:udf-api-java:1.0.2 to 1.0.5
• Updated com.fasterxml.jackson.core:jackson-databind:2.15.0 to 2.18.1
• Updated com.fasterxml.jackson.module:jackson-module-scala_2.13:2.15.0 to 2.18.1
• Updated org.apache.avro:avro:1.11.3 to 1.12.0
• Updated org.scala-lang:scala-library:2.13.10 to 2.13.15
• Updated org.slf4j:slf4j-simple:2.0.7 to 2.0.16

Test Dependency Updates

• Updated nl.jqno.equalsverifier:equalsverifier:3.14.1 to 3.17.3
• Updated org.mockito:mockito-core:5.3.1 to 5.14.2
• Updated org.scalatestplus:scalatestplus-mockito_2.13:1.0.0-M2 to 1.0.0-SNAP5
• Updated org.scalatest:scalatest_2.13:3.2.13 to 3.3.0-SNAP4

Plugin Dependency Updates

• Updated com.diffplug.spotless:spotless-maven-plugin:2.36.0 to 2.43.0
• Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.3
• Updated com.exasol:project-keeper-maven-plugin:2.9.17 to 4.4.0
• Added com.exasol:quality-summarizer-maven-plugin:0.2.0
• Updated io.github.evis:scalafix-maven-plugin_2.13:0.1.6_0.10.0 to 0.1.10_0.11.0
• Updated io.github.zlika:reproducible-build-maven-plugin:0.16 to 0.17
• Updated net.alchim31.maven:scala-maven-plugin:4.8.1 to 4.9.2
• Updated org.apache.maven.plugins:maven-clean-plugin:2.5 to 3.4.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.13.0
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.1 to 3.1.2
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.1.0 to 3.2.7
• Updated org.apache.maven.plugins:maven-install-plugin:2.4 to 3.1.3
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.2 to 3.10.1
• Updated org.apache.maven.plugins:maven-resources-plugin:2.6 to 3.3.1
• Updated org.apache.maven.plugins:maven-site-plugin:3.3 to 3.9.1
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.2 to 3.5.1
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.2.0
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.17.1
• Updated org.itsallcode:openfasttrace-maven-plugin:1.6.2 to 2.3.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 4.0.0.4121
• Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 to 1.7.0

2.0.0: Remove dependencies from JAR

Summary

Previous releases of this project contained all dependencies in the published JAR file (i.e. fat JAR). This project is a library that is used in other projects and should not contain dependencies in the JAR, so we removed them.

Bugfixes

• #54: Removed dependencies from published JAR

Dependency Updates

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.16 to 2.9.17
• Removed org.apache.maven.plugins:maven-assembly-plugin:3.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.1 to 2.16.2

1.1.2: Update avro to CVE-2023-39410

Summary

Library org.apache.avro was updated to fix its CVE-2023-39410.

Features

• #51: Fixed vulnerability in avro

Dependency Updates

Compile Dependency Updates

• Updated org.apache.avro:avro:1.11.1 to 1.11.3

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.3 to 1.3.1
• Updated com.exasol:project-keeper-maven-plugin:2.9.7 to 2.9.16
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.3.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.0.1 to 3.1.0
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.5.0 to 3.6.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0 to 3.2.2
• Updated org.basepom.maven:duplicate-finder-maven-plugin:1.5.1 to 2.0.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.4.1 to 1.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.15.0 to 2.16.1
• Updated org.jacoco:jacoco-maven-plugin:0.8.9 to 0.8.11
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

1.1.1: Updated dependencies on top of `1.1.0`

Summary

In this release, we updated the dependencies and fixed broken link.

Documentation

• #46: Fixed broken link

Dependencies

• #48: Updated dependencies to the latest versions

Dependency Updates

Compile Dependency Updates

• Updated com.fasterxml.jackson.core:jackson-databind:2.14.2 to 2.15.0
• Updated com.fasterxml.jackson.module:jackson-module-scala_2.13:2.14.2 to 2.15.0
• Updated org.slf4j:slf4j-simple:2.0.6 to 2.0.7

Test Dependency Updates

• Updated nl.jqno.equalsverifier:equalsverifier:3.14 to 3.14.1
• Updated org.mockito:mockito-core:5.1.1 to 5.3.1

Plugin Dependency Updates

• Updated com.diffplug.spotless:spotless-maven-plugin:2.34.0 to 2.36.0
• Updated com.exasol:error-code-crawler-maven-plugin:1.2.2 to 1.2.3
• Updated com.exasol:project-keeper-maven-plugin:2.9.3 to 2.9.7
• Updated net.alchim31.maven:scala-maven-plugin:4.8.0 to 4.8.1
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.11.0
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.0.0 to 3.1.1
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.3.0
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8 to 3.0.0
• Added org.basepom.maven:duplicate-finder-maven-plugin:1.5.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.3.0 to 1.4.1
• Updated org.codehaus.mojo:versions-maven-plugin:2.14.2 to 2.15.0
• Updated org.itsallcode:openfasttrace-maven-plugin:1.6.1 to 1.6.2
• Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.9

1.1.0: Migrated to `udf-api-java`

Summary

In this release, we migrated to udf-api-java from exasol-script-api dependency and discontinued references to maven.exasol.com repository. Additionally, updated developer guide, removed obsolete sbt build tool instructions.

Bug Fixes

• #43: Migrated to udf-api-java from old exasol-script-api

Documentation

• #39: Updated developer guide, removed obsolete sbt based information

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:error-reporting-java:1.0.0 to 1.0.1
• Removed com.exasol:exasol-script-api:6.1.7
• Added com.exasol:udf-api-java:1.0.2
• Updated com.fasterxml.jackson.core:jackson-databind:2.13.4.2 to 2.14.2
• Updated com.fasterxml.jackson.module:jackson-module-scala_2.13:2.13.4 to 2.14.2
• Updated org.slf4j:slf4j-simple:1.7.36 to 2.0.6

Test Dependency Updates

• Updated nl.jqno.equalsverifier:equalsverifier:3.10.1 to 3.14
• Updated org.mockito:mockito-core:4.8.1 to 5.1.1

Plugin Dependency Updates

• Updated com.diffplug.spotless:spotless-maven-plugin:2.22.8 to 2.34.0
• Updated com.exasol:error-code-crawler-maven-plugin:1.1.2 to 1.2.2
• Updated com.exasol:project-keeper-maven-plugin:2.8.0 to 2.9.3
• Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.16
• Updated net.alchim31.maven:scala-maven-plugin:4.6.3 to 4.8.0
• Updated org.apache.maven.plugins:maven-assembly-plugin:3.3.0 to 3.5.0
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1 to 3.0.0
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 to 3.0.0-M8
• Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.3.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.14.2
• Updated org.itsallcode:openfasttrace-maven-plugin:1.5.0 to 1.6.1
• Updated org.scalatest:scalatest-maven-plugin:2.0.2 to 2.2.0

1.0.0: Fix vulnerabilities in dependencies

Summary

This is release is a breaking change as it removes support for Scala 2.12, it only supports Scala 2.13. It also updates the following dependencies to fix vulnerabilities:

• com.fasterxml.jackson.core:jackson-databind:jar:2.12.7:compile:
  • CVE-2022-42003 CWE-502: Deserialization of Untrusted Data (7.5)
  • CVE-2022-42004 CWE-502: Deserialization of Untrusted Data (7.5)
• org.scala-lang:scala-library:jar:2.13.8:compile:
  • CVE-2022-36944 CWE-502: Deserialization of Untrusted Data (9.8)

Features

• #40: Fixed vulnerabilities in dependencies

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:error-reporting-java:0.4.1 to 1.0.0
• Updated com.fasterxml.jackson.core:jackson-databind:2.12.7 to 2.13.4.2
• Updated com.fasterxml.jackson.module:jackson-module-scala_2.13:2.12.7 to 2.13.4
• Updated org.scala-lang:scala-library:2.13.8 to 2.13.10

Test Dependency Updates

• Added nl.jqno.equalsverifier:equalsverifier:3.10.1
• Updated org.mockito:mockito-core:4.6.1 to 4.8.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.1.1 to 1.1.2
• Updated com.exasol:project-keeper-maven-plugin:2.5.0 to 2.8.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.0.0 to 3.1.0
• Updated org.itsallcode:openfasttrace-maven-plugin:1.4.0 to 1.5.0
• Removed org.scoverage:scoverage-maven-plugin:1.4.11

0.4.2: Upgrade dependencies to fix vulnerabilities, fixed Maven Central deployment

Summary

This release fixes vulnerabilities in the following dependencies:

• com.fasterxml.jackson.core:jackson-databind:jar:2.12.5 in compile
  • CVE-2020-36518, severity CWE-787: Out-of-bounds Write (7.5)
  • sonatype-2021-4682, severity CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

The automatic Maven Central deployment tried to upload both variants for Scala 2.12 and 2.13 to the same artifact https://repo1.maven.org/maven2/com/exasol/import-export-udf-common-scala/ which causes the build to fail.

Now they are uploaded with the correct artifact ids:

• https://repo1.maven.org/maven2/com/exasol/import-export-udf-common-scala_2.12/
• https://repo1.maven.org/maven2/com/exasol/import-export-udf-common-scala_2.13/

Bugfix

• #33: Upgrade dependencies to fix vulnerabilities
• #36: Fixed Maven Central deployment

Dependency Updates

Compile Dependency Updates

• Updated com.fasterxml.jackson.core:jackson-databind:2.12.5 to 2.12.7
• Updated com.fasterxml.jackson.module:jackson-module-scala_2.13:2.12.5 to 2.12.7
• Updated com.typesafe.scala-logging:scala-logging_2.13:3.9.4 to 3.9.5
• Updated org.apache.avro:avro:1.11.0 to 1.11.1

Test Dependency Updates

• Updated org.mockito:mockito-core:4.3.1 to 4.6.1
• Updated org.scalatest:scalatest_2.13:3.2.10 to 3.2.13

Plugin Dependency Updates

• Updated com.diffplug.spotless:spotless-maven-plugin:2.20.2 to 2.22.8
• Updated com.exasol:error-code-crawler-maven-plugin:1.0.0 to 1.1.1
• Updated com.exasol:project-keeper-maven-plugin:1.3.4 to 2.5.0
• Updated io.github.evis:scalafix-maven-plugin_2.13:0.1.4_0.9.33 to 0.1.6_0.10.0
• Updated net.alchim31.maven:scala-maven-plugin:4.5.6 to 4.6.3
• Updated org.apache.maven.plugins:maven-clean-plugin:3.1.0 to 2.5
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.0 to 3.10.1
• Updated org.apache.maven.plugins:maven-install-plugin:2.5.2 to 2.4
• Updated org.apache.maven.plugins:maven-jar-plugin:3.2.2 to 2.4
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.3.2 to 3.4.0
• Updated org.apache.maven.plugins:maven-resources-plugin:3.2.0 to 2.6
• Updated org.apache.maven.plugins:maven-site-plugin:3.11.0 to 3.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M4 to 3.0.0-M5
• Added org.codehaus.mojo:flatten-maven-plugin:1.2.7
• Updated org.codehaus.mojo:versions-maven-plugin:2.9.0 to 2.10.0
• Added org.jacoco:jacoco-maven-plugin:0.8.8
• Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
• Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8 to 1.6.13

0.4.1: [retracted]

This release is retracted because of a failed deployment to Maven Central. Please use version 0.4.2.

Import Export UDF Common Scala 0.4.1, released 2022-08-02

Code name: Upgrade dependencies to fix vulnerabilities

Summary

This release fixes vulnerabilities in the following dependencies:

• com.fasterxml.jackson.core:jackson-databind:jar:2.12.5 in compile
  • CVE-2020-36518, severity CWE-787: Out-of-bounds Write (7.5)
  • sonatype-2021-4682, severity CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Bugfixes

• #33: Upgrade dependencies to fix vulnerabilities

Dependency Updates

Compile Dependency Updates

• Updated com.fasterxml.jackson.core:jackson-databind:2.12.5 to 2.12.7
• Updated com.fasterxml.jackson.module:jackson-module-scala_2.13:2.12.5 to 2.12.7
• Updated com.typesafe.scala-logging:scala-logging_2.13:3.9.4 to 3.9.5
• Updated org.apache.avro:avro:1.11.0 to 1.11.1

Test Dependency Updates

• Updated org.mockito:mockito-core:4.3.1 to 4.6.1
• Updated org.scalatest:scalatest_2.13:3.2.10 to 3.2.13

Plugin Dependency Updates

• Updated com.diffplug.spotless:spotless-maven-plugin:2.20.2 to 2.22.8
• Updated com.exasol:error-code-crawler-maven-plugin:1.0.0 to 1.1.1
• Updated com.exasol:project-keeper-maven-plugin:1.3.4 to 2.5.0
• Updated io.github.evis:scalafix-maven-plugin_2.13:0.1.4_0.9.33 to 0.1.6_0.10.0
• Updated net.alchim31.maven:scala-maven-plugin:4.5.6 to 4.6.3
• Updated org.apache.maven.plugins:maven-clean-plugin:3.1.0 to 2.5
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.0 to 3.10.1
• Updated org.apache.maven.plugins:maven-install-plugin:2.5.2 to 2.4
• Updated org.apache.maven.plugins:maven-jar-plugin:3.2.2 to 2.4
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.3.2 to 3.4.0
• Updated org.apache.maven.plugins:maven-resources-plugin:3.2.0 to 2.6
• Updated org.apache.maven.plugins:maven-site-plugin:3.11.0 to 3.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M4 to 3.0.0-M5
• Added org.codehaus.mojo:flatten-maven-plugin:1.2.7
• Updated org.codehaus.mojo:versions-maven-plugin:2.9.0 to 2.10.0
• Added org.jacoco:jacoco-maven-plugin:0.8.8
• Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
• Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8 to 1.6.13

0.4.0: Migrated to maven build

Import Export UDF Common Scala 0.4.0, released 2022-02-18

Code name: Migrated to maven build

Summary

In this release, we migrated to the Maven based build and refactored the Continuous Integration (CI) workflow files that contain matrix builds.

Bug Fixes

• #30: Added name to release droid workflow file with matrix build

Features

• #27: Migrated to maven based build

Dependency Updates

Compile Dependency Updates

• Added com.exasol:error-reporting-java:0.4.1
• Added com.exasol:exasol-script-api:6.1.7
• Added com.fasterxml.jackson.core:jackson-databind:2.12.5
• Added com.fasterxml.jackson.module:jackson-module-scala_2.13:2.12.5
• Added com.typesafe.scala-logging:scala-logging_2.13:3.9.4
• Added org.apache.avro:avro:1.11.0
• Added org.scala-lang:scala-library:2.13.8
• Added org.slf4j:slf4j-simple:1.7.36

Test Dependency Updates

• Added org.mockito:mockito-core:4.3.1
• Added org.scalatestplus:scalatestplus-mockito_2.13:1.0.0-M2
• Added org.scalatest:scalatest_2.13:3.2.10

Plugin Dependency Updates

• Added com.diffplug.spotless:spotless-maven-plugin:2.20.2
• Added com.exasol:error-code-crawler-maven-plugin:1.0.0
• Added com.exasol:project-keeper-maven-plugin:1.3.4
• Added io.github.evis:scalafix-maven-plugin_2.13:0.1.4_0.9.33
• Added io.github.zlika:reproducible-build-maven-plugin:0.15
• Added net.alchim31.maven:scala-maven-plugin:4.5.6
• Added org.apache.maven.plugins:maven-assembly-plugin:3.3.0
• Added org.apache.maven.plugins:maven-clean-plugin:3.1.0
• Added org.apache.maven.plugins:maven-compiler-plugin:3.10.0
• Added org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1
• Added org.apache.maven.plugins:maven-enforcer-plugin:3.0.0
• Added org.apache.maven.plugins:maven-gpg-plugin:3.0.1
• Added org.apache.maven.plugins:maven-install-plugin:2.5.2
• Added org.apache.maven.plugins:maven-jar-plugin:3.2.2
• Added org.apache.maven.plugins:maven-javadoc-plugin:3.3.2
• Added org.apache.maven.plugins:maven-resources-plugin:3.2.0
• Added org.apache.maven.plugins:maven-site-plugin:3.11.0
• Added org.apache.maven.plugins:maven-source-plugin:3.2.1
• Added org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M4
• Added org.codehaus.mojo:versions-maven-plugin:2.9.0
• Added org.itsallcode:openfasttrace-maven-plugin:1.4.0
• Added org.scalastyle:scalastyle-maven-plugin:1.0.0
• Added org.scalatest:scalatest-maven-plugin:2.0.2
• Added org.scoverage:scoverage-maven-plugin:1.4.11
• Added org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0
• Added org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8

Fixed JSON Mapper

Summary

This release fixes parsing bugs in JSON mapper functionality.

Bug Fixes

• #24: Fixed JSON mapper issues