Skip to content

Commit

Permalink
Fixed vulnerability CVE-2023-42503 (#111)
Browse files Browse the repository at this point in the history
Fixed vulnerability CVE-2023-42503
Integration tests showed deviations to V7.
Delimiting current PR to exclude ticket 105.
This will be done in a separate attempt.
  • Loading branch information
ckunki authored Oct 24, 2023
1 parent 7bc2aee commit 67c24c4
Show file tree
Hide file tree
Showing 22 changed files with 106 additions and 69 deletions.
2 changes: 2 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,5 @@ pk_generated_parent.pom linguist-genera
.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true
.github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true
.github/workflows/release_droid_release_on_maven_central.yml linguist-generated=true
.settings/org.eclipse.jdt.core.prefs linguist-generated=true
.settings/org.eclipse.jdt.ui.prefs linguist-generated=true
6 changes: 3 additions & 3 deletions .github/workflows/broken_links_checker.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions .github/workflows/ci-build-next-java.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

24 changes: 14 additions & 10 deletions .github/workflows/ci-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,28 @@ on:

jobs:
build:
runs-on: ubuntu-20.04 # UDFs fail with "VM error: Internal error: VM crashed" on ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.docker_db_version }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
docker_db_version: ["7.1.21"]
docker_db_version: ["7.1.23"]
env:
DEFAULT_DB_VERSION: "7.1.21"
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.docker_db_version }}
DEFAULT_DB_VERSION: "7.1.23"
steps:
- name: Checkout the repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
- name: Set up JDK 11 & 17
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: 11
java-version: |
17
11
cache: "maven"
- name: Cache SonarCloud packages
uses: actions/cache@v3
Expand All @@ -38,7 +41,7 @@ jobs:
run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
- name: Run tests and build with Maven
run: |
mvn --batch-mode clean verify \
JAVA_HOME=$JAVA_HOME_11_X64 mvn --batch-mode clean verify \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false \
-Dcom.exasol.dockerdb.image=${{ matrix.docker_db_version }}
Expand All @@ -50,12 +53,13 @@ jobs:
- name: Sonar analysis
if: ${{ env.SONAR_TOKEN != null }}
run: |
JAVA_HOME=$JAVA_HOME_17_X64 \
mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false \
-Dsonar.organization=exasol \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.login=$SONAR_TOKEN
-Dsonar.token=$SONAR_TOKEN
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
8 changes: 4 additions & 4 deletions .github/workflows/dependencies_check.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 9 additions & 5 deletions .github/workflows/release_droid_prepare_original_checksum.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 3 additions & 4 deletions .github/workflows/release_droid_print_quick_checksum.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions .github/workflows/release_droid_release_on_maven_central.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,23 @@ on:
workflow_dispatch:
inputs:
upload_url:
description: 'Assets upload URL'
description: "Assets upload URL"
required: true

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
distribution: 'temurin'
distribution: "temurin"
java-version: 11
cache: 'maven'
cache: "maven"
- name: Build with Maven skipping tests
run: mvn --batch-mode clean verify -DskipTests
- name: Generate sha256sum files
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@

/.project
/.classpath
/.settings/org.eclipse.core.resources.prefs
/.settings/org.eclipse.jdt.apt.core.prefs
/.settings/org.eclipse.m2e.core.prefs
/.settings/org.sonarlint.eclipse.core.prefs
# .settings : we need Eclipse settings for code formatter and clean-up rules
.cache
dependency-reduced-pom.xml
Expand Down
1 change: 1 addition & 0 deletions .project-keeper.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@ sources:
linkReplacements:
excludes:
- "E-PK-CORE-18: Outdated content: '.github/workflows/ci-build.yml'"
- "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_prepare_original_checksum.yml'"
6 changes: 0 additions & 6 deletions .settings/org.eclipse.core.resources.prefs

This file was deleted.

2 changes: 1 addition & 1 deletion .settings/org.eclipse.jdt.core.prefs

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 0 additions & 4 deletions .settings/org.eclipse.m2e.core.prefs

This file was deleted.

2 changes: 0 additions & 2 deletions .settings/org.sonarlint.eclipse.core.prefs

This file was deleted.

6 changes: 3 additions & 3 deletions dependencies.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/changes/changelog.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

33 changes: 33 additions & 0 deletions doc/changes/changes_7.1.5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Exasol Virtual Schema 7.1.5, released 2023-10-24

Code name: Dependency Upgrade

## Summary

This release fixes vulnerability CVE-2023-42503 in transitive test dependency to `org.apache.commons:commons-compress` via `exasol-testcontainers` by updating dependencies.

## Security

*#110: Fixed vulnerability CVE-2023-42503 in test dependency `org.apache.commons:commons-compress`

## Dependency Updates

### Compile Dependency Updates

* Updated `com.exasol:virtual-schema-common-jdbc:11.0.1` to `11.0.2`

### Test Dependency Updates

* Updated `com.exasol:exasol-testcontainers:6.6.1` to `6.6.2`
* Updated `com.exasol:hamcrest-resultset-matcher:1.6.0` to `1.6.1`
* Updated `com.exasol:test-db-builder-java:3.4.2` to `3.5.1`
* Updated `com.exasol:virtual-schema-common-jdbc:11.0.1` to `11.0.2`
* Updated `org.junit.jupiter:junit-jupiter:5.9.3` to `5.10.0`
* Updated `org.mockito:mockito-junit-jupiter:5.4.0` to `5.6.0`
* Updated `org.slf4j:slf4j-jdk14:2.0.7` to `2.0.9`
* Updated `org.testcontainers:junit-jupiter:1.18.3` to `1.19.1`

### Plugin Dependency Updates

* Updated `com.exasol:project-keeper-maven-plugin:2.9.9` to `2.9.12`
* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.3.0` to `3.4.0`
2 changes: 1 addition & 1 deletion doc/dialects/exasol.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ The SQL statement below creates the adapter script, defines the Java class that
```sql
CREATE JAVA ADAPTER SCRIPT SCHEMA_FOR_VS_SCRIPT.ADAPTER_SCRIPT_EXASOL AS
%scriptclass com.exasol.adapter.RequestDispatcher;
%jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-11.0.1-exasol-7.1.4.jar;
%jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-11.0.2-exasol-7.1.5.jar;
/
```

Expand Down
8 changes: 5 additions & 3 deletions pk_generated_parent.pom

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 67c24c4

Please sign in to comment.