Skip to content

Releases: exasol/kafka-connector-extension

1.7.8 Fix several CVEs in transitive dependencies, upgrade version of Kafka libs

24 Oct 12:58
@github-actions github-actions
1.7.8
bd009fc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.8 Fix several CVEs in transitive dependencies, upgrade version of Kafka libs Latest
Latest

This release upgrades kafka client dependency (to 7.7.1) and fixes several CVEs in transitive dependencies:

Security

Dependency Updates

Exasol Kafka Connector Extension

Compile Dependency Updates

  • Updated io.confluent:kafka-avro-serializer:7.6.0 to 7.7.1
  • Updated org.apache.avro:avro:1.11.3 to 1.11.4
  • Updated org.apache.kafka:kafka-clients:3.6.0 to 3.7.1
  • Removed org.xerial.snappy:snappy-java:1.1.10.5

Test Dependency Updates

  • Updated io.confluent:kafka-streams-avro-serde:7.6.0 to 7.7.1
  • Updated io.github.embeddedkafka:embedded-kafka-schema-registry_2.13:7.6.0 to 7.7.1
  • Removed joda-time:joda-time:2.12.7
  • Removed org.apache.kafka:kafka-metadata:3.6.2
  • Removed org.apache.zookeeper:zookeeper:3.9.2
  • Removed org.bitbucket.b_c:jose4j:0.9.6
  • Removed org.eclipse.jetty.http2:http2-server:9.4.54.v20240208
  • Added org.eclipse.jetty:jetty-http:9.4.56.v20240826
  • Added org.eclipse.jetty:jetty-server:9.4.56.v20240826
  • Added org.eclipse.jetty:jetty-servlets:9.4.56.v20240826
  • Removed org.json:json:20240303

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:4.3.3 to 4.4.0
  • Added com.exasol:quality-summarizer-maven-plugin:0.2.0
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.16 to 0.17
  • Updated org.apache.maven.plugins:maven-clean-plugin:2.5 to 3.4.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.5 to 3.5.1
  • Updated org.apache.maven.plugins:maven-install-plugin:2.4 to 3.1.3
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.4.1 to 3.4.2
  • Updated org.apache.maven.plugins:maven-resources-plugin:2.6 to 3.3.1
  • Updated org.apache.maven.plugins:maven-site-plugin:3.3 to 3.9.1
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.5 to 3.5.1
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.17.1
Assets 6
Loading

1.7.7 Fix logging, fixed vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:test

25 Sep 12:38
@github-actions github-actions
1.7.7
56a1a5b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.7 Fix logging, fixed vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:test

This release fixes logging of the UDF by adding required libraries. The log level is WARN by default and can be changed by rebuilding the adapter JAR. See the Exasol documentation for how to configure logging of UDFs.

This release fixes the following vulnerability:

CVE-2024-7254 (CWE-20) in dependency com.google.protobuf:protobuf-java:jar:3.19.6:test

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

References

Security

  • #101: Fixed vulnerability CVE-2024-7254 in dependency com.google.protobuf:protobuf-java:jar:3.19.6:test

Dependency Updates

Exasol Kafka Connector Extension

Compile Dependency Updates

  • Added ch.qos.logback:logback-classic:1.5.6
  • Added org.slf4j:slf4j-api:2.0.16

Test Dependency Updates

  • Removed ch.qos.logback:logback-classic:1.5.3
  • Removed ch.qos.logback:logback-core:1.5.3
  • Updated com.exasol:exasol-testcontainers:7.0.1 to 7.1.1
  • Added com.google.protobuf:protobuf-java:3.25.5

Plugin Dependency Updates

  • Updated org.itsallcode:openfasttrace-maven-plugin:1.8.0 to 2.0.0
Assets 6
Loading

1.7.6 Fix CVE-2021-47621

05 Jul 11:04
@github-actions github-actions
1.7.6
fbb4faa
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.6 Fix CVE-2021-47621

Fixes CVE-2021-47621.

Security

Dependency Updates

Exasol Kafka Connector Extension

Test Dependency Updates

  • Added io.github.classgraph:classgraph:4.8.174

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.2 to 2.0.3
  • Updated com.exasol:project-keeper-maven-plugin:4.3.0 to 4.3.3
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
  • Updated org.apache.maven.plugins:maven-jar-plugin:3.3.0 to 3.4.1
  • Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922 to 4.0.0.4121
Assets 6
Loading

1.7.5 Fix CVEs in compile and test dependencies

07 May 12:49
@github-actions github-actions
1.7.5
f13e8fa
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.5 Fix CVEs in compile and test dependencies

This release fixes the following vulnerabilities in dependencies:

Security

Dependency Updates

Exasol Kafka Connector Extension

Test Dependency Updates

  • Updated com.exasol:extension-manager-integration-test-java:0.5.8 to 0.5.10
  • Added joda-time:joda-time:2.12.7
  • Added org.apache.kafka:kafka-metadata:3.6.2

Plugin Dependency Updates

  • Updated com.exasol:error-code-crawler-maven-plugin:2.0.0 to 2.0.2
  • Updated com.exasol:project-keeper-maven-plugin:4.1.0 to 4.3.0
  • Updated org.apache.maven.plugins:maven-assembly-plugin:3.6.0 to 3.7.1
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
  • Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 3.11.0.3922
Assets 6
Loading

1.7.4: Fix CVE-2024-25710 in compile dependency

15 Mar 09:12
@kaklakariada kaklakariada
1.7.4
32506d5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.4: Fix CVE-2024-25710 in compile dependency

Summary

This release fixes the following vulnerabilities in dependencies:

  • CVE-2024-25710 in org.apache.commons:commons-compress:jar:1.21:compile
  • CVE-2024-22201 in org.eclipse.jetty.http2:http2-common:jar:9.4.53.v20231009:test
  • CVE-2023-51775 in org.bitbucket.b_c:jose4j:jar:0.9.3:test

Security

Dependency Updates

Exasol Kafka Connector Extension

Compile Dependency Updates

  • Updated com.exasol:import-export-udf-common-scala_2.13:1.1.1 to 2.0.0
  • Added com.fasterxml.jackson.core:jackson-core:2.17.0
  • Updated com.google.guava:guava:33.0.0-jre to 33.1.0-jre
  • Updated io.confluent:kafka-avro-serializer:7.5.2 to 7.6.0
  • Added org.apache.avro:avro:1.11.3
  • Updated org.apache.commons:commons-compress:1.26.0 to 1.26.1
  • Updated org.apache.kafka:kafka-clients:3.5.1 to 3.6.0
  • Updated org.scala-lang:scala-library:2.13.3 to 2.13.12

Test Dependency Updates

  • Updated ch.qos.logback:logback-classic:1.4.14 to 1.5.3
  • Updated ch.qos.logback:logback-core:1.4.14 to 1.5.3
  • Updated com.exasol:exasol-testcontainers:7.0.0 to 7.0.1
  • Updated com.exasol:extension-manager-integration-test-java:0.5.7 to 0.5.8
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.3 to 1.6.5
  • Updated com.exasol:test-db-builder-java:3.5.3 to 3.5.4
  • Updated com.sksamuel.avro4s:avro4s-core_2.13:4.1.1 to 4.1.2
  • Updated io.confluent:kafka-streams-avro-serde:7.5.2 to 7.6.0
  • Updated io.github.embeddedkafka:embedded-kafka-schema-registry_2.13:7.5.2 to 7.6.0
  • Removed org.apache.avro:avro:1.11.3
  • Updated org.apache.zookeeper:zookeeper:3.9.1 to 3.9.2
  • Added org.bitbucket.b_c:jose4j:0.9.6
  • Added org.eclipse.jetty.http2:http2-server:9.4.54.v20240208
  • Updated org.json:json:20231013 to 20240303
  • Updated org.mockito:mockito-core:5.8.0 to 5.11.0
  • Updated org.testcontainers:kafka:1.19.3 to 1.19.7

Plugin Dependency Updates

  • Updated com.diffplug.spotless:spotless-maven-plugin:2.40.0 to 2.43.0
  • Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.0
  • Updated com.exasol:project-keeper-maven-plugin:3.0.1 to 4.1.0
  • Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.3 to 3.2.5
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.2 to 3.6.3
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.3 to 3.2.5
  • Updated org.codehaus.mojo:exec-maven-plugin:3.1.0 to 3.2.0
  • Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
  • Updated org.itsallcode:openfasttrace-maven-plugin:1.6.2 to 1.8.0

Extension

Development Dependency Updates

  • Updated eslint:^8.53.0 to ^8.57.0
  • Updated @types/node:^20.9.0 to ^20.11.28
  • Updated @typescript-eslint/parser:^6.10.0 to ^7.2.0
  • Updated ts-jest:^29.1.1 to ^29.1.2
  • Updated typescript:^5.2.2 to ^5.4.2
  • Updated @typescript-eslint/eslint-plugin:^6.10.0 to ^7.2.0
  • Updated ts-node:^10.9.1 to ^10.9.2
  • Updated esbuild:^0.19.5 to ^0.20.2
Assets 9
Loading

1.7.3: Custom `krb5.conf` files support.

20 Feb 13:01
@Shmuma Shmuma
1.7.3
a831fdc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.3: Custom `krb5.conf` files support.

Summary

Implemented support for custom krb5.conf files.
Updated transient dependency to fix CVE-2024-25710 and CVE-2024-26308.

Features

  • #86: Add support for custom krb5.conf

Dependency Updates

Compile Dependency Updates

  • Added org.apache.commons:commons-compress:1.26.0

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:3.0.0 to 3.0.1
Assets 9
Loading

1.7.2: Fix CVE-2023-6378 in `logback` test dependencies

21 Dec 08:51
@kaklakariada kaklakariada
1.7.2
7a1fc9f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.2: Fix CVE-2023-6378 in `logback` test dependencies

This release fixes CVE-2023-6378 in dependencies ch.qos.logback/[email protected] and ch.qos.logback/[email protected] with scope test.

Security

Dependency Updates

Compile Dependency Updates

  • Updated com.google.guava:guava:32.1.3-jre to 33.0.0-jre

Test Dependency Updates

  • Added ch.qos.logback:logback-classic:1.4.14
  • Added ch.qos.logback:logback-core:1.4.14
  • Updated com.exasol:exasol-testcontainers:6.6.3 to 7.0.0
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.2 to 1.6.3
  • Updated com.exasol:test-db-builder-java:3.5.1 to 3.5.3
  • Updated io.github.embeddedkafka:embedded-kafka-schema-registry_2.13:7.5.1 to 7.5.2
  • Removed io.netty:netty-handler:4.1.101.Final
  • Updated org.mockito:mockito-core:5.7.0 to 5.8.0
  • Updated org.testcontainers:kafka:1.19.1 to 1.19.3

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:2.9.16 to 3.0.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.2 to 3.2.3
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.2 to 3.2.3
  • Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.1 to 2.16.2
Assets 9
Loading

1.7.1: Test with Exasol v8

21 Nov 08:28
@kaklakariada kaklakariada
1.7.1
9e0ad08
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.1: Test with Exasol v8

Summary

This release adds integration tests with Exasol DB version 8.

Features

  • #77: Added tests with Exasol v8

Documentation

  • #79: Added example of JAAS config in docs

Dependency Updates

Compile Dependency Updates

  • Updated io.confluent:kafka-avro-serializer:7.5.1 to 7.5.2

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.6.2 to 6.6.3
  • Updated com.exasol:extension-manager-integration-test-java:0.5.1 to 0.5.7
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.1 to 1.6.2
  • Updated io.confluent:kafka-streams-avro-serde:7.5.1 to 7.5.2
  • Updated io.netty:netty-handler:4.1.100.Final to 4.1.101.Final
  • Updated org.mockito:mockito-core:5.6.0 to 5.7.0

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:2.9.14 to 2.9.16
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.2
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.0 to 3.6.2
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.2
Assets 9
Loading

1.7.0: Extension manager support

25 Oct 10:20
@pj-spoelders pj-spoelders
1.7.0
28218a8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.0: Extension manager support

Summary

Adds extension manager support.

Note This release contains the following known vulnerabilities in dependencies:

  • Compile dependencies:
  • Test dependencies:

Features

  • #72: Added extension manager support.

Dependency Updates

Compile Dependency Updates

  • Updated com.google.guava:guava:32.1.1-jre to 32.1.3-jre
  • Updated io.confluent:kafka-avro-serializer:7.4.1 to 7.5.1
  • Added org.apache.kafka:kafka-clients:3.5.1
  • Added org.xerial.snappy:snappy-java:1.1.10.5

Test Dependency Updates

  • Updated com.exasol:exasol-testcontainers:6.6.1 to 6.6.2
  • Added com.exasol:extension-manager-integration-test-java:0.5.1
  • Updated com.exasol:hamcrest-resultset-matcher:1.6.0 to 1.6.1
  • Updated com.exasol:test-db-builder-java:3.4.2 to 3.5.1
  • Updated io.confluent:kafka-streams-avro-serde:7.4.1 to 7.5.1
  • Updated io.github.embeddedkafka:embedded-kafka-schema-registry_2.13:7.4.1 to 7.5.1
  • Updated io.netty:netty-handler:4.1.95.Final to 4.1.100.Final
  • Added org.apache.avro:avro:1.11.3
  • Added org.apache.zookeeper:zookeeper:3.9.1
  • Added org.json:json:20231013
  • Updated org.mockito:mockito-core:5.4.0 to 5.6.0
  • Updated org.scalatestplus:scalatestplus-mockito_2.13:1.0.0-M2 to 1.0.0-SNAP5
  • Updated org.scalatest:scalatest_2.13:3.2.16 to 3.3.0-SNAP4
  • Added org.testcontainers:kafka:1.19.1

Plugin Dependency Updates

  • Updated com.diffplug.spotless:spotless-maven-plugin:2.37.0 to 2.40.0
  • Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 1.3.1
  • Updated com.exasol:project-keeper-maven-plugin:2.9.9 to 2.9.14
  • Updated org.apache.maven.plugins:maven-enforcer-plugin:3.3.0 to 3.4.1
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.5.0 to 3.6.0
  • Added org.codehaus.mojo:exec-maven-plugin:3.1.0
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.1
  • Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
  • Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594
Assets 9
Loading

1.6.0: Migrated to `mvn` build

25 Jul 08:09
@morazow morazow
1.6.0
20ef187
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.6.0: Migrated to `mvn` build

Summary

In this release, we migrated from Scala sbt based build system to Java maven build system. This change fully enables us to use our tooling infrastructure such as GitHub workflows, dependency checks etc. We also updated all dependencies to their latest versions.

Refactoring

  • #69: Migrated from sbt to maven build system.

Dependency Updates

Compile Dependency Updates

  • Added com.exasol:error-reporting-java:1.0.1
  • Added com.exasol:import-export-udf-common-scala_2.13:1.1.1
  • Added com.google.guava:guava:32.1.1-jre
  • Added io.confluent:kafka-avro-serializer:7.4.1
  • Added org.scala-lang.modules:scala-collection-compat_2.13:2.11.0
  • Added org.scala-lang:scala-library:2.13.3

Test Dependency Updates

  • Added com.exasol:exasol-testcontainers:6.6.1
  • Added com.exasol:hamcrest-resultset-matcher:1.6.0
  • Added com.exasol:test-db-builder-java:3.4.2
  • Added com.sksamuel.avro4s:avro4s-core_2.13:4.1.1
  • Added io.confluent:kafka-streams-avro-serde:7.4.1
  • Added io.github.embeddedkafka:embedded-kafka-schema-registry_2.13:7.4.1
  • Added io.netty:netty-handler:4.1.95.Final
  • Added org.mockito:mockito-core:5.4.0
  • Added org.scalatestplus:scalatestplus-mockito_2.13:1.0.0-M2
  • Added org.scalatest:scalatest_2.13:3.2.16

Plugin Dependency Updates

  • Added com.diffplug.spotless:spotless-maven-plugin:2.37.0
  • Added com.exasol:artifact-reference-checker-maven-plugin:0.4.2
  • Added com.exasol:error-code-crawler-maven-plugin:1.3.0
  • Added com.exasol:project-keeper-maven-plugin:2.9.9
  • Added io.github.evis:scalafix-maven-plugin_2.13:0.1.8_0.11.0
  • Added io.github.zlika:reproducible-build-maven-plugin:0.16
  • Added net.alchim31.maven:scala-maven-plugin:4.8.1
  • Added org.apache.maven.plugins:maven-assembly-plugin:3.6.0
  • Added org.apache.maven.plugins:maven-clean-plugin:2.5
  • Added org.apache.maven.plugins:maven-compiler-plugin:3.11.0
  • Added org.apache.maven.plugins:maven-deploy-plugin:2.7
  • Added org.apache.maven.plugins:maven-enforcer-plugin:3.3.0
  • Added org.apache.maven.plugins:maven-failsafe-plugin:3.1.2
  • Added org.apache.maven.plugins:maven-install-plugin:2.4
  • Added org.apache.maven.plugins:maven-jar-plugin:3.3.0
  • Added org.apache.maven.plugins:maven-javadoc-plugin:3.5.0
  • Added org.apache.maven.plugins:maven-resources-plugin:2.6
  • Added org.apache.maven.plugins:maven-site-plugin:3.3
  • Added org.apache.maven.plugins:maven-surefire-plugin:3.1.2
  • Added org.basepom.maven:duplicate-finder-maven-plugin:2.0.1
  • Added org.codehaus.mojo:flatten-maven-plugin:1.5.0
  • Added org.codehaus.mojo:versions-maven-plugin:2.16.0
  • Added org.itsallcode:openfasttrace-maven-plugin:1.6.2
  • Added org.jacoco:jacoco-maven-plugin:0.8.10
  • Added org.scalastyle:scalastyle-maven-plugin:1.0.0
  • Added org.scalatest:scalatest-maven-plugin:2.2.0
  • Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
  • Added org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0
Assets 7
Loading