#84 #85: Fix CVE-2023-6378 (#86)

.vscode/settings.json

@@ -1,9 +1,9 @@
 {
     "editor.formatOnSave": true,
     "editor.codeActionsOnSave": {
-        "source.organizeImports": true,
-        "source.generate.finalModifiers": true,
-        "source.fixAll": true
+        "source.organizeImports": "explicit",
+        "source.generate.finalModifiers": "explicit",
+        "source.fixAll": "explicit"
     },
     "java.codeGeneration.useBlocks": true,
     "java.saveActions.organizeImports": true,

doc/changes/changes_2.1.2.md

@@ -0,0 +1,37 @@
+# Exasol AWS Glue Connector 2.1.2, released 2023-12-18
+
+Code name: Fix CVE-2023-6378 in `logback` dependencies
+
+## Summary
+
+This release fixes CVE-2023-6378 in dependencies `ch.qos.logback/[email protected]` and `ch.qos.logback/[email protected]` with scope `provided`.
+
+## Security
+
+* #84: Fixed CVE-2023-6378 in `ch.qos.logback/[email protected]`
+* #85: Fixed CVE-2023-6378 in `ch.qos.logback/[email protected]`
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `com.exasol:spark-connector-common-java:2.0.2` to `2.0.3`
+* Updated `software.amazon.awssdk:s3:2.21.26` to `2.22.0`
+
+### Test Dependency Updates
+
+* Updated `com.amazonaws:aws-java-sdk-s3:1.12.592` to `1.12.620`
+* Updated `com.exasol:exasol-testcontainers:6.6.3` to `7.0.0`
+* Updated `com.exasol:hamcrest-resultset-matcher:1.6.2` to `1.6.3`
+* Updated `com.exasol:test-db-builder-java:3.5.2` to `3.5.3`
+* Updated `nl.jqno.equalsverifier:equalsverifier:3.15.3` to `3.15.4`
+* Updated `org.mockito:mockito-core:5.7.0` to `5.8.0`
+* Updated `org.mockito:mockito-junit-jupiter:5.7.0` to `5.8.0`
+* Added `org.slf4j:slf4j-jdk14:2.0.9`
+* Updated `org.testcontainers:junit-jupiter:1.19.2` to `1.19.3`
+* Updated `org.testcontainers:localstack:1.19.2` to `1.19.3`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.16` to `2.9.17`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.1` to `2.16.2`

doc/developers_guide/developers_guide.md

@@ -40,11 +40,11 @@ To test connector by creating a custom connector, please follow these steps.
 
 ### Creating an Assembly Jar
 
-By running `mvn verify` or `mvn package` create a connector artifact. For example, `target/exasol-glue-connector-2.1.1-assembly.jar`.
+By running `mvn verify` or `mvn package` create a connector artifact. For example, `target/exasol-glue-connector-2.1.2-assembly.jar`.
 
 ### Uploading the Artifact to S3 Bucket
 
-Upload the JAR artifact from previous step into an S3 bucket. For instance, `s3://exasol-artifacts/glue-connector/exasol-glue-connector-2.1.1-assembly.jar`.
+Upload the JAR artifact from previous step into an S3 bucket. For instance, `s3://exasol-artifacts/glue-connector/exasol-glue-connector-2.1.2-assembly.jar`.
 
 ### Creating a Glue Studio Custom Connector