5.1.1 Fixes for vulnerability CVE-2025-48924

This release fixes the following vulnerability:

CVE-2025-48924 (CWE-674) in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CVE: CVE-2025-48924
CWE: CWE-674

References

• https://ossindex.sonatype.org/vulnerability/CVE-2025-48924?component-type=maven&component-name=org.apache.commons%2Fcommons-lang3&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-48924
• GHSA-j288-q9x7-2f5v

Security

• #56: Fixed vulnerability CVE-2025-48924 in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.1.5 to 7.1.7

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.3 to 2.0.4
• Updated com.exasol:project-keeper-maven-plugin:5.1.0 to 5.2.3

5.1.0 Timestamp precision

This release improves the support for columns types with fractional second precision (FSP), i.e. TIME, DATETIME and
TIMESTAMP. The specified FSP will be maintained in Exasol newer versions (>= 8.32.0)

This release also contains a security update. We updated the dependencies of the project to fix transitive security issues.

We also added an exception for the OSSIndex for CVE-2024-55551, which is a false positive in Exasol's JDBC driver.
This issue has been fixed quite a while back now, but the OSSIndex unfortunately does not contain the fix version of 24.2.1 (2024-12-10) set.

Features

• #48: TS(9) support in MySQL VS

Security

• #53: Fix CVE-2024-55551 in com.exasol:exasol-jdbc:jar:24.1.1:test

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:12.0.0 to 13.0.0

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.1.1 to 7.1.5
• Updated com.exasol:hamcrest-resultset-matcher:1.7.0 to 1.7.1
• Updated com.exasol:test-db-builder-java:3.5.2 to 3.6.1
• Updated com.exasol:udf-debugging-java:0.6.13 to 0.6.16
• Updated com.exasol:virtual-schema-common-jdbc:12.0.0 to 13.0.0
• Updated com.exasol:virtual-schema-shared-integration-tests:3.0.0 to 3.0.1
• Removed com.google.protobuf:protobuf-java:4.28.2
• Updated com.mysql:mysql-connector-j:9.0.0 to 9.3.0
• Updated org.jacoco:org.jacoco.agent:0.8.12 to 0.8.13
• Added org.junit.jupiter:junit-jupiter-api:5.13.0
• Removed org.junit.jupiter:junit-jupiter:5.11.0
• Updated org.mockito:mockito-junit-jupiter:5.13.0 to 5.18.0
• Updated org.slf4j:slf4j-jdk14:2.0.16 to 2.0.17
• Updated org.testcontainers:junit-jupiter:1.20.1 to 1.21.1
• Updated org.testcontainers:mysql:1.20.1 to 1.21.1

Plugin Dependency Updates

• Updated com.exasol:artifact-reference-checker-maven-plugin:0.4.2 to 0.4.3
• Updated com.exasol:project-keeper-maven-plugin:4.3.3 to 5.1.0
• Added com.exasol:quality-summarizer-maven-plugin:0.2.0
• Added io.github.git-commit-id:git-commit-id-maven-plugin:9.0.1
• Removed io.github.zlika:reproducible-build-maven-plugin:0.16
• Added org.apache.maven.plugins:maven-artifact-plugin:3.6.0
• Updated org.apache.maven.plugins:maven-clean-plugin:3.2.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.13.0 to 3.14.0
• Updated org.apache.maven.plugins:maven-dependency-plugin:3.6.1 to 3.8.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.5 to 3.5.3
• Updated org.apache.maven.plugins:maven-install-plugin:3.1.2 to 3.1.4
• Updated org.apache.maven.plugins:maven-jar-plugin:3.4.1 to 3.4.2
• Updated org.apache.maven.plugins:maven-site-plugin:3.12.1 to 3.21.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.5 to 3.5.3
• Updated org.codehaus.mojo:flatten-maven-plugin:1.6.0 to 1.7.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.18.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.12 to 0.8.13
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121 to 5.1.0.4751

5.0.2 Fix CVE-2024-7254 in transitive test dependency com.google.protobuf:protobuf-java:jar:3.25.3:test

This release fixes vulnerability CVE-2024-7254 in transitive test dependency com.google.protobuf:protobuf-java:3.25.3

Security

• #50: Fixed CVE-2024-7254 in transitive test dependency com.google.protobuf:protobuf-java:3.25.3

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.0.1 to 7.1.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.5 to 1.7.0
• Updated com.exasol:udf-debugging-java:0.6.12 to 0.6.13
• Updated com.google.protobuf:protobuf-java:3.25.3 to 4.28.2
• Updated com.mysql:mysql-connector-j:8.3.0 to 9.0.0
• Updated org.hamcrest:hamcrest:2.2 to 3.0
• Updated org.jacoco:org.jacoco.agent:0.8.11 to 0.8.12
• Updated org.junit.jupiter:junit-jupiter:5.10.2 to 5.11.0
• Updated org.mockito:mockito-junit-jupiter:5.11.0 to 5.13.0
• Updated org.slf4j:slf4j-jdk14:2.0.12 to 2.0.16
• Updated org.testcontainers:junit-jupiter:1.19.7 to 1.20.1
• Updated org.testcontainers:mysql:1.19.7 to 1.20.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.1 to 2.0.3
• Updated com.exasol:project-keeper-maven-plugin:4.2.0 to 4.3.3
• Updated org.apache.maven.plugins:maven-assembly-plugin:3.6.0 to 3.7.1
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-jar-plugin:3.3.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 4.0.0.4121

5.0.1 Fixed vulnerabilities CVE-2024-25710 and CVE-2024-26308 in test dependencies

This is a security release in which we updated test dependency com.exasol:exasol-test-setup-abstraction-java to fix vulnerabilities CVE-2024-25710 and CVE-2024-26308 in its transitive dependencies.

Security

• #45: Fixed vulnerability CVE-2024-25710
• #46: Fixed vulnerability CVE-2024-26308

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.2 to 7.0.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.1 to 1.6.5
• Updated com.exasol:test-db-builder-java:3.5.1 to 3.5.2
• Updated com.exasol:udf-debugging-java:0.6.11 to 0.6.12
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.5 to 3.0.0
• Updated com.google.protobuf:protobuf-java:3.24.3 to 3.25.3
• Updated com.mysql:mysql-connector-j:8.2.0 to 8.3.0
• Updated org.junit.jupiter:junit-jupiter:5.10.0 to 5.10.2
• Updated org.mockito:mockito-junit-jupiter:5.5.0 to 5.11.0
• Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.12
• Updated org.testcontainers:junit-jupiter:1.19.0 to 1.19.7
• Updated org.testcontainers:mysql:1.19.0 to 1.19.7

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.1
• Updated com.exasol:project-keeper-maven-plugin:3.0.0 to 4.2.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.3 to 3.2.5
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.3 to 3.2.5
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0

5.0.0: Charset is always `utf-8`, deprecated IMPORT_DATA_TYPES `FROM_RESULT_SET` value.

Summary

The behaviour when it comes to character sets is now simplified,
The target char set is now always UTF-8.
The IMPORT_DATA_TYPES property (and value FROM_RESULT_SET) are now deprecated (change in vs-common-jdbc):
An exception will be thrown when users use FROM_RESULT_SET. The exception message warns the user that the value is no longer supported and the property itself is also deprecated.

Refactoring

• #37: Update tests to V8 VSMYSQL / Update to vsjdbc 12.0.0

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:11.0.2 to 12.0.0

Test Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:11.0.2 to 12.0.0
• Updated com.mysql:mysql-connector-j:8.1.0 to 8.2.0
• Updated org.jacoco:org.jacoco.agent:0.8.10 to 0.8.11

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 1.3.1
• Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 3.0.0
• Updated org.apache.maven.plugins:maven-dependency-plugin:3.6.0 to 3.6.1
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.3
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.2
• Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

4.1.3: Fix CVE-2023-42503 in test dependency

Summary

This release fixes CVE-2023-42503 in test dependency org.apache.commons:commons-compress. The release also improves documentation by considering SQL clients other than DbVisualizer.

Security

• #42: Fixed CVE-2023-42503 in test dependency org.apache.commons:commons-compress

Documentation

• #36: Updated CREATE ADAPTER SCRIPT in User Guide
• #40: Update User Guide on Registering the JDBC Driver

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:11.0.1 to 11.0.2

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.1 to 6.6.2
• Updated com.exasol:hamcrest-resultset-matcher:1.6.0 to 1.6.1
• Updated com.exasol:test-db-builder-java:3.4.2 to 3.5.1
• Updated com.exasol:udf-debugging-java:0.6.10 to 0.6.11
• Updated com.exasol:virtual-schema-common-jdbc:11.0.1 to 11.0.2
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.4 to 2.2.5
• Updated com.google.protobuf:protobuf-java:3.23.4 to 3.24.3
• Updated com.mysql:mysql-connector-j:8.0.33 to 8.1.0
• Updated org.junit.jupiter:junit-jupiter:5.9.3 to 5.10.0
• Updated org.mockito:mockito-junit-jupiter:5.4.0 to 5.5.0
• Added org.slf4j:slf4j-jdk14:2.0.9
• Updated org.testcontainers:junit-jupiter:1.18.3 to 1.19.0
• Updated org.testcontainers:mysql:1.18.3 to 1.19.0

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.9 to 2.9.12
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.3.0 to 3.4.0

4.1.2: Dependency Upgrade on top of 4.1.1

Summary

This release updates dependencies.

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:10.1.0 to 11.0.1

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.5.0 to 6.6.1
• Updated com.exasol:hamcrest-resultset-matcher:1.5.2 to 1.6.0
• Updated com.exasol:test-db-builder-java:3.4.1 to 3.4.2
• Updated com.exasol:udf-debugging-java:0.6.6 to 0.6.10
• Updated com.exasol:virtual-schema-common-jdbc:10.1.0 to 11.0.1
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.3 to 2.2.4
• Updated com.google.protobuf:protobuf-java:3.21.12 to 3.23.4
• Updated com.mysql:mysql-connector-j:8.0.31 to 8.0.33
• Updated org.jacoco:org.jacoco.agent:0.8.8 to 0.8.10
• Updated org.junit.jupiter:junit-jupiter:5.9.2 to 5.9.3
• Updated org.mockito:mockito-junit-jupiter:4.11.0 to 5.4.0
• Updated org.testcontainers:junit-jupiter:1.17.6 to 1.18.3
• Updated org.testcontainers:mysql:1.17.6 to 1.18.3

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.2.1 to 1.3.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.1 to 2.9.9
• Updated org.apache.maven.plugins:maven-assembly-plugin:3.4.2 to 3.6.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.11.0
• Updated org.apache.maven.plugins:maven-dependency-plugin:3.3.0 to 3.6.0
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.3.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M7 to 3.1.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7 to 3.1.2
• Added org.basepom.maven:duplicate-finder-maven-plugin:2.0.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.3.0 to 1.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.13.0 to 2.16.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.10

4.1.1: Updated documentation and dependencies

Summary

Updated documentation uses default name of main class of MySQL driver, though the former name is still supported.

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.4.0 to 6.5.0
• Updated com.exasol:udf-debugging-java:0.6.5 to 0.6.6
• Updated com.exasol:virtual-schema-shared-integration-tests:2.2.2 to 2.2.3
• Updated com.google.protobuf:protobuf-java:3.21.9 to 3.21.12
• Updated org.junit.jupiter:junit-jupiter:5.9.1 to 5.9.2
• Updated org.mockito:mockito-junit-jupiter:4.9.0 to 4.11.0

4.1.0: Configurable datatype detection

Summary

Virtual-schema-common-jdbc version 10.0.0 introduced enhanced detection for data types of result sets.

Unfortunately with the new algorithm compatibility problems with the source database can happen under the following circumstances:

• data type CHAR or VARCHAR
• 8-bit character sets with encodings like latin1 or ISO-8859-1
• characters being not strictly ASCII, e.g. German umlaut "Ãœ"

The current release therefore uses an updated version of virtual-schema-common-jdbc with an additional adapter property to configure the data type detection.

For details please see adapter Properties for JDBC-Based Virtual Schemas.

Bugfixes

• #26: Enabled to use MySQL database with character set latin1 and characters not strictly ASCII.

Dependency Updates

Compile Dependency Updates

• Updated com.exasol:virtual-schema-common-jdbc:10.0.1 to 10.1.0

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.3.1 to 6.4.0
• Updated com.exasol:virtual-schema-common-jdbc:10.0.1 to 10.1.0

4.0.1: Improved documentation

Summary

In release 4.0.1 we improved the installation instructions in the user guide, removed an old file that was left over from when the VS used Lombok and updated dependencies to fix vulnerabilities.

Known Issues

There is a known issue with non-UTF databases MySQL that can lead to a type conversion error in the IMPORT triggered by the Virtual Schema. Currently, it looks like this is caused by an inconsistency in the behavior of the MySQL JDBC driver when getting metadata from tables and resultsets. Please follow #26 for details.

Bugfixes

• #23: Fixed CVE-2022-3171 reported for com.google.protobuf:protobuf-java by updating com.mysql:mysql-connector-j.

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.2.0 to 6.3.1
• Updated com.exasol:test-db-builder-java:3.4.0 to 3.4.1
• Updated com.exasol:udf-debugging-java:0.6.4 to 0.6.5
• Updated com.google.protobuf:protobuf-java:3.21.8 to 3.21.9
• Updated org.mockito:mockito-junit-jupiter:4.8.1 to 4.9.0
• Updated org.testcontainers:junit-jupiter:1.17.5 to 1.17.6
• Updated org.testcontainers:mysql:1.17.5 to 1.17.6

Plugin Dependency Updates

• Updated com.exasol:artifact-reference-checker-maven-plugin:0.4.0 to 0.4.2
• Updated com.exasol:error-code-crawler-maven-plugin:1.1.2 to 1.2.1
• Updated com.exasol:project-keeper-maven-plugin:2.8.0 to 2.9.1
• Updated io.github.zlika:reproducible-build-maven-plugin:0.15 to 0.16
• Updated org.apache.maven.plugins:maven-assembly-plugin:3.3.0 to 3.4.2
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5 to 3.0.0-M7
• Updated org.apache.maven.plugins:maven-jar-plugin:3.2.2 to 3.3.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 to 3.0.0-M7
• Updated org.codehaus.mojo:flatten-maven-plugin:1.2.7 to 1.3.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.10.0 to 2.13.0