Releases · exasol/parquet-io-java

12 May 10:21

github-actions

2.0.16

1ad8e61

2.0.16 Migrate Scala to Java Latest

Latest

This release migrates the project language from Scala to Java to simplify maintenance and reduce dependencies.

We removed the Maven Failsafe plugin, since this project does not feature any integration tests.

Refactoring

#87: Converted production and test code from Scala to Java.

Bugfixes

#88: Fixed requirements tracing using OpenFastTrace

Dependency Updates

Compile Dependency Updates

Removed org.scala-lang:scala-library:2.13.18

Test Dependency Updates

Removed org.scalatest:scalatest_2.13:3.3.0-SNAP4

Plugin Dependency Updates

Removed net.alchim31.maven:scala-maven-plugin:4.9.10
Removed org.apache.maven.plugins:maven-failsafe-plugin:3.5.5
Removed org.scalatest:scalatest-maven-plugin:2.2.0

Assets 4

08 May 11:01

github-actions

2.0.15

bcf105f

2.0.15 Fix CVE-2025-67721 for users

This release fixes CVE-2025-67721 in dependency io.airlift:aircompressor also for users of this library by moving the upgraded dependency from <dependencyManagement> to <dependencies>. This upgrades the library also for clients.

Dependency Updates

Runtime Dependency Updates

Added io.airlift:aircompressor:2.0.3

Assets 4

08 May 10:43

github-actions

2.0.14

170f2c9

2.0.14 Fix CVE-2025-67721 in dependency io.airlift:aircompressor

This release fixes CVE-2025-67721 in dependency io.airlift:aircompressor.

Security

#84: Fixed CVE-2025-67721 in io.airlift:aircompressor

Dependency Updates

Compile Dependency Updates

Updated com.exasol:error-reporting-java:1.0.1 to 1.0.2
Updated org.apache.hadoop:hadoop-client-api:3.4.1 to 3.4.3
Updated org.apache.parquet:parquet-hadoop:1.15.0 to 1.17.0
Updated org.scala-lang:scala-library:2.13.16 to 2.13.18

Runtime Dependency Updates

Updated org.apache.hadoop:hadoop-client-runtime:3.4.1 to 3.4.3

Test Dependency Updates

Updated nl.jqno.equalsverifier:equalsverifier:3.19 to 3.19.4
Updated org.junit.jupiter:junit-jupiter:5.11.4 to 5.14.4
Updated org.mockito:mockito-core:5.15.2 to 5.23.0
Updated org.mockito:mockito-junit-jupiter:5.15.2 to 5.23.0

Plugin Dependency Updates

Updated com.exasol:error-code-crawler-maven-plugin:2.0.3 to 2.0.7
Updated com.exasol:project-keeper-maven-plugin:4.5.0 to 5.6.2
Updated com.exasol:quality-summarizer-maven-plugin:0.2.0 to 0.2.1
Added io.github.git-commit-id:git-commit-id-maven-plugin:10.0.0
Removed io.github.zlika:reproducible-build-maven-plugin:0.17
Updated net.alchim31.maven:scala-maven-plugin:4.8.1 to 4.9.10
Added org.apache.maven.plugins:maven-artifact-plugin:3.6.1
Updated org.apache.maven.plugins:maven-clean-plugin:3.4.0 to 3.5.0
Updated org.apache.maven.plugins:maven-compiler-plugin:3.13.0 to 3.15.0
Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.3 to 3.1.4
Updated org.apache.maven.plugins:maven-enforcer-plugin:3.5.0 to 3.6.2
Updated org.apache.maven.plugins:maven-failsafe-plugin:3.5.2 to 3.5.5
Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.7 to 3.2.8
Updated org.apache.maven.plugins:maven-install-plugin:3.1.3 to 3.1.4
Updated org.apache.maven.plugins:maven-javadoc-plugin:3.11.1 to 3.12.0
Updated org.apache.maven.plugins:maven-resources-plugin:3.3.1 to 3.5.0
Updated org.apache.maven.plugins:maven-source-plugin:3.2.1 to 3.4.0
Updated org.apache.maven.plugins:maven-surefire-plugin:3.5.2 to 3.5.5
Updated org.codehaus.mojo:flatten-maven-plugin:1.6.0 to 1.7.3
Updated org.codehaus.mojo:versions-maven-plugin:2.18.0 to 2.21.0
Updated org.itsallcode:openfasttrace-maven-plugin:1.6.2 to 2.3.0
Updated org.jacoco:jacoco-maven-plugin:0.8.12 to 0.8.14
Updated org.sonarsource.scanner.maven:sonar-maven-plugin:5.0.0.4389 to 5.5.0.6356
Added org.sonatype.central:central-publishing-maven-plugin:0.10.0
Removed org.sonatype.plugins:nexus-staging-maven-plugin:1.7.0

Assets 4

12 Feb 10:21

github-actions

2.0.13

2eac97b

2.0.13 Hadoop dependency cleanup

This release fine-tunes the needed dependencies replacing haddop-client by hadoop-client-api at compile time and
hadoop-client-runtime and runtime. hadoop-client pulled many vulnerabilities that were not needed like netty

Security

#81: Fix vulnerability CVE-2025-25193 in io.netty:netty-common:jar:4.1.115.Final:runtime

Dependency Updates

Compile Dependency Updates

Removed dnsjava:dnsjava:3.6.2
Removed org.apache.avro:avro:1.12.0
Removed org.apache.commons:commons-configuration2:2.11.0
Added org.apache.hadoop:hadoop-client-api:3.4.1
Removed org.apache.hadoop:hadoop-client:3.4.1
Updated org.apache.parquet:parquet-hadoop:1.14.4 to 1.15.0
Updated org.scala-lang:scala-library:2.13.15 to 2.13.16
Added org.slf4j:slf4j-api:1.7.36

Runtime Dependency Updates

Removed io.netty:netty-transport-native-epoll:4.1.115.Final
Added org.apache.hadoop:hadoop-client-runtime:3.4.1
Added org.slf4j:jcl-over-slf4j:1.7.36

Test Dependency Updates

Updated nl.jqno.equalsverifier:equalsverifier:3.17.3 to 3.19
Updated org.junit.jupiter:junit-jupiter:5.11.3 to 5.11.4
Updated org.mockito:mockito-core:5.14.2 to 5.15.2
Updated org.mockito:mockito-junit-jupiter:5.14.2 to 5.15.2
Added org.slf4j:slf4j-jdk14:1.7.36

Plugin Dependency Updates

Updated com.exasol:project-keeper-maven-plugin:4.4.0 to 4.5.0
Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.2 to 3.1.3
Updated org.apache.maven.plugins:maven-failsafe-plugin:3.5.1 to 3.5.2
Updated org.apache.maven.plugins:maven-javadoc-plugin:3.10.1 to 3.11.1
Updated org.apache.maven.plugins:maven-site-plugin:3.9.1 to 3.21.0
Updated org.apache.maven.plugins:maven-surefire-plugin:3.5.1 to 3.5.2
Updated org.codehaus.mojo:versions-maven-plugin:2.17.1 to 2.18.0
Updated org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121 to 5.0.0.4389

Assets 4

18 Nov 10:07

github-actions

2.0.12

c5e5787

2.0.12 Fixed vulnerability CVE-2024-47535 in io.netty:netty-common:jar:4.1.100.Final:compile

This release fixes the following vulnerability:

CVE-2024-47535 (CWE-400) in dependency `io.netty:netty-common:jar:4.1.100.Final:compile`

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.

References

Security

#79: Fixed vulnerability CVE-2024-47535 in dependency io.netty:netty-common:jar:4.1.100.Final:compile

Dependency Updates

Compile Dependency Updates

Updated org.apache.hadoop:hadoop-client:3.4.0 to 3.4.1
Updated org.apache.parquet:parquet-hadoop:1.14.3 to 1.14.4

Runtime Dependency Updates

Added io.netty:netty-transport-native-epoll:4.1.115.Final

Test Dependency Updates

Updated nl.jqno.equalsverifier:equalsverifier:3.17.1 to 3.17.3
Updated org.junit.jupiter:junit-jupiter:5.11.2 to 5.11.3

Plugin Dependency Updates

Updated com.exasol:project-keeper-maven-plugin:4.3.3 to 4.4.0
Added com.exasol:quality-summarizer-maven-plugin:0.2.0
Updated io.github.zlika:reproducible-build-maven-plugin:0.16 to 0.17
Updated org.apache.maven.plugins:maven-clean-plugin:2.5 to 3.4.0
Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.5 to 3.5.1
Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.4 to 3.2.7
Updated org.apache.maven.plugins:maven-install-plugin:2.4 to 3.1.3
Updated org.apache.maven.plugins:maven-javadoc-plugin:3.7.0 to 3.10.1
Updated org.apache.maven.plugins:maven-resources-plugin:2.6 to 3.3.1
Updated org.apache.maven.plugins:maven-site-plugin:3.3 to 3.9.1
Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.5 to 3.5.1
Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.17.1

Assets 4

17 Oct 12:12

github-actions

2.0.11

133b5bb

2.0.11 Fix CVE-2024-47561 in dependency

This release fixes vulnerability CVE-2024-47561 by updating transitive dependency org.apache.avro:avro via org.apache.hadoop:hadoop-client.

Security

#76: Fixed vulnerability CVE-2024-47561 in org.apache.avro:avro

Dependency Updates

Compile Dependency Updates

Updated dnsjava:dnsjava:3.6.0 to 3.6.2
Removed io.airlift:aircompressor:0.27
Updated org.apache.avro:avro:1.11.3 to 1.12.0
Removed org.apache.commons:commons-compress:1.26.2
Updated org.apache.parquet:parquet-hadoop:1.14.1 to 1.14.3
Updated org.scala-lang:scala-library:2.13.14 to 2.13.15
Removed org.xerial.snappy:snappy-java:1.1.10.5

Test Dependency Updates

Updated nl.jqno.equalsverifier:equalsverifier:3.16.1 to 3.17.1
Updated org.hamcrest:hamcrest:2.2 to 3.0
Updated org.junit.jupiter:junit-jupiter:5.10.3 to 5.11.2
Updated org.mockito:mockito-core:5.12.0 to 5.14.2
Updated org.mockito:mockito-junit-jupiter:5.12.0 to 5.14.2

Assets 4

29 Jul 11:40

github-actions

2.0.10

5985eec

2.0.10 Fix CVE-2024-25638 in dependency

This release fixes vulnerability CVE-2024-25638 by updating transitive dependency dnsjava:dnsjava:jar:3.4.0.

Security Issues

#74: Fixed vulnerability CVE-2024-25638 by updating dependency dnsjava:dnsjava:jar:3.4.0.

Dependency Updates

Compile Dependency Updates

Added dnsjava:dnsjava:3.6.0
Updated org.apache.commons:commons-configuration2:2.10.1 to 2.11.0
Updated org.apache.parquet:parquet-hadoop:1.13.1 to 1.14.1
Updated org.scala-lang:scala-library:2.13.13 to 2.13.14

Test Dependency Updates

Updated org.junit.jupiter:junit-jupiter:5.10.2 to 5.10.3

Plugin Dependency Updates

Updated com.exasol:project-keeper-maven-plugin:4.3.2 to 4.3.3

Assets 4

03 Jun 11:49

github-actions

2.0.9

064d364

2.0.9 Security update - fix for CVE-2024-36114

Fixed CVE-2024-36114 GHSA-973x-65j7-xcf4 via transitive version update.
Updated dependencies.

Security

#72: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile

Dependency Updates

Compile Dependency Updates

Added io.airlift:aircompressor:0.27
Updated org.apache.commons:commons-compress:1.26.1 to 1.26.2

Test Dependency Updates

Updated org.mockito:mockito-core:5.11.0 to 5.12.0
Updated org.mockito:mockito-junit-jupiter:5.11.0 to 5.12.0

Plugin Dependency Updates

Updated com.exasol:error-code-crawler-maven-plugin:2.0.2 to 2.0.3
Updated com.exasol:project-keeper-maven-plugin:4.3.0 to 4.3.2
Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.1 to 3.1.2
Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.2 to 3.2.4
Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.3 to 3.7.0
Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922 to 4.0.0.4121
Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 to 1.7.0

Assets 4

09 Apr 06:26

github-actions

2.0.8

e99b050

2.0.8 Fix CVE-2024-29131 & CVE-2024-29133 in `org.apache.commons:commons-configuration2:jar:2.8.0:compile`

This release fixes vulnerabilities CVE-2024-29131 & CVE-2024-29133 in org.apache.commons:commons-configuration2:jar:2.8.0:compile.

Security

#68: Fixed CVE-2024-29131 in org.apache.commons:commons-configuration2:jar:2.8.0:compile
#69: Fixed CVE-2024-29133 in org.apache.commons:commons-configuration2:jar:2.8.0:compile

Dependency Updates

Compile Dependency Updates

Added org.apache.commons:commons-configuration2:2.10.1
Updated org.apache.hadoop:hadoop-client:3.3.6 to 3.4.0

Test Dependency Updates

Updated nl.jqno.equalsverifier:equalsverifier:3.15.8 to 3.16.1

Plugin Dependency Updates

Updated com.exasol:error-code-crawler-maven-plugin:2.0.0 to 2.0.2
Updated com.exasol:project-keeper-maven-plugin:4.1.0 to 4.3.0
Updated org.apache.maven.plugins:maven-compiler-plugin:3.12.1 to 3.13.0
Updated org.apache.maven.plugins:maven-gpg-plugin:3.1.0 to 3.2.2
Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.12
Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 3.11.0.3922

Assets 4

11 Mar 09:06

kaklakariada

2.0.7

0328117

2.0.7: Fix vulnerabilities CVE-2024-25710, CVE-2024-26308 and CVE-2023-52428 in compile dependencies

Summary

This release fixes vulnerabilities in the following compile dependencies:

org.apache.commons:commons-compress
- CVE-2024-25710: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') (8.1)
- CVE-2024-26308: CWE-770: Allocation of Resources Without Limits or Throttling (7.5)
com.nimbusds:nimbus-jose-jwt
- CVE-2023-52428: CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (7.5)

Security

#66: Fixed vulnerabilities

Dependency Updates

Compile Dependency Updates

Updated org.apache.commons:commons-compress:1.24.0 to 1.26.1
Updated org.scala-lang:scala-library:2.13.12 to 2.13.13

Test Dependency Updates

Updated nl.jqno.equalsverifier:equalsverifier:3.15.2 to 3.15.8
Updated org.junit.jupiter:junit-jupiter:5.10.0 to 5.10.2
Updated org.mockito:mockito-core:5.6.0 to 5.11.0
Updated org.mockito:mockito-junit-jupiter:5.6.0 to 5.11.0

Plugin Dependency Updates

Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 2.0.0
Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 4.1.0
Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.12.1
Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.5
Updated org.apache.maven.plugins:maven-javadoc-plugin:3.5.0 to 3.6.3
Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.5
Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.6.0
Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.2
Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

Assets 8

Uh oh!

Releases: exasol/parquet-io-java

2.0.16 Migrate Scala to Java

Refactoring

Bugfixes

Dependency Updates

Compile Dependency Updates

Test Dependency Updates

Plugin Dependency Updates

Uh oh!

2.0.15 Fix CVE-2025-67721 for users

Dependency Updates

Runtime Dependency Updates

Uh oh!

2.0.14 Fix CVE-2025-67721 in dependency io.airlift:aircompressor

Security

Dependency Updates

Compile Dependency Updates

Runtime Dependency Updates

Test Dependency Updates

Plugin Dependency Updates

Uh oh!

2.0.13 Hadoop dependency cleanup

Security

Dependency Updates

Compile Dependency Updates

Runtime Dependency Updates

Test Dependency Updates

Plugin Dependency Updates

Uh oh!

2.0.12 Fixed vulnerability CVE-2024-47535 in io.netty:netty-common:jar:4.1.100.Final:compile

CVE-2024-47535 (CWE-400) in dependency io.netty:netty-common:jar:4.1.100.Final:compile

References

Security

Dependency Updates

Compile Dependency Updates

Runtime Dependency Updates

Test Dependency Updates

Plugin Dependency Updates

Uh oh!

2.0.11 Fix CVE-2024-47561 in dependency

Security

Dependency Updates

Compile Dependency Updates

Test Dependency Updates

Uh oh!

2.0.10 Fix CVE-2024-25638 in dependency

Security Issues

Dependency Updates

Compile Dependency Updates

Test Dependency Updates

Plugin Dependency Updates

Uh oh!

2.0.9 Security update - fix for CVE-2024-36114

Security

Dependency Updates

Compile Dependency Updates

Test Dependency Updates

Plugin Dependency Updates

Uh oh!

2.0.8 Fix CVE-2024-29131 & CVE-2024-29133 in `org.apache.commons:commons-configuration2:jar:2.8.0:compile`

Security

Dependency Updates

Compile Dependency Updates

Test Dependency Updates

Plugin Dependency Updates

Uh oh!

2.0.7: Fix vulnerabilities CVE-2024-25710, CVE-2024-26308 and CVE-2023-52428 in compile dependencies

Summary

Security

Dependency Updates

Compile Dependency Updates

Test Dependency Updates

Plugin Dependency Updates

Uh oh!

CVE-2024-47535 (CWE-400) in dependency `io.netty:netty-common:jar:4.1.100.Final:compile`