* #401: Updated to the virtual-schema-common-jdbc:6.1.0 (#403)

* #401: Updated to the `virtual-schema-common-jdbc:7.0.0`
* #401: Fixed security issues in the dialects
* #401: Fixed CVE-2020-15250

Co-authored-by: exanm <48916233+exanm@users.noreply.github.com>

doc/changes/changes_4.0.4.md

@@ -1,34 +1,66 @@
-# Exasol Virtual Schemas 4.0.4, released 2020-10-??
+# Exasol Virtual Schemas 4.0.4, released 2020-11-17
 
-Code name:
+Code name: Security Update
+
+## Summary
+
+Classification: High
+Please update your adapters as soon as possible!
+This release fixes several SQL injection vulnerabilities on the remote database of the virtual schema. 
+The local Exasol database defining the virtual schema is not affected.
+
+All dialects except for Teradata are affected:
+* Amazon AWS Athena
+* Amazon AWS Aurora
+* Amazon AWS Redshift
+* Apache Hive
+* Apache Impala
+* Generic JDBC-capable RDBMS
+* Google BigQuery
+* IBM DB2
+* Microsoft SQL Server
+* MySQL
+* Oracle
+* PostgreSQL
+* SAP HANA
+* Sybase
 
 ## Documentation
 
 * #371: Documented data types conversion for Hive dialect.
 * #377: Improved Scalar Functions API documentation.	
 * #384: Turned embedded JSON into key-value encoding in Adapter Notes API examples.	
 * #386: Remove the documentation that was moved to the portal, added links instead.
-* #394: Described 'No  suitable driver found', added a note that Hive 1.1.0 has problems with its driver.
+* #394: Described 'No suitable driver found', added a note that Hive 1.1.0 has problems with its driver.
 * #391: Removed the API documentation from this repository and added a link to it.
 
 ## Refactoring
 
 * #263: Removed SybaseMetadataReader class as it was not used by the dialect.
 * #381: Migrated from version.sh to artifact-reference-checker-maven-plugin.
 * #389: Improved connection error handling.
-* #396: Updated to the `virtual-schema-common-java:6.0.0`
+* #396: Updated to the `virtual-schema-common-jdbc:6.0.0`
+* #401: Updated to the `virtual-schema-common-jdbc:7.0.0`
 
 ## Dependency updates
 
 * Added com.exasol:artifact-reference-checker-maven-plugin:0.3.1
-* Updated com.exasol:virtual-schema-common-java:jar:5.0.4 to version 6.0.0
-* Updated org.apache.hbase:hbase-server:jar:2.3.0 to version 2.3.1
-* Updated org.junit.jupiter:junit-jupiter:jar:5.6.2 to version 5.7.0
-* Updated org.mockito:mockito-junit-jupiter:jar:3.4.6 to version 3.5.13
-* Updated com.exasol:exasol-jdbc:jar:6.2.5 to version 7.0.0
-* Updated com.exasol:exasol-testcontainers:jar:2.1.0 to version 3.1.0
-* Updated org.postgresql:postgresql:jar:42.2.14 to version 42.2.16
-* Updated org.apache.hbase:hbase-server:jar:2.3.1 to version 2.3.2
-* Updated com.microsoft.sqlserver:mssql-jdbc:jar:8.4.0.jre11 to version 8.4.1.jre11
-* Updated com.exasol:test-db-builder-java:jar:1.0.1 to version 1.1.0
-* Updated com.exasol:hamcrest-resultset-matcher:jar:1.1.1 to version 1.2.1
+* Added junit:junit:4.13.1 to fix CVE-2020-15250
+* Updated com.exasol:virtual-schema-common-jdbc:5.0.4 to 7.0.0
+* Updated org.apache.hbase:hbase-server:2.3.0 to 2.3.3
+* Updated org.junit.jupiter:junit-jupiter:5.6.2 to 5.7.0
+* Updated org.mockito:mockito-junit-jupiter:3.4.6 to 3.6.0
+* Updated com.exasol:exasol-jdbc:6.2.5 to 7.0.3
+* Updated com.exasol:exasol-testcontainers:2.1.0 to 3.3.1
+* Updated org.postgresql:postgresql:42.2.14 to 42.2.18
+* Updated org.apache.hbase:hbase-server:2.3.1 to 2.3.2
+* Updated com.microsoft.sqlserver:mssql-jdbc:8.4.0.jre11 to 8.4.1.jre11
+* Updated com.exasol:test-db-builder-java:1.0.1 to 1.1.0
+* Updated com.exasol:hamcrest-resultset-matcher:1.1.1 to 1.2.1
+* Updated nl.jqno.equalsverifier:equalsverifier:3.4.3 to 3.5
+* Updated mysql:mysql-connector-java:8.0.21 to 8.0.22
+* Updated org.testcontainers:junit-jupiter:1.14.3 to 1.15.0
+* Updated org.testcontainers:mssqlserver:1.14.3 to 1.15.0
+* Updated org.testcontainers:mysql:1.14.3 to 1.15.0
+* Updated org.testcontainers:oracle-xe:1.14.3 to 1.15.0
+* Updated org.testcontainers:postgresql:1.14.3 to 1.15.0

doc/dialects/athena.md

@@ -21,12 +21,15 @@ You need to specify the following settings when adding the JDBC driver via EXAOp
 | Parameter | Value                                               |
 |-----------|-----------------------------------------------------|
 | Name      | `ATHENA`                                            |
-| Main      | `com.amazon.athena.jdbc.Driver`                     |
+| Main      | `com.simba.athena.jdbc.Driver`                     |
 | Prefix    | `jdbc:awsathena:`                                   |
 | Files     | `AthenaJDBC42_<JDBC driver version>.jar`            |
 
 Please refer to the [documentation on configuring JDBC connections to Athena](https://docs.aws.amazon.com/athena/latest/ug/connect-with-jdbc.html) for details.
 
+IMPORTANT: The latest Athena driver requires to **Disable Security Manager**.
+It is necessary because JDBC driver requires Java permissions which we do not grant by default.
+
 ## Uploading the JDBC Driver to EXAOperation
 
 1. [Create a bucket in BucketFS](https://docs.exasol.com/administration/on-premise/bucketfs/create_new_bucket_in_bucketfs_service.htm)
@@ -49,7 +52,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
     %scriptclass com.exasol.adapter.RequestDispatcher;
-    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
     %jar /buckets/<BFS service>/<bucket>/AthenaJDBC42-<JDBC driver version>.jar;
 /
 ;

doc/dialects/aurora.md

@@ -62,7 +62,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
     %scriptclass com.exasol.adapter.RequestDispatcher;
-    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
     %jar /buckets/<BFS service>/<bucket>/postgresql-<JDBC driver version>.jar;
 /
 ```

doc/dialects/bigquery.md

@@ -33,7 +33,7 @@ List all the JAR files from Magnitude Simba JDBC driver.
 ```sql
 CREATE JAVA ADAPTER SCRIPT SCHEMA_FOR_VS_SCRIPT.ADAPTER_SCRIPT_BIGQUERY AS
     %scriptclass com.exasol.adapter.RequestDispatcher;
-    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
     %jar /buckets/<BFS service>/<bucket>/GoogleBigQueryJDBC42.jar;
     ...
     ...

doc/dialects/db2.md

@@ -56,7 +56,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/db2jcc4.jar;
   %jar /buckets/<BFS service>/<bucket>/db2jcc_license_cu.jar;
 /
@@ -68,7 +68,7 @@ CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/db2jcc4.jar;
   %jar /buckets/<BFS service>/<bucket>/db2jcc_license_cu.jar;
   %jar /buckets/<BFS service>/<bucket>/db2jcc_license_cisuz.jar;

doc/dialects/hive.md

@@ -47,7 +47,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/jars/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/jars/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/jars/HiveJDBC41.jar;
 /
 ```
@@ -302,7 +302,7 @@ In Virtual Schema adapter:
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %jvmoption -Dsun.security.krb5.disableReferrals=true;
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/jars/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/jars/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/jars/HiveJDBC41.jar;
 /
 ```

doc/dialects/impala.md

@@ -47,7 +47,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/ImpalaJDBC41.jar;
 /
 ;

doc/dialects/mysql.md

@@ -51,7 +51,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT SCHEMA_FOR_VS_SCRIPT.ADAPTER_SCRIPT_MYSQL AS
     %scriptclass com.exasol.adapter.RequestDispatcher;
-    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
     %jar /buckets/<BFS service>/<bucket>/mysql-connector-java-<version>.jar;
 /
 ;

doc/dialects/oracle.md

@@ -48,7 +48,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/ojdbc<JDBC driver version>.jar;
 /
 ;

doc/dialects/postgresql.md

@@ -25,7 +25,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/postgresql-<version>.jar;
 /
 ```

doc/dialects/redshift.md

@@ -51,7 +51,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
     %scriptclass com.exasol.adapter.RequestDispatcher;
-    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+    %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
     %jar /buckets/<BFS service>/<bucket>/RedshiftJDBC42-<JDBC driver version>.jar;
 /
 ;

doc/dialects/saphana.md

@@ -47,7 +47,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
      %scriptclass com.exasol.adapter.RequestDispatcher;
-     %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+     %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
      %jar /buckets/<BFS service>/<bucket>/ngdbc-<JDBC driver version>.jar;
 /
 ;

doc/dialects/sql_server.md

@@ -46,7 +46,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT SCHEMA_FOR_VS_SCRIPT.ADAPTER_SCRIPT_SQLSERVER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/mssql-jdbc-<version>.jre8.jar;
 /
 ```

doc/dialects/sybase.md

@@ -29,7 +29,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/jtds-<version>.jar;
 /
 ```

doc/dialects/teradata.md

@@ -47,7 +47,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS
   %scriptclass com.exasol.adapter.RequestDispatcher;
-  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-6.0.0-bundle-4.0.4.jar;
+  %jar /buckets/<BFS service>/<bucket>/virtual-schema-dist-7.0.0-bundle-4.0.4.jar;
   %jar /buckets/<BFS service>/<bucket>/terajdbc4.jar;
   %jar /buckets/<BFS service>/<bucket>/tdgssconfig.jar;
 /

pom.xml

@@ -11,8 +11,8 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>11</java.version>
         <surefire.and.failsafe.plugin.version>3.0.0-M4</surefire.and.failsafe.plugin.version>
-        <vscjdbc.version>6.0.0</vscjdbc.version>
-        <org.testcontainers.version>1.14.3</org.testcontainers.version>
+        <vscjdbc.version>7.0.0</vscjdbc.version>
+        <org.testcontainers.version>1.15.0</org.testcontainers.version>
         <sonar.coverage.jacoco.xmlReportPaths>target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml
         </sonar.coverage.jacoco.xmlReportPaths>
     </properties>
@@ -48,7 +48,18 @@
             <artifactId>virtual-schema-common-jdbc</artifactId>
             <version>${vscjdbc.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.exasol</groupId>
+            <artifactId>db-fundamentals-java</artifactId>
+            <version>0.1.1</version>
+        </dependency>
         <!--Unit test dependencies-->
+        <dependency>
+            <groupId>nl.jqno.equalsverifier</groupId>
+            <artifactId>equalsverifier</artifactId>
+            <version>3.5</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>virtual-schema-common-jdbc</artifactId>
@@ -71,20 +82,20 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-junit-jupiter</artifactId>
-            <version>3.5.13</version>
+            <version>3.6.0</version>
             <scope>test</scope>
         </dependency>
         <!--Integration test dependencies-->
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>exasol-jdbc</artifactId>
-            <version>7.0.0</version>
+            <version>7.0.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>exasol-testcontainers</artifactId>
-            <version>3.1.0</version>
+            <version>3.3.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -102,7 +113,7 @@
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
-            <version>42.2.16</version>
+            <version>42.2.18</version>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
@@ -174,10 +185,18 @@
             <version>0.13.0</version>
             <scope>test</scope>
         </dependency>
+        <!-- Overrides Junit 4.12 which is used in test containers but contains a security issue:
+        https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1 -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.13.1</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.apache.hbase</groupId>
             <artifactId>hbase-server</artifactId>
-            <version>2.3.2</version>
+            <version>2.3.3</version>
             <scope>test</scope>
             <!--Excluding transient dependencies with vulnerabilities-->
             <exclusions>
@@ -235,7 +254,7 @@
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
-            <version>8.0.21</version>
+            <version>8.0.22</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -360,6 +379,13 @@
                         </goals>
                     </execution>
                 </executions>
+                <configuration>
+                    <excludeVulnerabilityIds>
+                        <!-- Ignores CVE-2020-15250, because we use Java 11 and junit 4.13.1 which contains a fix:
+                        https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1 -->
+                        <exclude>7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1</exclude>
+                    </excludeVulnerabilityIds>
+                </configuration>
             </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>