1.0.8 Upgrade Project-Keeper

This release updates project keeper and dependencies.

Refactoring

• Upgrade Project-Keeper

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.1.7 to 7.2.0
• Updated com.exasol:hamcrest-resultset-matcher:1.7.1 to 1.7.2
• Updated com.exasol:test-db-builder-java:3.6.1 to 3.6.3
• Removed org.junit.jupiter:junit-jupiter-api:5.13.0
• Updated org.junit.jupiter:junit-jupiter-params:5.13.0 to 5.13.4
• Updated org.mockito:mockito-junit-jupiter:5.18.0 to 5.20.0
• Removed org.testcontainers:junit-jupiter:1.21.1
• Added org.testcontainers:testcontainers-junit-jupiter:2.0.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.4 to 2.0.5
• Updated com.exasol:project-keeper-maven-plugin:5.2.3 to 5.4.3
• Updated com.exasol:quality-summarizer-maven-plugin:0.2.0 to 0.2.1
• Updated io.github.git-commit-id:git-commit-id-maven-plugin:9.0.1 to 9.0.2
• Updated org.apache.maven.plugins:maven-artifact-plugin:3.6.0 to 3.6.1
• Updated org.apache.maven.plugins:maven-clean-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.14.0 to 3.14.1
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.5.0 to 3.6.2
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.5.3 to 3.5.4
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.7 to 3.2.8
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.11.2 to 3.12.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.5.3 to 3.5.4
• Updated org.codehaus.mojo:flatten-maven-plugin:1.7.0 to 1.7.3
• Updated org.codehaus.mojo:versions-maven-plugin:2.18.0 to 2.19.1
• Updated org.jacoco:jacoco-maven-plugin:0.8.13 to 0.8.14
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:5.1.0.4751 to 5.2.0.4988
• Updated org.sonatype.central:central-publishing-maven-plugin:0.7.0 to 0.9.0

1.0.7 Fixes for vulnerability CVE-2025-48924

This release fixes the following vulnerability:

CVE-2025-48924 (CWE-674) in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CVE: CVE-2025-48924
CWE: CWE-674

References

• https://ossindex.sonatype.org/vulnerability/CVE-2025-48924?component-type=maven&component-name=org.apache.commons%2Fcommons-lang3&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-48924
• GHSA-j288-q9x7-2f5v

Security

• #30: Fixed vulnerability CVE-2025-48924 in dependency org.apache.commons:commons-lang3:jar:3.16.0:test

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.1.5 to 7.1.7

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:2.0.3 to 2.0.4
• Updated com.exasol:project-keeper-maven-plugin:5.1.0 to 5.2.3
• Added org.sonatype.central:central-publishing-maven-plugin:0.7.0
• Removed org.sonatype.plugins:nexus-staging-maven-plugin:1.7.0

1.0.6 Security updates on top of 1.0.5

This release is a security update. We updated the dependencies of the project to fix transitive security issues.

We also added an exception for the OSSIndex for CVE-2024-55551, which is a false positive in Exasol's JDBC driver.
This issue has been fixed quite a while back now, but the OSSIndex unfortunately does not contain the fix version of 24.2.1 (2024-12-10) set.

We also updated the CI build to Ubuntu runner 24.04 and removed Exasol 7.1 from the matrix build.

Features

• #28: Security updates on top of 1.0.5

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:7.0.1 to 7.1.5
• Updated com.exasol:hamcrest-resultset-matcher:1.6.4 to 1.7.1
• Updated com.exasol:maven-project-version-getter:1.2.0 to 1.2.1
• Updated com.exasol:test-db-builder-java:3.5.3 to 3.6.1
• Updated org.hamcrest:hamcrest:2.2 to 3.0
• Added org.junit.jupiter:junit-jupiter-api:5.13.0
• Removed org.junit.jupiter:junit-jupiter-engine:5.10.2
• Updated org.junit.jupiter:junit-jupiter-params:5.10.2 to 5.13.0
• Updated org.mockito:mockito-junit-jupiter:5.10.0 to 5.18.0
• Updated org.slf4j:slf4j-jdk14:2.0.12 to 2.0.17
• Updated org.testcontainers:junit-jupiter:1.19.6 to 1.21.1

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.1 to 2.0.3
• Updated com.exasol:project-keeper-maven-plugin:3.0.1 to 5.1.0
• Added com.exasol:quality-summarizer-maven-plugin:0.2.0
• Added io.github.git-commit-id:git-commit-id-maven-plugin:9.0.1
• Removed io.github.zlika:reproducible-build-maven-plugin:0.16
• Added org.apache.maven.plugins:maven-artifact-plugin:3.6.0
• Updated org.apache.maven.plugins:maven-clean-plugin:3.2.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.11.0 to 3.14.0
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.1.1 to 3.1.4
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.3 to 3.5.3
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.1.0 to 3.2.7
• Updated org.apache.maven.plugins:maven-install-plugin:3.1.2 to 3.1.4
• Updated org.apache.maven.plugins:maven-jar-plugin:3.3.0 to 3.4.2
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.3 to 3.11.2
• Updated org.apache.maven.plugins:maven-site-plugin:3.12.1 to 3.21.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.3 to 3.5.3
• Updated org.apache.maven.plugins:maven-toolchains-plugin:3.1.0 to 3.2.0
• Updated org.codehaus.mojo:flatten-maven-plugin:1.5.0 to 1.7.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.18.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.11 to 0.8.13
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594 to 5.1.0.4751
• Updated org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13 to 1.7.0

1.0.5: Fix CVE-2024-26308 and CVE-2024-25710 in test dependency

Summary

We fixed CVE-2024-26308 and CVE-2024-25710 by updating the transitive test dependency org.apache.commons:commons-compress (was 1.24.0) through updating to exasol-testcontainers 7.0.1.

Please note that the actual UDF API remains unchanged.

Features

• 23: Fixed CVE-2024-25710 by updating transitive dependency
• 24: Fixed CVE-2024-26308 by updating transitive dependency

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.3 to 7.0.1
• Updated com.exasol:hamcrest-resultset-matcher:1.6.2 to 1.6.4
• Updated com.exasol:test-db-builder-java:3.5.2 to 3.5.3
• Updated org.junit.jupiter:junit-jupiter-engine:5.10.1 to 5.10.2
• Updated org.junit.jupiter:junit-jupiter-params:5.10.1 to 5.10.2
• Updated org.mockito:mockito-junit-jupiter:5.7.0 to 5.10.0
• Updated org.slf4j:slf4j-jdk14:2.0.9 to 2.0.12
• Updated org.testcontainers:junit-jupiter:1.19.2 to 1.19.6

Plugin Dependency Updates

• Updated com.exasol:project-keeper-maven-plugin:2.9.16 to 3.0.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.2 to 3.2.3
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.6.2 to 3.6.3
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.2 to 3.2.3
• Added org.apache.maven.plugins:maven-toolchains-plugin:3.1.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.1 to 2.16.2

1.0.4: Fix CVE-2023-4043 in test dependency `org.eclipse.parsson:parsson`

Summary

This release fixes vulnerability CVE-2023-4043 in test dependency org.eclipse.parsson:parsson. The release also runs integration tests with Exasol 8.

Security

• #21: Fixed CVE-2023-4043 in test dependency org.eclipse.parsson:parsson

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.6.2 to 6.6.3
• Updated com.exasol:hamcrest-resultset-matcher:1.6.0 to 1.6.2
• Updated com.exasol:test-db-builder-java:3.5.0 to 3.5.2
• Updated org.junit.jupiter:junit-jupiter-engine:5.10.0 to 5.10.1
• Updated org.junit.jupiter:junit-jupiter-params:5.10.0 to 5.10.1
• Updated org.mockito:mockito-junit-jupiter:5.5.0 to 5.7.0
• Updated org.testcontainers:junit-jupiter:1.19.0 to 1.19.2

Plugin Dependency Updates

• Updated com.exasol:error-code-crawler-maven-plugin:1.3.0 to 1.3.1
• Updated com.exasol:project-keeper-maven-plugin:2.9.12 to 2.9.16
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.4.0 to 3.4.1
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.1.2 to 3.2.2
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.5.0 to 3.6.2
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.1.2 to 3.2.2
• Updated org.codehaus.mojo:versions-maven-plugin:2.16.0 to 2.16.1
• Updated org.jacoco:jacoco-maven-plugin:0.8.10 to 0.8.11
• Updated org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184 to 3.10.0.2594

1.0.3: Fix CVE-2023-42503

Summary

This release fixes CVE-2023-42503 in org.apache.commons:commons-compress by upgrading dependencies.

Security

• #19: Fixed CVE-2023-42503 in org.apache.commons:commons-compress

Dependency Updates

Compile Dependency Updates

• Removed com.exasol:maven-project-version-getter:1.2.0

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.5.0 to 6.6.2
• Updated com.exasol:hamcrest-resultset-matcher:1.5.2 to 1.6.0
• Added com.exasol:maven-project-version-getter:1.2.0
• Updated com.exasol:test-db-builder-java:3.4.1 to 3.5.0
• Updated org.junit.jupiter:junit-jupiter-engine:5.9.2 to 5.10.0
• Updated org.junit.jupiter:junit-jupiter-params:5.9.2 to 5.10.0
• Updated org.mockito:mockito-junit-jupiter:5.0.0 to 5.5.0
• Added org.slf4j:slf4j-jdk14:2.0.9
• Updated org.testcontainers:junit-jupiter:1.17.6 to 1.19.0

Plugin Dependency Updates

• Removed com.exasol:artifact-reference-checker-maven-plugin:0.4.1
• Updated com.exasol:error-code-crawler-maven-plugin:1.2.1 to 1.3.0
• Updated com.exasol:project-keeper-maven-plugin:2.9.1 to 2.9.12
• Updated org.apache.maven.plugins:maven-compiler-plugin:3.10.1 to 3.11.0
• Updated org.apache.maven.plugins:maven-deploy-plugin:3.0.0 to 3.1.1
• Updated org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 to 3.4.0
• Updated org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M7 to 3.1.2
• Updated org.apache.maven.plugins:maven-gpg-plugin:3.0.1 to 3.1.0
• Updated org.apache.maven.plugins:maven-jar-plugin:3.2.0 to 3.3.0
• Updated org.apache.maven.plugins:maven-javadoc-plugin:3.4.1 to 3.5.0
• Updated org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7 to 3.1.2
• Added org.basepom.maven:duplicate-finder-maven-plugin:2.0.1
• Updated org.codehaus.mojo:flatten-maven-plugin:1.3.0 to 1.5.0
• Updated org.codehaus.mojo:versions-maven-plugin:2.13.0 to 2.16.0
• Updated org.jacoco:jacoco-maven-plugin:0.8.8 to 0.8.10

1.0.2: `size()` method

Summary

In this release we documented the size() method and added integration tests for it.

We also updated test dependencies.

Features

• #8: Integration tests and documentation for size() method on data iterator

Dependency Updates

Test Dependency Updates

• Updated com.exasol:exasol-testcontainers:6.3.1 to 6.5.0
• Updated org.junit.jupiter:junit-jupiter-engine:5.9.1 to 5.9.2
• Updated org.junit.jupiter:junit-jupiter-params:5.9.1 to 5.9.2
• Updated org.mockito:mockito-junit-jupiter:4.8.1 to 5.0.0
• Updated org.testcontainers:junit-jupiter:1.17.5 to 1.17.6

1.0.1: Added missing `getTimestamp` method

Summary

The interface method getTimestamp(int column) in class ExaIterator got lost during migration.

Bugfixes

• #16: Added missing interface method

Dependency Updates

Compile Dependency Updates

• Added com.exasol:maven-project-version-getter:1.2.0

Plugin Dependency Updates

• Updated org.apache.maven.plugins:maven-jar-plugin:2.4 to 3.2.0

1.0.0: Extracted UDF API from script-languages

Summary

This is the first separate release of the UDF API. We extracted it from the project script-languages release 2019-07-26. Note that the API has been stable for a very long time and this extracted release did not change the API either. We just extracted it to enable a better way of releasing and distributing the API in the future.

We also updated the JavaDoc. You can read the JavaDoc online.

Refactoring

• #1: Extracted UDF API from script-languages
• #2: Added CI build
• #5: Fixed JavaDoc and code smells
• #7: Added integration test

Dependency Updates

Test Dependency Updates

• Added com.exasol:exasol-testcontainers:6.3.1
• Added com.exasol:hamcrest-resultset-matcher:1.5.2
• Added com.exasol:test-db-builder-java:3.4.1
• Added org.hamcrest:hamcrest:2.2
• Added org.junit.jupiter:junit-jupiter-engine:5.9.1
• Added org.junit.jupiter:junit-jupiter-params:5.9.1
• Added org.mockito:mockito-junit-jupiter:4.8.1
• Added org.testcontainers:junit-jupiter:1.17.5

Plugin Dependency Updates

• Added com.exasol:artifact-reference-checker-maven-plugin:0.4.1
• Added com.exasol:error-code-crawler-maven-plugin:1.2.1
• Added com.exasol:project-keeper-maven-plugin:2.9.1
• Added io.github.zlika:reproducible-build-maven-plugin:0.16
• Added org.apache.maven.plugins:maven-clean-plugin:2.5
• Added org.apache.maven.plugins:maven-compiler-plugin:3.10.1
• Added org.apache.maven.plugins:maven-deploy-plugin:3.0.0
• Added org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
• Added org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M7
• Added org.apache.maven.plugins:maven-gpg-plugin:3.0.1
• Added org.apache.maven.plugins:maven-install-plugin:2.4
• Added org.apache.maven.plugins:maven-jar-plugin:2.4
• Added org.apache.maven.plugins:maven-javadoc-plugin:3.4.1
• Added org.apache.maven.plugins:maven-resources-plugin:2.6
• Added org.apache.maven.plugins:maven-site-plugin:3.3
• Added org.apache.maven.plugins:maven-source-plugin:3.2.1
• Added org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
• Added org.codehaus.mojo:flatten-maven-plugin:1.3.0
• Added org.codehaus.mojo:versions-maven-plugin:2.13.0
• Added org.jacoco:jacoco-maven-plugin:0.8.8
• Added org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184
• Added org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0
• Added org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13