Bump the maven group across 18 directories with 16 updates

[dependabot]

Bumps the maven group with 15 updates in the / directory:

Package	From	To
ch.qos.logback:logback-classic	1.2.3	1.2.13
com.fasterxml.jackson.core:jackson-databind	2.6.7	2.12.7.1
org.apache.commons:commons-compress	1.20	1.26.0
com.google.guava:guava	27.0-jre	32.0.0-jre
mysql:mysql-connector-java	8.0.16	8.0.28
org.apache.avro:avro	1.11.1	1.11.3
org.postgresql:postgresql	42.4.3	42.4.4
com.clickhouse:clickhouse-jdbc	0.3.2-patch9	0.4.6
org.xerial:sqlite-jdbc	3.39.3.0	3.41.2.2
com.amazon.redshift:redshift-jdbc42	2.1.0.9	2.1.0.28
org.apache.pulsar:pulsar-broker	2.11.0	3.0.4
org.apache.hadoop:hadoop-common	2.9.2	3.2.4
org.xerial.snappy:snappy-java	1.1.8.3	1.1.10.4
org.apache.derby:derby	10.14.2.0	10.17.1.0
com.rabbitmq:amqp-client	5.9.0	5.18.0

Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-clickhouse directory: com.clickhouse:clickhouse-jdbc.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-elasticsearch directory: com.google.guava:guava.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-file/connector-file-jindo-oss directory: org.apache.hadoop:hadoop-common.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-file/connector-file-s3 directory: com.google.guava:guava.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-google-firestore directory: com.google.guava:guava.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-google-sheets directory: com.google.guava:guava.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-hudi directory: org.xerial.snappy:snappy-java.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-iceberg directory: org.apache.derby:derby.
Bumps the maven group with 4 updates in the /seatunnel-connectors-v2/connector-jdbc directory: mysql:mysql-connector-java, org.postgresql:postgresql, org.xerial:sqlite-jdbc and com.amazon.redshift:redshift-jdbc42.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-pulsar directory: org.apache.pulsar:pulsar-broker.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-rabbitmq directory: com.rabbitmq:amqp-client.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-s3-redshift directory: com.amazon.redshift:redshift-jdbc42.
Bumps the maven group with 1 update in the /seatunnel-connectors-v2/connector-starrocks directory: mysql:mysql-connector-java.
Bumps the maven group with 1 update in the /seatunnel-e2e/seatunnel-connector-v2-e2e/connector-cdc-mongodb-e2e directory: mysql:mysql-connector-java.
Bumps the maven group with 1 update in the /seatunnel-examples/seatunnel-spark-connector-v2-example directory: com.fasterxml.jackson.core:jackson-databind.
Bumps the maven group with 1 update in the /seatunnel-formats/seatunnel-format-avro directory: org.apache.avro:avro.
Bumps the maven group with 2 updates in the /seatunnel-shade/seatunnel-hadoop3-3.1.4-uber directory: com.google.guava:guava and org.xerial.snappy:snappy-java.

Updates ch.qos.logback:logback-classic from 1.2.3 to 1.2.13

Commits

• 2648b9e prepare release 1.2.13
• bb09515 fix CVE-2023-6378
• 4573294 start work on 1.2.13-SNAPSHOT
• a388193 Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x
• de44dc4 prepare release 1.2.12
• ca0cf17 Merge pull request #532 from joakime/fix-jetty-requestlog
• e31609b removed unused files
• 21e29ef Merge pull request #567 from spliffone/LOGBACK-1633
• e869000 fix: published POM file contain the wrong scm URL
• 009ea46 version for next dev cycle
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.2.3 to 1.2.13

Commits

• 2648b9e prepare release 1.2.13
• bb09515 fix CVE-2023-6378
• 4573294 start work on 1.2.13-SNAPSHOT
• a388193 Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x
• de44dc4 prepare release 1.2.12
• ca0cf17 Merge pull request #532 from joakime/fix-jetty-requestlog
• e31609b removed unused files
• 21e29ef Merge pull request #567 from spliffone/LOGBACK-1633
• e869000 fix: published POM file contain the wrong scm URL
• 009ea46 version for next dev cycle
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.6.7 to 2.12.7.1

Commits

• See full diff in compare view

Updates org.apache.commons:commons-compress from 1.20 to 1.26.0

Updates com.google.guava:guava from 27.0-jre to 32.0.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

32.0.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.0.0-jre</version>
  <!-- or, for Android: -->
  <version>32.0.0-android</version>
</dependency>

Jar files

• 32.0.0-jre.jar
• 32.0.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 32.0.0-jre
• 32.0.0-android

JDiff

• 32.0.0-jre vs. 31.1-jre
• 32.0.0-android vs. 31.1-android
• 32.0.0-android vs. 32.0.0-jre

Changelog

Security fixes

• Reimplemented Files.createTempDir and FileBackedOutputStream to further address CVE-2020-8908 (#4011) and CVE-2023-2976 (#2575). (feb83a1c8f)

While CVE-2020-8908 was officially closed when we deprecated Files.createTempDir in Guava 30.0, we've heard from users that even recent versions of Guava have been listed as vulnerable in other databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used FileBackedOutputStream class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under "Incompatible changes" below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to 32.0.1 which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while we warn that common.io in particular may not work under Windows, we didn't intend to regress support.) Sorry for the trouble.

Incompatible changes

Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the guava artifact.

One change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations:

• The new implementations of Files.createTempDir and FileBackedOutputStream throw an exception under Windows. This is fixed in 32.0.1. Sorry for the trouble.
• guava-gwt now requires GWT 2.10.0.
• This release makes a binary-incompatible change to a @Beta API in the separate artifact guava-testlib. Specifically, we changed the return type of TestingExecutors.sameThreadScheduledExecutor to ListeningScheduledExecutorService. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)

... (truncated)

Commits

• See full diff in compare view

Updates mysql:mysql-connector-java from 8.0.16 to 8.0.28

Changelog

Sourced from mysql:mysql-connector-java's changelog.

Changelog

https://dev.mysql.com/doc/relnotes/connector-j/en/

Version 9.0.0

• WL#16391, Upgrade 3rd party libraries and tools.

• Fix for Bug#114800 (Bug#36576596), Wrong code by an old patch.

• Fix for Bug#114846 (Bug#36574322), Auto-closeable X dev session. Thanks to Daniel Kec for his contribution.

• Fix for Bug#114989 (Bug#36612566), Setting null value in setClientInfo throws an NPE.

• WL#16376, Set 'caching_sha2_password' as default fallback authentication plugin.

• WL#16342, Update MySQL error codes mapping.

• WL#16353, Refresh the list of acceptable TLS ciphers.

• Fix for Bug#114687 (Bug#36529541), Tests fail after mysql_native_password has been made optional in server.

• WL#16319, Remove deprecated insensitive terminology based methods.

• WL#16324, Update static MySQL keywords list.

• Fix for Bug#110512 (Bug#35223851), Contribution: Replace synchronized with ReentrantLock. Thanks to Bart De Neuter and Janick Reynders for their contributions.

• Fix for Bug#108830 (Bug#34721173), LIMIT clause, setMaxRows and cursor combined returns wrong number or rows.

Version 8.4.0

• WL#15706, Add OpenTelemetry tracing.

• WL#16174, Support for VECTOR data type.

• Fix for Bug#36380711, Tests failing due to removal of deprecated features.

• Fix for Bug#113600 (Bug#36171575), Contribution: Fix join condition for retrieval of imported primary keys. Thanks to Henning Pöttker for his contribution.

• WL#16196, GPL License Exception Update.

• Fix for Bug#111031 (Bug#35392222), Contribution: Update SyntaxRegressionTest.java. Thanks to Abby Palmero for her contribution.

• Fix for Bug#113599 (Bug#36171571), Contribution: Replace StringBuffer with StringBuilder in ValueEncoders. Thanks to Henning Pöttker for his contribution.

... (truncated)

Commits

• 7ff2161 Updating copyright years
• b13af38 Fix for DateTimeTest according to changes in MySQL server.
• 5c7b775 Update in test for Bug#96900 (30355150).
• e1169ee Fix for Bug#99260 (31189960), statement.setQueryTimeout,creates a database co...
• 05778ef Fix for Bug#103324 (32770013), X DevAPI Collection.replaceOne() missing match...
• 48219f2 Fix for Bug#105197 (33461744), Statement.executeQuery() may return non-naviga...
• 24cf7e2 Fix for Bug#105323 (33507321), README.md contains broken links.
• ad46620 Fix for Bug#96900 (30355150), STATEMENT.CANCEL()CREATE A DATABASE
• 4d19ea1 Fix for Bug#104067 (33054827), No reset autoCommit after unknown issue occurs.
• bc45d35 Fix for Bug#85223 (25656020), MYSQLSQLXML SETSTRING CRASH.
• Additional commits viewable in compare view

Updates org.apache.avro:avro from 1.11.1 to 1.11.3

Updates org.postgresql:postgresql from 42.4.3 to 42.4.4

Changelog

Sourced from org.postgresql:postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.7.3] (2024-04-14 14:51:00 -0400)

Changed

• chore: gradle config enforces 17+ [PR #3147](pgjdbc/pgjdbc#3147)

Fixed

• fix: boolean types not handled in SimpleQuery mode [PR #3146](pgjdbc/pgjdbc#3146)
  • make sure we handle boolean types in simple query mode
  • support uuid as well
  • handle all well known types in text mode and change else if to switch
• fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with NoSuchMethodError on ByteBuffer#position when running on Java 8

[42.7.2] (2024-02-21 08:23:00 -0500)

Security

• security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a - such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

• fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](pgjdbc/pgjdbc#3101)
• perf: Avoid autoboxing bind indexes by @​bokken in [PR #1244](pgjdbc/pgjdbc#1244)
• refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in [PR #3084](pgjdbc/pgjdbc#3084)

Added

• feat: Add PasswordUtil for encrypting passwords client side [PR #3082](pgjdbc/pgjdbc#3082)

[42.7.1] (2023-12-06 08:34:00 -0500)

Changed

• perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](pgjdbc/pgjdbc#3044)

Fixed

• fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken [PR #3040](pgjdbc/pgjdbc#3040)
• fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc [PR #2720](pgjdbc/pgjdbc#2720) Fixes [Issue #2690](pgjdbc/pgjdbc#2720).
• fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes [Issue #3014](pgjdbc/pgjdbc#3014)
• Revert "[PR #2925](pgjdbc/pgjdbc#2925) Use canonical DateStyle name" [PR #3035](pgjdbc/pgjdbc#3035) Fixes [Issue #3008](pgjdbc/pgjdbc#3008)
• Revert "[PR ##2973](pgjdbc/pgjdbc#2973) feat: support SET statements combining with other queries with semicolon in PreparedStatement" [PR #3010](pgjdbc/pgjdbc#3010)

... (truncated)

Commits

• fe002b3 Merge pull request from GHSA-24rp-q3w6-vc56
• e479be1 Merge pull request from GHSA-24rp-q3w6-vc56
• See full diff in compare view

Updates com.clickhouse:clickhouse-jdbc from 0.3.2-patch9 to 0.4.6

Release notes

Sourced from com.clickhouse:clickhouse-jdbc's releases.

Release v0.4.6

This is a patch release mainly for bug fixes. It's highly recommended to upgrade, especially when you're using nested arrays, or client certificate authentication with password protection.

• 🐛 Bug Fix

  • Too many socket fds generated by Apache HttpClient - by @​JackyWoo
  • NoClassDefFoundError with clickhouse-apache-http-client-jdbc - #1319 by @​JackyWoo
  • Nested array in tuple array is incorrectly deserialized - #1324
  • Client certificate password exposure in exception - #1331

• ✨ New Feature

  • ClickHouseStatement.setMirroredOutput() for dumping ResultSet
  • ClickHouseResponse.records(Class) for object mapping
  • Two new options(use_compilation & max_mapper_cache) reserved for future usage

Release v0.4.5

Another tiny release trying to unblock some of the work relying on Java client. You don't have to upgrade if you use JDBC or R2DBC driver.

• 💥 BREAKING CHANGES

  • Refactored data processors and response classes to ensure input stream remain intact before first read - performance penalty is ~3%
    • move ClickHouseSimpleRecord to com.clickhouse.data
    • stop reading input stream when instantiating ClickHouseDataProcessor
    • remove createRecord() method in ClickHouseDataProcessor along with some duplicated code

• 🐛 Bug Fix

  • Slow when using Apache Http Client - #1320 by @​JackyWoo
  • ClickHouseResponse.getInputStream may return closed input stream
  • ConcurrentModificationException may occur during deserialization - #1327 by @​pan3793
  • ClickHouseSslContextProvider is not customizable - #1329

• ✨ New Feature

  • Disabled SQL rewrite for DELETE statement in ClickHouse 23.3+

• 🎨 Misc

  • bump MySQL JDBC driver to 8.0.33 - by @​pan3793

Release v0.4.4

Same as v0.4.3 except updated POM for the following changes:

• bump dependencies
• roll back Maven flatten plugin from 1.4.1 to 1.2.7

Release v0.4.3

Warning Please upgrade to v0.4.4 to resolve dependency issue.

This is a tiny release for bug fixing. Please upgrade if your work rely on text-based data format and/or R2DBC driver.

• 🐛 Bug Fix
  • unable to convert empty string to default value when using text-based data format
  • r2dbc driver does not support most client options - #1299
  • incorrect content from Lz4InputStream when using text-based data format - ClickHouse/ClickHouse#48446

... (truncated)

Changelog

Sourced from com.clickhouse:clickhouse-jdbc's changelog.

0.4.6, 2023-05-02

New Features

• ClickHouseStatement.setMirroredOutput() for dumping ResultSet.
• ClickHouseResponse.records(Class) for object mapping.
• Two new options(use_compilation & max_mapper_cache) reserved for future usage.

Bug Fixes

• Too many socket fds generated by Apache HttpClient.
• NoClassDefFoundError with clickhouse-apache-http-client-jdbc. #1319
• Nested array in tuple array is incorrectly deserialized. #1324
• client certificate password exposure in exception. #1331

0.4.5, 2023-04-25

Breaking Changes

• refactor data processors and response classes to ensure input stream remain intact before first read:
  • move ClickHouseSimpleRecord to com.clickhouse.data
  • stop reading input stream when instantiating ClickHouseDataProcessor
  • remove createRecord() method in ClickHouseDataProcessor along with some duplicated code

New Features

• disable SQL rewrite for DELETE statement in ClickHouse 23.3+

Bug Fixes

• Slow when using Apache Http Client. #1320
• ClickHouseResponse.getInputStream may return closed input stream.
• ConcurrentModificationException may occure during deserialization. #1327
• ClickHouseSslContextProvider is not customizable. #1329

0.4.4, 2023-04-17

Bug Fixes

• flatten plugin 1.4.1 generated non-sense dependencies.

0.4.3, 2023-04-17

New Features

• replace JavaCC21 with CongoCC

Bug Fixes

• unable to convert empty string to default value when using text-based data format.

... (truncated)

Commits

• dd91e17 Merge pull request #1346 from zhicwu/main
• 230f199 Fix issues reported by SonarCloud
• d2969f1 Log one more bug fix
• b9a3f8f update description
• 0db2a5c update readme
• a068fc7 Merge pull request #1345 from zhicwu/main
• e3d7847 Add tests to cover insert AggregateFunction and column with default value
• e9b9197 Merge pull request #1344 from zhicwu/main
• bf68187 Remove false optimization to fix deserialization issue of nested array in oth...
• 7c5ccbe Merge pull request #1343 from zhicwu/main
• Additional commits viewable in compare view

Updates org.xerial:sqlite-jdbc from 3.39.3.0 to 3.41.2.2

Release notes

Sourced from org.xerial:sqlite-jdbc's releases.

Release 3.41.2.2

Changelog

🚀 Features

jdbc

• add support for LocalDate, LocalTime, LocalDateTime in ResultSet#getObject (1d2ff63)
• implement PreparedStatement getParameterType and getParameterTypeName (bdb3d8a)

native-image

• resource optimization and configuration to export native lib (6f42683)

🐛 Fixes

• use random UUID for external resources (edb4b8a)

🛠 Build

deps

• bump native-maven-plugin from 0.9.21 to 0.9.22 (48e8ebe)
• bump graal-sdk from 22.3.0 to 22.3.2 (128d9b2)
• bump surefire.version from 3.0.0 to 3.1.0 (658e907)
• bump maven-gpg-plugin from 3.0.1 to 3.1.0 (f149f9f)
• bump jreleaser-maven-plugin from 1.5.1 to 1.6.0 (d028636)
• bump native-maven-plugin from 0.9.20 to 0.9.21 (08b5e35)
• bump maven-enforcer-plugin from 3.2.1 to 3.3.0 (3b3af82)
• bump maven-compiler-plugin from 3.10.1 to 3.11.0 (52b7701)
• bump versions-maven-plugin from 2.13.0 to 2.15.0 (a0e0191)
• bump maven-help-plugin from 3.3.0 to 3.4.0 (739a27c)

deps-dev

• bump junit-jupiter from 5.9.2 to 5.9.3 (e64e348)
• bump mockito-core from 5.3.0 to 5.3.1 (6e94e6b)
• bump logback-classic from 1.4.6 to 1.4.7 (5a4f485)
• bump mockito-core from 5.2.0 to 5.3.0 (d0adb0f)
• bump junit-pioneer from 2.0.0 to 2.0.1 (2b00983)
• bump junit-jupiter from 5.9.1 to 5.9.2 (c917e81)
• bump logback-classic from 1.4.5 to 1.4.6 (eab4939)

unscoped

• replace jdk 19 with 20 (0c5a645)
• replace asciidoc variables during release (0053e60)
• run spotless:check during maven verify phase (043efd7)

📝 Documentation

• use markdown for SECURITY.md because Github doesn't support Asciidoc (00e9c3f)
• convert markdown to asciidoc (fb0f263)

Contributors

We'd like to thank the following people for their contributions:

... (truncated)

Commits

• 080c808 chore(release): 3.41.2.2 [skip ci]
• edb4b8a fix: use random UUID for external resources
• 0c5a645 ci: replace jdk 19 with 20
• 48e8ebe build(deps): bump native-maven-plugin from 0.9.21 to 0.9.22
• 00e9c3f docs: use markdown for SECURITY.md because Github doesn't support Asciidoc
• 0053e60 ci: replace asciidoc variables during release
• fb0f263 docs: convert markdown to asciidoc
• 128d9b2 build(deps): bump graal-sdk from 22.3.0 to 22.3.2
• 658e907 build(deps): bump surefire.version from 3.0.0 to 3.1.0
• f149f9f build(deps): bump maven-gpg-plugin from 3.0.1 to 3.1.0
• Additional commits viewable in compare view

Updates com.amazon.redshift:redshift-jdbc42 from 2.1.0.9 to 2.1.0.28

Release notes

Sourced from com.amazon.redshift:redshift-jdbc42's releases.

v2.1.0.28

Release of driver version 2.1.0.28

v2.1.0.26

Release of driver version 2.1.0.26

v2.1.0.25

Release of driver version 2.1.0.25

v2.1.0.24

Release of driver version 2.1.0.24

v2.1.0.23

Release of driver version 2.1.0.23

v2.1.0.22

Release of driver version 2.1.0.22

v2.1.0.21

Release of driver version 2.1.0.21

v2.1.0.20

Release of driver version 2.1.0.20

v2.1.0.19

Release of driver version 2.1.0.19

v2.1.0.18

Release of driver version 2.1.0.18

v2.1.0.17

Release of driver version 2.1.0.17

v2.1.0.16

Release of driver version 2.1.0.16

v2.1.0.14

Release of driver version 2.1.0.14

v2.1.0.13

Release of version 2.1.0.13

v2.1.0.12

Release of version 2.1.0.12

v2.1.0.11

Release of version 2.1.0.11

v2.1.0.10

No release notes provided.

Changelog

Sourced from com.amazon.redshift:redshift-jdbc42's changelog.

v2.1.0.28 (2024-05-14)

• Security improvements (CVE-2024-32888) [Beaux Sharifi]
• Consolidated SDK API calls for retrieving cluster credentials for serverless instances. [Beaux Sharifi]
• Added logging of returned cluster identifiers during custom domain name resolution to aid debugging. [Beaux Sharifi]
• Added Object IDentifier (OID) mappings for missing Redshift data types. [Beaux Sharifi]
• Added null check for IsServerless property within IamHelper to address Dbeaver error (GitHub Issue #114) [Beaux Sharifi]

v2.1.0.27 (2024-05-07)

• This version was published to Maven in error and is not recommended for use. [Beaux Sharifi]

v2.1.0.26 (2024-02-12)

• Enhanced capability to retrieve results of OUT parameters from stored procedures by parsing the result set [Bhavik Shah]
• Added tolerance for SQL comments after semi-colons - queries with trailing comments will no longer error, preventing failures from valid comment usage [Bhavik Shah]
• Added support for TIME datatype to display up to 6 digits of fractional second data [Bhavik Shah]
• Improved behavior of the PWD connection property for specifying passwords issue#105 [Bhavik Shah]
• Added performance testing use cases [Bhavik Shah]
• Enhanced debug-level logging during query execution for better diagnostics and tracing when troubleshooting issues [Bhavik Shah]
• Upgraded Jackson version from 2.15.0 to 2.16.0 [Bhavik Shah]

v2.1.0.25 (2024-01-17)

• Added support for loading custom trust store types using the system property “javax.net.ssl.trustStoreType” [Bhavik Shah]
• Fixed a bug where an incorrect version number was displayed in Maven Central for AWS SDK dependencies used by the driver [Bhavik Shah]
• Set default value for the Connection Option “compression” to “off” [Bhavik Shah]

v2.1.0.24 (2023-12-14)

• Fixed a bug where connection setup would fail if compression was explicitly turned off in both the driver and the server [Bhavik Shah]
• Improved driver performance when closing statements with partially read results [Bhavik Shah]
• Removed unnecessary loading of Redshift CA certs into default truststore [Bhavik Shah]

v2.1.0.23 (2023-11-20)

• Feature: Added ability to connect to datashare databases for clusters and serverless workgroups running the PREVIEW_2023 track [Bhavik Shah]
• Removed BrowserIdcAuthPlugin [Bhavik Shah]

v2.1.0.22 (2023-11-09)

• Added support for Custom Cluster Names (CNAME) for Amazon Redshift Serverless [Bhavik Shah]
• Added support for IntervalY2M and IntervalD2S data types, which are mapped to the java.sql type Types.OTHER [Bhavik Shah]
• Improved XML parsing [Bhavik Shah]
• Fixed a bug where driver threw an error if connection options were not provided as a string object [Bhavik Shah]
• Added the ability to set session level timezone to local JVM timezone or Redshift server timezone using new connection option ‘ConnectionTimezone’. By default, the session level timezone is set to local timezone [Bhavik Shah]
• Driver now throws an error if timestamp data retrieved from queries is invalid [Bhavik Shah]
• Fixed a bug where closing a statement explicitly introduced performance latency issue#100 [Bhavik Shah]
• Bump AWS Java SDK dependencies from 1.12.493 to 1.12.577 [Bhavik Shah]

... (truncated)

Commits

• 51af003 Update README.md for version 2.1.0.28
• 0d354a5 Update CHANGELOG.md for version 2.1.0.28
• cdb9e8a Removing cname:region support because it is unnecessary.
• 660341b Fix potential null pointer exception.
• cc22326 Fixing OID mapping.
• 6af4f3b Improved logging for iam auth
• 12a5e8e More security improvements.
• 0f92b52 Enhancements to CNAME
• e83c58e Always call getCredentials for Serverless for normal use cases.
• bc93694 Security improvements.
• Additional commits viewable in compare view

Updates org.apache.pulsar:pulsar-broker from 2.11.0 to 3.0.4

Release notes

Sourced from org.apache.pulsar:pulsar-broker's releases.

v3.0.4

What's Changed

Broker

• [fix][broker] Avoid execute prepareInitPoliciesCacheAsync if namespace is deleted (#22268)
• [fix][broker] Avoid expired unclosed ledgers when checking expired messages by ledger closure time (#22335)
• [fix][broker] Check cursor state before adding it to the waitingCursors (#22191)
• [fix][broker] Close dispatchers stuck due to mismatch between dispatcher.consumerList and dispatcher.consumerSet (#22270)
• [fix][broker] Fix OpReadEntry.skipCondition NPE issue (#22367)
• [fix][broker] Fix ResourceGroup report local usage (#22340)
• [fix][broker] Fix ResourceGroups loading (#21781)
• [fix][broker] Fix issue of field 'topic' is not set when handle GetSchema request (#22377)
• [fix][broker] Fix wrong double-checked locking for readOnActiveConsumerTask in dispatcher (#22279)
• [fix][broker] fix mismatch between dispatcher.consumerList and dispatcher.consumerSet (#22283)
• [fix][ml]Expose ledger timestamp (#22338)
• [improve][admin] Fix the createMissingPartitions doesn't response correctly (#22311)
• [improve][broker] Add createTopicIfDoesNotExist option to RawReader constructor (#22264)
• [improve][broker] Add fine-grain authorization to ns/topic management endpoints (#22309)
• [improve][broker] Add missing configuration keys for caching catch-up reads (#22295)
• [improve][broker] Change log level to reduce duplicated logs (#22147)

Client

• [fix][client] Consumer lost message ack due to race condition in acknowledge with batch message (#22353)
• [fix][client] Fix wrong results of hasMessageAvailable and readNext after seeking by timestamp (#22363)
• [fix][client] GenericProtobufNativeSchema not implement getNativeSchema method. (#22204)
• [fix][client] Unclear error message when creating a consumer with two same topics (#22255)
• [fix][client] fix Reader.hasMessageAvailable might return true after seeking to latest (#22201)
• [fix][client]Fixed getting an incorrect maxMessageSize value when accessing multiple clusters in the same process (#22306)
• [improve][client] Add backoff for seek (#20963)

Pulsar IO and Pulsar Functions

• [fix][fn] enable Go function token auth and TLS (#20468)

Others

• [improve][misc] Remove the call to sun InetAddressCachePolicy (#22329)
• [fix][misc] Make ConcurrentBitSet thread safe (#22361)
• [fix][ws] Check the validity of config before start websocket service (#22231)

Library updates

• [fix][sec] Upgrade jose4j to 0.9.4 (#22273)
• [fix][sec] Bump google.golang.org/grpc from 1.38.0 to 1.56.3 in /pulsar-function-go (#21444)
• [fix][sec] Go Functions security updates (#21844)
• [fix][sec] Upgrade Zookeeper to 3.9.2 to address CVE-2024-23944 (#22275)
• [fix][sec] Upgrade prometheus client_golang to v1.12.2 to fix CVE-2022-21698 (#20579)
• [fix][build] Upgrade alluxio version to 2.9.3 to fix CVE-2023-38889 (#21715)

... (truncated)

Commits

• 5a1fa0c [fix][broker] Fix issue of field 'topic' is not set when handle GetSchema req...
• 2e13fba Release 3.0.4
• 8f17446 [improve][test][branch-3.0] Improve ManagedLedgerTest.testGetNumberOfEntriesI...
• d3f0a4b [improve][misc] Pin Netty version in pulsar-io/alluxio (#21728)
• 31f0ae4 [fix][build] Upgrade alluxio version to 2.9.3 to fix CVE-2023-38889 (#21715)
• c74eec7 [fix][test] Fix flaky test BrokerServiceAutoSubscriptionCreationTest (#22190)
• e3531e8 [fix][test][branch-3.0] Fix broken ManagedLedgerTest.testGetNumberOfEntriesIn...
• 1b9ae2e [improve][misc] Remove the call to sun InetAddressCachePolicy (#22329)
• ba8ff27 [fix][broker] Check cursor state before adding it to the waitingCursors (#2...
• 1045f8b [fix][client] Fix wrong results of hasMessageAvailable and readNext after see...
• Additional commits viewable in compare view

Updates org.apache.hadoop:hadoop-common from 2.9.2 to 3.2.4

Updates org.xerial.snappy:snappy-java from 1.1.8.3 to 1.1.10.4

Release notes

Sourced from org.xerial.snappy:snappy-java's releases.

v1.1.10.4

What's Changed

Security Fix

• CVE-2023-43642 Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by @​tunnelshade (code change)
  • This does not affect users only using Snappy.compress/uncompress methods

🚀 Features

• feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by @​xerial in xerial/snappy-java#508
• Support JDK21 (no internal change)

🔗 Dependency Updates

• Update scalafmt-core to 3.7.11 by @​xerial-bot in xerial/snappy-java#485
• Update sbt to 1.9.3 by @​xerial-bot in xerial/snappy-java#483
• Update scalafmt-core to 3.7.12 by @​xerial-bot in xerial/snappy-java#487
• Bump actions/checkout from 3 to 4 by @​dependabot in xerial/snappy-java#502
• Update sbt to 1.9.4 by @​xerial-bot in xerial/snappy-java#496
• Update scalafmt-core to 3.7.14 by @​xerial-bot in xerial/snappy-java#501
• Update sbt to 1.9.6 by @​xerial-bot in xerial/snappy-java#505
• Update native libraries by @​github-actions in xerial/snappy-java#503

🛠 Internal Updates

• Update airframe-log to 23.7.4 by @​xerial-bot in xerial/snappy-java#486
• Update airframe-log to 23.8.0 by @​xerial-bot in xerial/snappy-java#488
• Update sbt-scalafmt to 2.5.2 by @​xerial-bot in xerial/snappy-java#500
• Update airframe-log to 23.8.6 by @​xerial-bot in xerial/snappy-java#497
• Update sbt-scalafmt to 2.5.1 by @​xerial-bot in xerial/snappy-java#499
• Update airframe-log to 23.9.1 by @​xerial-bot in xerial/snappy-java#504
• Update airframe-log to 23.9.2 by @​xerial-bot in xerial/snappy-java#509

Other Changes

• Update NOTICE by @​imsudiproy in xerial/snappy-java#492

Full Changelog: xerial/snappy-java@v1.1.10.3...v1.1.10.4

v1.1.10.3

What's Changed

🐛 Bug Fixes

• Fix the GLIBC_2.32 not found issue of libsnappyjava.so in certain Linux distributions on s390x by @​kun-lu20 in xerial/snappy-java#481

🔗 Dependency Updates

• Update scalafmt-core to 3.7.10 by @​xerial-bot in xerial/snappy-java#480
• Update native libraries by @​github-actions in xerial/snappy-java#482

New Contributors

• @​kun-lu20 made their first contribution in xerial/snappy-java#481

... (truncated)

Commits

• 9f8c3cf Merge pull request from GHSA-55g7-9cwv-5qfv
• 49d7001 Update airframe-log to 23.9.2 (#509)
• 1f07c31 Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (#503)
• 13f8db1 Update sbt to 1.9.6 (#505)
• f2e97f2 feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...
• 98b2225 Update airframe-log to 23.9.1 (#504)
• 9f29b5c Update NOTICE (#492)
• 55639b5 Update sbt-scalafmt to 2.5.1 (#499)
• a5d81a6 Update airframe-log to 23.8.6 (#497)
• 6495da1 Update scalafmt-core to 3.7.14 (#501)
• Additional commits viewable in compare view

Updates org.apache.derby:derby from 10.14.2.0 to 10.17.1.0

Updates com.rabbitmq:amqp-client from 5.9.0 to 5.18.0

Release notes

Sourced from com.rabbitmq:amqp-client's releases.

v5.18.0

Changes between 5.17.0 and 5.18.0

This is a minor release with usability improvements and dependency upgrades. It is compatible with 5.17.x. All users of the 5.x.x series are encouraged to upgrade.

Inbound message size is now enforced, with default limit being 64 MiB.

Thanks to @​JHahnHRO and Sérgio Faria (@​sergio91pt) for their contribution.

Add ability to specify maximum message size

GitHub issue: #1062

Do...

Description has been truncated