diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index 63f3e50..2dd25b6 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -227,5 +227,6 @@ jobs:
}
uses: ./.github/workflows/release.yml
with: {
- started-from-ci: true
+ started-from-ci: true,
+ maven-central-auto-publish: true
}
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
index 0832e80..41c1253 100644
--- a/.github/workflows/dependencies_check.yml
+++ b/.github/workflows/dependencies_check.yml
@@ -18,7 +18,7 @@ jobs:
issues: write
}
outputs: {
- created-issues: '${{ steps.security-issues.outputs.created-issues }}'
+ created-issues: '${{ steps.create-security-issues.outputs.created-issues }}'
}
concurrency: {
group: '${{ github.workflow }}-report_security_issues',
@@ -60,7 +60,7 @@ jobs:
echo "$CREATED_ISSUES" > test.jsonl
cat test.jsonl
env: {
- CREATED_ISSUES: '${{ steps.security-issues.outputs.created-issues }}'
+ CREATED_ISSUES: '${{ steps.create-security-issues.outputs.created-issues }}'
}
start_dependency_udpate:
needs: report_security_issues
diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml
index c901506..007215d 100644
--- a/.github/workflows/dependencies_update.yml
+++ b/.github/workflows/dependencies_update.yml
@@ -172,5 +172,5 @@ jobs:
message_format: '{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}'
}
env: {
- SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}'
+ SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SECURITY_UPDATES_WEBHOOK }}'
}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e4682a3..db9d10a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,6 +9,12 @@ on:
required: true,
default: false
}
+ maven-central-auto-publish: {
+ description: 'Automatically publish to Maven Central. Deactivate to manually publish at https://central.sonatype.com/publishing/deployments',
+ required: true,
+ type: boolean,
+ default: true
+ }
workflow_dispatch:
inputs:
skip-maven-central: {
@@ -17,6 +23,12 @@ on:
type: boolean,
default: false
}
+ maven-central-auto-publish: {
+ description: 'Automatically publish to Maven Central. Deactivate to manually publish at https://central.sonatype.com/publishing/deployments',
+ required: true,
+ type: boolean,
+ default: true
+ }
skip-github-release: {
description: Skip creating the GitHub release,
required: true,
@@ -56,7 +68,7 @@ jobs:
11
17
cache: maven
- server-id: ossrh
+ server-id: maven-central-portal
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
@@ -120,11 +132,18 @@ jobs:
if: ${{ true && (! inputs.skip-maven-central) }}
run: |
echo "#### Maven Central Release" >> "$GITHUB_STEP_SUMMARY"
- mvn --batch-mode -Dgpg.skip=false -DskipTests deploy
- echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY"
+ mvn --batch-mode -Dgpg.skip=false -DskipTests deploy \
+ -Dcentral-publishing.deploymentName="Auto release of repo ${{ github.repository }} using PK release.yml" \
+ -Dcentral-publishing.autoPublish=${{ inputs.maven-central-auto-publish }}
+ if [[ "${{ inputs.maven-central-auto-publish }}" == "true" ]]; then
+ echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY"
+ else
+ echo "Uploaded to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY"
+ echo "⚠️ Go to https://central.sonatype.com/publishing/deployments to publish the release ⚠️" >> "$GITHUB_STEP_SUMMARY"
+ fi
env: {
- MAVEN_USERNAME: '${{ secrets.OSSRH_USERNAME }}',
- MAVEN_PASSWORD: '${{ secrets.OSSRH_PASSWORD }}',
+ MAVEN_USERNAME: '${{ secrets.MAVEN_CENTRAL_PORTAL_USERNAME }}',
+ MAVEN_PASSWORD: '${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN }}',
MAVEN_GPG_PASSPHRASE: '${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}'
}
- name: Calculate Artifact Checksums
diff --git a/.vscode/settings.json b/.vscode/settings.json
index 30f0f3f..f673fd5 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -18,5 +18,6 @@
"sonarlint.connectedMode.project": {
"connectionId": "exasol",
"projectKey": "com.exasol:udf-debugging-java"
- }
-}
+ },
+ "java.configuration.updateBuildConfiguration": "automatic"
+}
\ No newline at end of file
diff --git a/dependencies.md b/dependencies.md
index 3778478..b8962ce 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -57,12 +57,12 @@
| [Apache Maven GPG Plugin][51] | [Apache-2.0][12] |
| [Apache Maven Source Plugin][52] | [Apache License, Version 2.0][12] |
| [Apache Maven Javadoc Plugin][53] | [Apache-2.0][12] |
-| [Nexus Staging Maven Plugin][54] | [Eclipse Public License][55] |
-| [Maven Failsafe Plugin][56] | [Apache-2.0][12] |
-| [JaCoCo :: Maven Plugin][57] | [EPL-2.0][6] |
-| [Quality Summarizer Maven Plugin][58] | [MIT License][59] |
-| [error-code-crawler-maven-plugin][60] | [MIT License][61] |
-| [Git Commit Id Maven Plugin][62] | [GNU Lesser General Public License 3.0][63] |
+| [Central Publishing Maven Plugin][54] | [The Apache License, Version 2.0][12] |
+| [Maven Failsafe Plugin][55] | [Apache-2.0][12] |
+| [JaCoCo :: Maven Plugin][56] | [EPL-2.0][6] |
+| [Quality Summarizer Maven Plugin][57] | [MIT License][58] |
+| [error-code-crawler-maven-plugin][59] | [MIT License][60] |
+| [Git Commit Id Maven Plugin][61] | [GNU Lesser General Public License 3.0][62] |
[0]: https://github.com/eclipse-ee4j/jsonp
[1]: https://projects.eclipse.org/license/epl-2.0
@@ -118,13 +118,12 @@
[51]: https://maven.apache.org/plugins/maven-gpg-plugin/
[52]: https://maven.apache.org/plugins/maven-source-plugin/
[53]: https://maven.apache.org/plugins/maven-javadoc-plugin/
-[54]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/
-[55]: http://www.eclipse.org/legal/epl-v10.html
-[56]: https://maven.apache.org/surefire/maven-failsafe-plugin/
-[57]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
-[58]: https://github.com/exasol/quality-summarizer-maven-plugin/
-[59]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE
-[60]: https://github.com/exasol/error-code-crawler-maven-plugin/
-[61]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
-[62]: https://github.com/git-commit-id/git-commit-id-maven-plugin
-[63]: http://www.gnu.org/licenses/lgpl-3.0.txt
+[54]: https://central.sonatype.org
+[55]: https://maven.apache.org/surefire/maven-failsafe-plugin/
+[56]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
+[57]: https://github.com/exasol/quality-summarizer-maven-plugin/
+[58]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE
+[59]: https://github.com/exasol/error-code-crawler-maven-plugin/
+[60]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
+[61]: https://github.com/git-commit-id/git-commit-id-maven-plugin
+[62]: http://www.gnu.org/licenses/lgpl-3.0.txt
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 39e84a8..0df245b 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [0.6.17](changes_0.6.17.md)
* [0.6.16](changes_0.6.16.md)
* [0.6.15](changes_0.6.15.md)
* [0.6.14](changes_0.6.14.md)
diff --git a/doc/changes/changes_0.6.17.md b/doc/changes/changes_0.6.17.md
new file mode 100644
index 0000000..1bf947e
--- /dev/null
+++ b/doc/changes/changes_0.6.17.md
@@ -0,0 +1,48 @@
+# Udf Debugging Java 0.6.17, released 2025-07-31
+
+Code name: security fixes
+
+## Summary
+
+This release fixes the following vulnerabilities:
+
+### CVE-Unknown (CWE-Unknown) in dependency `unknown`
+
+No summary provided.
+
+#### References
+
+
+### CVE-2025-48924 (CWE-674) in dependency `org.apache.commons:commons-lang3:jar:3.16.0:compile`
+
+Uncontrolled Recursion vulnerability in Apache Commons Lang.
+
+This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
+
+The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
+StackOverflowError could cause an application to stop.
+
+Users are recommended to upgrade to version 3.18.0, which fixes the issue.
+
+CVE: CVE-2025-48924
+CWE: CWE-674
+
+#### References
+
+- https://ossindex.sonatype.org/vulnerability/CVE-2025-48924?component-type=maven&component-name=org.apache.commons%2Fcommons-lang3&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-48924
+- https://github.com/advisories/GHSA-j288-q9x7-2f5v
+
+## Security
+
+* #78: CVE-2025-48924
+* #77: Fixed vulnerability CVE-2025-48924 in dependency `org.apache.commons:commons-lang3:jar:3.16.0:compile`
+
+## Dependency Updates
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.3` to `2.0.4`
+* Updated `com.exasol:project-keeper-maven-plugin:5.1.0` to `5.2.3`
+* Added `org.sonatype.central:central-publishing-maven-plugin:0.7.0`
+* Removed `org.sonatype.plugins:nexus-staging-maven-plugin:1.7.0`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index 26ca8c2..b55af02 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
udf-debugging-java-generated-parent
- 0.6.16
+ 0.6.17
pom
UTF-8
@@ -14,17 +14,11 @@
https://sonarcloud.io
true
+ false
+ false
+ validated
+ Manual deployment of repo udf-debugging-java
-
-
- ossrh
- https://oss.sonatype.org/content/repositories/snapshots
-
-
- ossrh
- https://oss.sonatype.org/service/local/staging/deploy/maven2/
-
-
MIT License
@@ -315,25 +309,18 @@
- org.sonatype.plugins
- nexus-staging-maven-plugin
- 1.7.0
+ org.sonatype.central
+ central-publishing-maven-plugin
+ 0.7.0
+ true
- true
- ossrh
- https://oss.sonatype.org/
- 15
- 30
+ maven-central-portal
+
+ ${central-publishing.autoPublish}
+ ${central-publishing.waitUntil}
+ ${central-publishing.deploymentName}
+ ${central-publishing.skipPublishing}
-
-
- default-deploy
- deploy
-
- deploy
-
-
-
org.apache.maven.plugins
@@ -412,7 +399,7 @@
com.exasol
error-code-crawler-maven-plugin
- 2.0.3
+ 2.0.4
verify
diff --git a/pom.xml b/pom.xml
index b55779c..eb5ed0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,8 +1,8 @@
-
+
4.0.0
udf-debugging-java
- 0.6.16
+ 0.6.17
udf-debugging-java
Utilities for debugging, profiling and code coverage measure for UDFs.
https://github.com/exasol/udf-debugging-java/
@@ -57,7 +57,7 @@
org.apache.commons
commons-compress
- 1.27.1
+ 1.28.0
@@ -139,7 +139,7 @@
com.exasol
project-keeper-maven-plugin
- 5.1.0
+ 5.2.3
@@ -168,7 +168,7 @@
CVE-2017-10355
-
+
CVE-2024-55551
@@ -178,7 +178,7 @@
udf-debugging-java-generated-parent
com.exasol
- 0.6.16
+ 0.6.17
pk_generated_parent.pom