From 50c9a9e4adce074725be79b482593e3358526cd6 Mon Sep 17 00:00:00 2001
From: Automatic Dependency Updater <opensource@exasol.com>
Date: Fri, 21 Mar 2025 02:30:00 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=90=20Update=20dependencies=20to=20fix?=
 =?UTF-8?q?=20vulnerabilities?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 dependencies.md               |  4 ++--
 doc/changes/changelog.md      |  1 +
 doc/changes/changes_0.6.16.md | 36 +++++++++++++++++++++++++++++++++++
 pk_generated_parent.pom       |  2 +-
 pom.xml                       | 16 ++++++++--------
 5 files changed, 48 insertions(+), 11 deletions(-)
 create mode 100644 doc/changes/changes_0.6.16.md

diff --git a/dependencies.md b/dependencies.md
index 8e4a0e0..71e76c2 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -11,7 +11,7 @@
 | [BucketFS Java][7]                      | [MIT License][8]                                                                                             |
 | [exasol-test-setup-abstraction-java][9] | [MIT License][10]                                                                                            |
 | [Apache Commons Compress][11]           | [Apache-2.0][12]                                                                                             |
-| [SLF4J JDK14 Provider][13]              | [MIT License][14]                                                                                            |
+| [SLF4J JDK14 Provider][13]              | [MIT][14]                                                                                                    |
 
 ## Test Dependencies
 
@@ -77,7 +77,7 @@
 [11]: https://commons.apache.org/proper/commons-compress/
 [12]: https://www.apache.org/licenses/LICENSE-2.0.txt
 [13]: http://www.slf4j.org
-[14]: http://www.opensource.org/licenses/mit-license.php
+[14]: https://opensource.org/license/mit
 [15]: https://junit.org/junit5/
 [16]: https://www.eclipse.org/legal/epl-v20.html
 [17]: https://github.com/mockito/mockito
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index c34054b..39e84a8 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
 # Changes
 
+* [0.6.16](changes_0.6.16.md)
 * [0.6.15](changes_0.6.15.md)
 * [0.6.14](changes_0.6.14.md)
 * [0.6.13](changes_0.6.13.md)
diff --git a/doc/changes/changes_0.6.16.md b/doc/changes/changes_0.6.16.md
new file mode 100644
index 0000000..d41e124
--- /dev/null
+++ b/doc/changes/changes_0.6.16.md
@@ -0,0 +1,36 @@
+# Udf Debugging Java 0.6.16, released 2025-??-??
+
+Code name: Fixed vulnerability CVE-2024-55551 in com.exasol:exasol-jdbc:jar:24.2.1:provided
+
+## Summary
+
+This release fixes the following vulnerability:
+
+### CVE-2024-55551 (CWE-94) in dependency `com.exasol:exasol-jdbc:jar:24.2.1:provided`
+An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution vulnerability.
+#### References
+* https://ossindex.sonatype.org/vulnerability/CVE-2024-55551?component-type=maven&component-name=com.exasol%2Fexasol-jdbc&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-55551
+* https://gist.github.com/azraelxuemo/9565ec9219e0c3e9afd5474904c39d0f
+
+## Security
+
+* #74: Fixed vulnerability CVE-2024-55551 in dependency `com.exasol:exasol-jdbc:jar:24.2.1:provided`
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `org.slf4j:slf4j-jdk14:2.0.16` to `2.0.17`
+
+### Test Dependency Updates
+
+* Updated `com.exasol:exasol-testcontainers:7.1.3` to `7.1.4`
+* Updated `org.junit.jupiter:junit-jupiter-engine:5.11.4` to `5.12.1`
+* Updated `org.junit.jupiter:junit-jupiter-params:5.11.4` to `5.12.1`
+* Updated `org.mockito:mockito-junit-jupiter:5.15.2` to `5.16.1`
+* Updated `org.testcontainers:junit-jupiter:1.20.4` to `1.20.6`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:project-keeper-maven-plugin:4.5.0` to `5.0.0`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index b7e005e..3aa35c4 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.exasol</groupId>
     <artifactId>udf-debugging-java-generated-parent</artifactId>
-    <version>0.6.15</version>
+    <version>0.6.16</version>
     <packaging>pom</packaging>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/pom.xml b/pom.xml
index 07c4024..82a7d19 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,12 +2,12 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>udf-debugging-java</artifactId>
-    <version>0.6.15</version>
+    <version>0.6.16</version>
     <name>udf-debugging-java</name>
     <description>Utilities for debugging, profiling and code coverage measure for UDFs.</description>
     <url>https://github.com/exasol/udf-debugging-java/</url>
     <properties>
-        <junit.version>5.11.4</junit.version>
+        <junit.version>5.12.1</junit.version>
         <jacoco.version>0.8.12</jacoco.version>
     </properties>
     <dependencies>
@@ -75,7 +75,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-junit-jupiter</artifactId>
-            <version>5.15.2</version>
+            <version>5.16.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -88,13 +88,13 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>exasol-testcontainers</artifactId>
-            <version>7.1.3</version>
+            <version>7.1.4</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>1.20.4</version>
+            <version>1.20.6</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -113,7 +113,7 @@
             <!-- Enable log output for integration tests -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-jdk14</artifactId>
-            <version>2.0.16</version>
+            <version>2.0.17</version>
         </dependency>
     </dependencies>
     <build>
@@ -139,7 +139,7 @@
             <plugin>
                 <groupId>com.exasol</groupId>
                 <artifactId>project-keeper-maven-plugin</artifactId>
-                <version>4.5.0</version>
+                <version>5.0.0</version>
                 <executions>
                     <execution>
                         <goals>
@@ -176,7 +176,7 @@
     <parent>
         <artifactId>udf-debugging-java-generated-parent</artifactId>
         <groupId>com.exasol</groupId>
-        <version>0.6.15</version>
+        <version>0.6.16</version>
         <relativePath>pk_generated_parent.pom</relativePath>
     </parent>
 </project>