Exasol-python-test-framework

Exasol Python Test Framework 0.6.1, released 2024-07-31

Code name: Hotfix for 'query_via_exaplus'

Summary

This release fixes the test function 'query_via_exaplus' which does not work with custom certificates. The function now ignores TLS certificates.

Exasol Python Test Framework 0.6.0, released 2024-07-08

Code name: Configure TLS certificate validation

Summary

This release adds a CLI option controlling parameter `SSLCERTIFICATE` in file `odbc.ini`.

Starting with version `0.6.0`, EPTF is also available on pypi.

Additionally, the release fixes vulnerabilities by updating dependencies:
* CVE-2024-35195 in dependency `requests` in versions < `2.32.0` caused by requests `Session` object not verifying requests after making first request with `verify=False`
* CVE-2024-37891 in transitive dependency via `boto3` to `urllib3` in versions < `2.2.2` caused by proxy-authorization request header not to be stripped during cross-origin redirects as no update of notebook-connector is available, yet.
* GHSA-w235-7p84-xx57 in transitive dependency via `luigi` to `tornado` in versions < `6.4.1` enabling CRLF injection in `CurlAsyncHTTPClient` headers.
* GHSA-753j-mpmx-qq6g in transitive dependency via `luigi` to `tornado` in versions < `6.4.1` due to inconsistent interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

However, the release ignores the following vulnerabilities
* GHSA-753j-mpmx-qq6g in dependency `configobj` in versions &le; `5.0.8` being ReDoS exploitable by developers using values in a server-side configuration file as SLCT is used only client side and a patched version is not available, yet.

Security Fixes

* 70: Fixed vulnerabilities by updating dependencies.

Features

* 66: Added CLI option controlling parameter `SSLCERTIFICATE` in file `odbc.ini`.

Refactorings

* 67: Enabled publication on pypi

Summary

This release fixes a bug when using the newer Exasol ODBC drivers.

Features

n/a

Bugs

- 63: Ignored TLS certificates for tests

Documentation

n/a

Refactoring

n/a

Security

n/a

Dependency updates

Compile Dependency Updates

Summary

This release updates the minimal Python version to 3.10. Also it adds a mechanism to read the environment info from the test container.

Features

- 59: Implemented a mechanism to read the environment info from the test container

Bugs

n/a

Documentation

n/a

Refactoring

- 56: Updated to Python 3.10

Security

⚠️ Attention ⚠️

Security vulnerabilities have been addressed, hence we advise users of
our library to update and check the security of their own dependency tree.
E.g. by using a vulnerability scanner like [trivy](https://aquasecurity.github.io/trivy/v0.17.2/).

* Updated dependencies to address security issue (internal: poetry.lock)
* CVE-2022-23491
* CVE-2022-40897
* CVE-2022-24439

Dependency updates

Compile Dependency Updates

Refactoring

- 37: Update minimal python version to 3.8

Security

- 30: Fix CVE 2021 32559 URLLib3

Dependency updates

Compile Dependency Updates

Refactoring

- 19: Change numpy and scipy versions

Security
- 15: Update URLLib3

Dependency updates

Compile Dependency Updates

* Updated `python >=3.6,<4`
* Numpy `=1.19.5`
* Scipy `>=1.2.1`