Chore(JDBC): fix jdbc demo vulnerabilities

[sheyanjie-qq]

Description

fix jdbc demo vulnerabilities

Issue(s)

• Closes:
• https://project.feishu.cn/taosdata_td/defect/detail/6769701722
• https://project.feishu.cn/taosdata_td/defect/detail/6769703621
• https://project.feishu.cn/taosdata_td/defect/detail/6769622333
• https://project.feishu.cn/taosdata_td/defect/detail/6769660096
• https://project.feishu.cn/taosdata_td/defect/detail/6769414905
• https://project.feishu.cn/taosdata_td/defect/detail/6769444164
• https://project.feishu.cn/taosdata_td/defect/detail/6769452200
• https://project.feishu.cn/taosdata_td/defect/detail/6767732261
• https://project.feishu.cn/taosdata_td/defect/detail/6769417781
• https://project.feishu.cn/taosdata_td/defect/detail/6713473789
• https://project.feishu.cn/taosdata_td/defect/detail/6713502070
• https://project.feishu.cn/taosdata_td/defect/detail/6713233913
• https://project.feishu.cn/taosdata_td/defect/detail/6713577199

Checklist

Please check the items in the checklist if applicable.

• Is the user manual updated?
• Are the test cases passed and automated?
• Is there no significant decrease in test coverage?

[gemini-code-assist]

Summary of Changes

Hello @sheyanjie-qq, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request modernizes and secures the existing JDBC examples by upgrading their Java versions and associated library dependencies. It also introduces a new AI guidance document for code assistants and enhances the MyBatis-Plus example with a performance-optimized batch writer. These changes aim to improve the overall reliability, security, and developer experience for users working with TDengine's JDBC connectors.

Highlights

• Java Version Upgrade: The JDBC examples have been upgraded to use Java 17, moving away from Java 8, which involves updating pom.xml files across multiple example projects to reflect the new compiler source and target versions.
• Dependency Updates: Numerous Java library dependencies across the JDBC examples have been updated to their latest versions. This includes Spring Framework, JUnit, Druid, HikariCP, Log4j, Fastjson2, Commons CLI, and LZ4, addressing potential vulnerabilities and improving compatibility.
• New AI Guidance Document: A new CLAUDE.md file has been added to the repository, providing comprehensive guidance for Claude Code (claude.ai/code) on the repository's architecture, build system, testing procedures, and development workflow.
• MyBatis-Plus Example Enhancement: The mybatisplus-demo example has been significantly refactored and enhanced. This includes the introduction of a CachedBatchWriter for improved batch insert performance, along with new service interfaces and implementations.
• Documentation and Test Coverage: The documentation for Java connectors has been updated to clearly distinguish between JDK17 and JDK8 examples. Additionally, new test files have been added for the springbootdemo and mybatisplus-demo to ensure the correctness and stability of the updated examples and new features.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• CLAUDE.md
  • Added new file providing guidance for Claude Code on repository structure, build, and development.
• docs/en/14-reference/05-connector/14-java.md
  • Updated JDBC example links to differentiate between JDK17 and JDK8 versions.
• docs/examples/JDBC/JDBCDemo/pom.xml
  • Updated Java version from 1.8 to 17.
  • Updated jts-core dependency from 1.19.0 to 1.20.0.
  • Updated maven-compiler-plugin version and source/target to 17.
• docs/examples/JDBC/JDBCDemo/src/main/java/com/taosdata/example/JdbcDemo.java
  • Removed unused import com.sun.org.apache.bcel.internal.generic.ACONST_NULL.
• docs/examples/JDBC/SpringJdbcTemplate/pom.xml
  • Updated Java version from 1.8 to 17.
  • Updated Spring dependencies (spring-context, spring-jdbc, spring-test) from 5.3.39 to 6.1.20.
  • Added spring-core dependency version 6.2.11.
  • Updated JUnit from 4.13.1 to 4.13.2.
  • Updated maven-compiler-plugin and maven-assembly-plugin versions and Java source/target.
• docs/examples/JDBC/connectionPools/pom.xml
  • Updated Java version from 1.8 to 17.
  • Updated druid from 1.1.17 to 1.2.23.
  • Updated HikariCP from 3.2.0 to 5.1.0.
  • Replaced commons-pool and commons-dbcp with commons-dbcp2 version 2.12.0.
  • Updated c3p0 from 0.9.5.4 to 0.10.1.
  • Updated log4j-core from 2.17.1 to 2.25.3.
• docs/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/pool/DbcpBuilder.java
  • Changed import from org.apache.commons.dbcp.BasicDataSource to org.apache.commons.dbcp2.BasicDataSource.
  • Changed setMaxActive to setMaxTotal for BasicDataSource configuration.
• docs/examples/JDBC/consumer-demo/pom.xml
  • Updated Java version from 8 to 17.
  • Updated maven-compiler-plugin version and source/target to 17.
• docs/examples/JDBC/highvolume/pom.xml
  • Updated Java version from 1.8 to 17.
  • Updated commons-cli from 1.4 to 1.9.0.
  • Added exclusion for lz4-java in kafka-clients and added at.yawk.lz4:lz4-java version 1.10.3.
  • Updated slf4j-api from 1.7.25 to 2.0.16.
  • Updated logback-classic from 1.2.13 to 1.5.25.
  • Updated maven-compiler-plugin version and source/target to 17.
• docs/examples/JDBC/mybatisplus-demo/pom.xml
  • Updated Spring Boot parent version from 2.7.18 to 3.5.5.
  • Updated Java version from 1.8 to 17.
  • Added properties for logback.version, netty.version, tomcat.version, spring-framework.version.
  • Updated mybatis-plus-bom from 3.5.10.1 to 3.5.7.
  • Removed logback-classic and logback-core dependencies.
  • Removed snakeyaml version.
  • Removed mybatis-plus-jsqlparser-4.9 and added mybatis-spring version 3.0.4.
  • Removed h2 version.
  • Updated druid from 1.1.17 to 1.2.23.
  • Updated Tomcat embed dependencies from 9.x to 10.1.47.
  • Updated JUnit from 4.13.1 to 4.13.2.
  • Added exclusion for junit-vintage-engine in spring-boot-starter-test.
  • Added maven-compiler-plugin version 3.14.0 and configured source/target to 17.
  • Updated maven-surefire-plugin from 2.17 to 3.5.2 and added surefire-junit4 dependency.
• docs/examples/JDBC/mybatisplus-demo/runtime-deps.txt
  • Added new file listing runtime dependencies.
• docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/config/DruidConfig.java
  • Added new file for Druid connection pool configuration.
• docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/config/MybatisPlusConfig.java
  • Removed @MapperScan annotation.
• docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/mapper/MetersMapper.java
  • Removed unused imports (Param, BatchResult, List).
• docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/mapper/TemperatureMapper.java
  • Removed unused import (Param).
• docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/provider/CachedBatchWriter.java
  • Added new file implementing a cached PreparedStatement batch writer for performance optimization.
• docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/service/MetersService.java
  • Added new service interface for Meters entity.
• docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/service/impl/MetersServiceImpl.java
  • Added new service implementation for Meters entity.
• docs/examples/JDBC/mybatisplus-demo/src/main/resources/application.yml
  • Updated Druid connection pool initial-size from 5 to 10 and max-active from 5 to 50.
  • Added mybatis-plus.mapper-locations property.
• docs/examples/JDBC/mybatisplus-demo/src/main/resources/mapper/MetersMapper.xml
  • Added new MyBatis mapper XML for Meters.
• docs/examples/JDBC/mybatisplus-demo/src/test/java/com/taosdata/example/mybatisplusdemo/mapper/MetersMapperTest.java
  • Removed unused imports and simplified test methods.
  • Removed testInsertBatch method.
• docs/examples/JDBC/mybatisplus-demo/src/test/java/com/taosdata/example/mybatisplusdemo/provider/CachedBatchWriterTest.java
  • Added new test file for the CachedBatchWriter.
• docs/examples/JDBC/springbootdemo/pom.xml
  • Updated Spring Boot parent version from 2.7.18 to 3.5.5.
  • Updated Java version from 1.8 to 17.
  • Added properties for logback.version, netty.version, tomcat.version, spring-framework.version.
  • Removed logback-classic, logback-core, snakeyaml dependencies.
  • Removed Tomcat embed exclusions and dependencies.
  • Updated mybatis-spring-boot-starter from 2.3.2 to 3.0.4.
  • Updated JUnit from 4.13.1 to 4.13.2.
  • Updated druid-spring-boot-starter from 1.1.17 to 1.2.23.
  • Added maven-compiler-plugin version 3.14.0 and configured source/target to 17.
  • Added maven-surefire-plugin version 3.5.2 and configured with surefire-junit4 dependency.
• docs/examples/JDBC/springbootdemo/src/main/java/com/taosdata/example/springbootdemo/dao/WeatherMapper.xml
  • Added createTable update statement.
• docs/examples/JDBC/springbootdemo/src/main/java/com/taosdata/example/springbootdemo/service/WeatherService.java
  • Added weather.setTs(new Timestamp(System.currentTimeMillis())); in the save method.
• docs/examples/JDBC/springbootdemo/src/main/resources/application.properties
  • Updated mybatis.mapper-locations path.
• docs/examples/JDBC/springbootdemo/src/test/java/com/taosdata/example/springbootdemo/dao/WeatherMapperTest.java
  • Added new test file for WeatherMapper.
• docs/examples/JDBC/springbootdemo/src/test/java/com/taosdata/example/springbootdemo/service/WeatherServiceTest.java
  • Added new test file for WeatherService.
• docs/examples/JDBC/taosdemo/pom.xml
  • Updated Spring version from 5.3.39 to 6.2.11.
  • Updated HikariCP from 3.4.5 to 5.1.0.
  • Replaced fastjson with fastjson2 version 2.0.54.
  • Updated log4j-core from 2.17.2 to 2.25.3.
  • Updated JUnit from 4.13.1 to 4.13.2.
  • Updated Lombok from 1.18.16 to 1.18.36.
  • Updated maven-compiler-plugin source/target to 17.
  • Updated maven-assembly-plugin from 3.1.0 to 3.7.1.
• docs/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/components/JsonConfig.java
  • Changed import from com.alibaba.fastjson.JSONObject to com.alibaba.fastjson2.JSONObject.
• docs/examples/java/pom.xml
  • Updated taos-jdbcdriver from 3.8.0 to 3.8.1.
• docs/zh/14-reference/05-connector/14-java.mdx
  • Updated JDBC example links to differentiate between JDK17 and JDK8 versions.

Activity

• The pull request was created by sheyanjie-qq with the stated goal of fixing JDBC demo vulnerabilities.
• Multiple pom.xml files across various JDBC examples have been modified to upgrade Java versions from 8 to 17 and update numerous dependencies to their latest versions.
• A new CLAUDE.md file has been introduced, indicating an initiative to provide AI-assisted development guidance for the repository.
• The mybatisplus-demo example received significant updates, including new configuration, service, and provider files, along with a new CachedBatchWriter for performance.
• New test files (WeatherMapperTest.java, WeatherServiceTest.java, CachedBatchWriterTest.java) were added to validate the updated examples and the new batch writing functionality.
• Documentation files for Java connectors in both English and Chinese were updated to reflect the new JDK17 examples and provide links to JDK8 versions.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request primarily focuses on upgrading Java-based JDBC examples to support JDK 17 and Spring Boot 3, involving extensive dependency updates across multiple pom.xml files. Key changes include updating java.version, maven.compiler.source, and maven.compiler.target to 17, along with upgrading various Spring, MyBatis-Plus, connection pool (Druid, HikariCP, DBCP), logging (Log4j, Logback), and other utility library versions. The CLAUDE.md file was added to provide comprehensive guidance for Claude Code on the repository's build system, architecture, and development workflow, though it includes a personal JDK note that should be removed. A new CachedBatchWriter component was introduced in the mybatisplus-demo for high-performance batch writes, but its PreparedStatement caching strategy is flagged as potentially problematic for dynamic SQL and connection management. Additionally, a generated runtime-deps.txt file was added, which should be removed from version control. Review comments highlight issues such as invalid Spring Boot parent versions, incorrect Jakarta EE imports, version mismatches in Spring dependencies, an unexplained downgrade of mybatis-plus-bom, and silent exception handling in the CachedBatchWriter's cleanup logic.

[Copilot]

Pull request overview

This PR addresses security vulnerabilities in JDBC demo applications by upgrading to modern, secure dependency versions and migrating from Java 8 to Java 17. The changes include upgrading Spring Boot from 2.7.x to 3.5.5, replacing vulnerable fastjson with fastjson2, updating connection pools, logging frameworks, and other dependencies to their latest secure versions. New comprehensive test coverage has been added for springbootdemo and mybatisplus-demo modules, and a new CachedBatchWriter utility class has been introduced for high-performance batch operations.

Changes:

• Upgraded all JDBC example projects from Java 8 to Java 17
• Updated Spring Boot to 3.5.5 and Spring Framework to 6.x across all examples
• Replaced fastjson (vulnerable) with fastjson2 for security
• Updated critical dependencies: HikariCP (5.1.0), log4j (2.25.3), Druid (1.2.23), junit (4.13.2), and others
• Added comprehensive test suites for springbootdemo and mybatisplus-demo
• Introduced CachedBatchWriter for optimized batch insertions

Reviewed changes

Copilot reviewed 31 out of 31 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
docs/zh/14-reference/05-connector/14-java.mdx	Updated documentation to reference JDK17 and JDK8 examples separately
docs/en/14-reference/05-connector/14-java.md	Updated English documentation with example references
docs/examples/java/pom.xml	Updated taos-jdbcdriver to 3.8.1
docs/examples/JDBC/taosdemo/pom.xml	Upgraded to Spring 6.2.11, HikariCP 5.1.0, fastjson2 2.0.54, log4j 2.25.3, and Java 17
docs/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/components/JsonConfig.java	Migrated from fastjson to fastjson2
docs/examples/JDBC/springbootdemo/pom.xml	Upgraded to Spring Boot 3.5.5, mybatis-spring-boot-starter 3.0.4, Druid 1.2.23, and Java 17
docs/examples/JDBC/springbootdemo/src/main/java/com/taosdata/example/springbootdemo/service/WeatherService.java	Fixed missing timestamp in save() method
docs/examples/JDBC/springbootdemo/src/main/java/com/taosdata/example/springbootdemo/dao/WeatherMapper.xml	Added createTable method for proper table creation
docs/examples/JDBC/springbootdemo/src/main/resources/application.properties	Fixed mybatis mapper location configuration
docs/examples/JDBC/springbootdemo/src/test/*	Added comprehensive test coverage for WeatherService and WeatherMapper
docs/examples/JDBC/mybatisplus-demo/pom.xml	Upgraded to Spring Boot 3.5.5, mybatis-plus 3.5.7, Druid 1.2.23, and Java 17
docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/provider/CachedBatchWriter.java	New utility class for high-performance cached batch writes
docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/config/DruidConfig.java	Added explicit Druid DataSource configuration
docs/examples/JDBC/mybatisplus-demo/src/main/java/com/taosdata/example/mybatisplusdemo/config/MybatisPlusConfig.java	Removed redundant @MapperScan annotation
docs/examples/JDBC/mybatisplus-demo/src/main/resources/application.yml	Updated Druid pool configuration and added mapper locations
docs/examples/JDBC/mybatisplus-demo/src/main/resources/mapper/MetersMapper.xml	Added mapper XML file with documentation
docs/examples/JDBC/mybatisplus-demo/src/test/*	Added test coverage for CachedBatchWriter and MetersMapper
docs/examples/JDBC/highvolume/pom.xml	Upgraded to Java 17, replaced lz4-java dependency, updated commons-cli and logback
docs/examples/JDBC/consumer-demo/pom.xml	Upgraded to Java 17
docs/examples/JDBC/connectionPools/pom.xml	Upgraded to Java 17, commons-dbcp2 2.12.0, HikariCP 5.1.0, Druid 1.2.23, c3p0 0.10.1, log4j 2.25.3
docs/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/pool/DbcpBuilder.java	Updated to use commons-dbcp2 API (setMaxTotal instead of setMaxActive)
docs/examples/JDBC/SpringJdbcTemplate/pom.xml	Upgraded to Java 17, Spring 6.x, and junit 4.13.2
docs/examples/JDBC/JDBCDemo/pom.xml	Upgraded to Java 17 and jts-core 1.20.0
docs/examples/JDBC/JDBCDemo/src/main/java/com/taosdata/example/JdbcDemo.java	Removed unused import
CLAUDE.md	Added project documentation for AI assistance

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.