[jira] [Commented] (JCR-4756) Update h2db dependency to 2.0.206

Federico Grilli (Jira) Wed, 09 Feb 2022 01:33:05 -0800


    [ 
https://issues.apache.org/jira/browse/JCR-4756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489400#comment-17489400
 ]


Federico Grilli commented on JCR-4756:
--------------------------------------

Speaking of h2 vulnerabilities, apparently versions before 2.1.210 are affected 
by a couple of other vulnerabilities. Do you plan to update to 2.1.210+? 
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221]
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392]   

> Update h2db dependency to 2.0.206
> ---------------------------------
>
>                 Key: JCR-4756
>                 URL: https://issues.apache.org/jira/browse/JCR-4756
>             Project: Jackrabbit Content Repository
>          Issue Type: Task
>          Components: core
>            Reporter: Julian Reschke
>            Assignee: Julian Reschke
>            Priority: Minor
>              Labels: candidate_jcr_2_20
>             Fix For: 2.22, 2.21.10
>
>




--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (JCR-4756) Update h2db dependency to 2.0.206

Reply via email to