Hello. These alerts are invalid from my point of view. DB administrator in H2 has full access to JVM, and JVM has access to operating system. This is by design. You should never give ADMIN permission to untrusted users or applications, regular users with necessary grants should be used instead. Web or TCP servers should be either guarded by security permissions or firewall properly or be configured to forbid creation of new databases.
Some software provide embedded H2 with different own unsafe configurations that provide administrative access to anyone. I do not understand how new release of H2 will help you in that situation. CREATE ALIAS still may be used to execute any code, and BACKUP function still may be used to write backup to any specified location. H2 does not have LTS releases. -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
