Hello. You don't need any mitigations if you use H2 correctly. If you use H2 Console, it must be either not available from external network (by default only connections from localhost are accepted), or it must be protected in some other way, a possible way is described in documentation and advisory. If you don't use it, you shouldn't start it within your application. H2 database by itself is not affected by this vulnerability, only the H2 Console is.
This option can also be used to prevent all attempts to use data sources in H2 Console, but you need to protect it anyway. This is a tool for developers, it shouldn't be available for unauthorized or untrusted users. -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/h2-database/691d2ff3-a787-46b0-82df-2e415620b76en%40googlegroups.com.
