[h2] Re: 2.0.202 and hibernate: boolean field regression?

Fri, 14 Jan 2022 13:36:56 -0800 

To everyone facing the  *Values of types "BOOLEAN" and "INTEGER" are not 
comparable* error message, you can create a class that will override the  
*toBooleanValueString* method as Evgenij suggested :

package com.myCorp;

import org.hibernate.dialect.H2Dialect;

public class H2DialectExtended extends H2Dialect {

    @Override
    public String toBooleanValueString(boolean bool) {
        return bool ? "TRUE" : "FALSE";
    }

}

And load it in your Spring Boot testing application.properties :

spring.jpa.properties.hibernate.dialect=com.myCorp.H2DialectExtended

This way, Hibernate will write :

WHERE myBooleanColumn=TRUE

instead of :

WHERE myBooleanColumn=1

Which will solve the problem as the myBooleanColumn is of type H2 Boolean.
Le lundi 10 janvier 2022 à 10 h 42 min 45 s UTC-5, jeremie...@gmail.com a 
écrit :

> Thanks for your answer.
>
> I know about the vulnerability - I don't even use the console or H2 in 
> production.. but my project has a policy about CVE. This vulnerability is 
> tagged by our CI/CD system and I have to fix it or remove the dependency. I 
> just can't say "it's not exploitable" if the vulnerability scanner tag the 
> cve, the release will not be allowed.
>
>
>
> Le lundi 10 janvier 2022 à 16:25:00 UTC+1, Evgenij Ryazanov a écrit :
>
>> Hello.
>>
>> This vulnerability affects only the H2 Console and it may harm you only 
>> if you run it with -webAllowOthers parameter without additional 
>> protection. You shouldn't do that with any version of H2.
>>
>> https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
>> It doesn't affect H2 Database in any way.
>>
>> H2 since the version 2.0.204 has LEGACY mode, it this mode some (but not 
>> all) wrong commands are allowed, including equality comparisons between 
>> numeric and boolean values. To enable this mode you need to add 
>> ;MODE=LEGACY to JDBC URL.
>>
>

-- 
You received this message because you are subscribed to the Google Groups "H2 
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to h2-database+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/h2-database/404e912a-75b1-4c3f-b14c-54607c67cee7n%40googlegroups.com.

Reply via email to