[jira] [Updated] (CALCITE-5007) Upgrade H2 database version to 2.1.210

Wed, 09 Feb 2022 13:25:05 -0800 


     [ 
https://issues.apache.org/jira/browse/CALCITE-5007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stamatis Zampetakis updated CALCITE-5007:
-----------------------------------------
    Description: 
The 1.4.197 version suffers from multiple CVEs such as:
https://nvd.nist.gov/vuln/detail/CVE-2018-14335
https://nvd.nist.gov/vuln/detail/CVE-2018-10054 
https://nvd.nist.gov/vuln/detail/CVE-2021-42392
https://nvd.nist.gov/vuln/detail/CVE-2022-23221

In the project, we use H2 only for testing purposes thus the H2 binaries are 
not present in the runtime classpath thus these CVEs do not pose a problem for 
Calcite or its users. Nevertheless, it would be good to upgrade to a more 
recent version to avoid Calcite coming up in vulnerability scans due to this. 

  was:
The 1.4.197 version suffers from 
https://nvd.nist.gov/vuln/detail/CVE-2018-10054. 

In the project, we use H2 only for testing purposes thus the H2 binaries are 
not present in the runtime classpath thus CVE-2018-10054 does not pose a 
problem for Calcite or its users. Nevertheless, it would be good to upgrade to 
a more recent version to avoid Calcite coming up in vulnerability scans due to 
this. 


> Upgrade H2 database version to 2.1.210
> --------------------------------------
>
>                 Key: CALCITE-5007
>                 URL: https://issues.apache.org/jira/browse/CALCITE-5007
>             Project: Calcite
>          Issue Type: Task
>            Reporter: Stamatis Zampetakis
>            Assignee: Stamatis Zampetakis
>            Priority: Trivial
>              Labels: pull-request-available
>             Fix For: 1.30.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The 1.4.197 version suffers from multiple CVEs such as:
> https://nvd.nist.gov/vuln/detail/CVE-2018-14335
> https://nvd.nist.gov/vuln/detail/CVE-2018-10054 
> https://nvd.nist.gov/vuln/detail/CVE-2021-42392
> https://nvd.nist.gov/vuln/detail/CVE-2022-23221
> In the project, we use H2 only for testing purposes thus the H2 binaries are 
> not present in the runtime classpath thus these CVEs do not pose a problem 
> for Calcite or its users. Nevertheless, it would be good to upgrade to a more 
> recent version to avoid Calcite coming up in vulnerability scans due to this. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to