[jira] [Closed] (CALCITE-5007) Upgrade H2 database version to 2.1.210

Liya Fan (Jira) Sat, 19 Mar 2022 02:16:07 -0700


     [ 
https://issues.apache.org/jira/browse/CALCITE-5007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Liya Fan closed CALCITE-5007.
-----------------------------

Resolved in release 1.30.0 (2022-03-20)

> Upgrade H2 database version to 2.1.210
> --------------------------------------
>
>                 Key: CALCITE-5007
>                 URL: https://issues.apache.org/jira/browse/CALCITE-5007
>             Project: Calcite
>          Issue Type: Task
>            Reporter: Stamatis Zampetakis
>            Assignee: Stamatis Zampetakis
>            Priority: Trivial
>              Labels: pull-request-available
>             Fix For: 1.30.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The 1.4.197 version suffers from multiple CVEs such as:
> https://nvd.nist.gov/vuln/detail/CVE-2018-14335
> https://nvd.nist.gov/vuln/detail/CVE-2018-10054 
> https://nvd.nist.gov/vuln/detail/CVE-2021-42392
> https://nvd.nist.gov/vuln/detail/CVE-2022-23221
> In the project, we use H2 only for testing purposes thus the H2 binaries are 
> not present in the runtime classpath thus these CVEs do not pose a problem 
> for Calcite or its users. Nevertheless, it would be good to upgrade to a more 
> recent version to avoid Calcite coming up in vulnerability scans due to this. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (CALCITE-5007) Upgrade H2 database version to 2.1.210

Reply via email to