[jira] [Assigned] (FLINK-25785) Update com.h2database:h2 to 2.0.210

Martijn Visser (Jira) Wed, 09 Feb 2022 00:31:41 -0800


     [ 
https://issues.apache.org/jira/browse/FLINK-25785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martijn Visser reassigned FLINK-25785:
--------------------------------------

    Assignee: Martijn Visser

> Update com.h2database:h2 to 2.0.210
> -----------------------------------
>
>                 Key: FLINK-25785
>                 URL: https://issues.apache.org/jira/browse/FLINK-25785
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: Connectors / JDBC
>    Affects Versions: 1.15.0, 1.13.5, 1.14.3
>            Reporter: Martijn Visser
>            Assignee: Martijn Visser
>            Priority: Major
>              Labels: pull-request-available
>
> Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS 
> rebinding attack) are fixed in 2.0.120. Flink is currently on 2.0.206 since 
> https://issues.apache.org/jira/browse/FLINK-25576
> Note: Flink is using this dependency only for testing, so it's not directly 
> impacted by the CVE. We just want to be good citizens and update our 
> dependencies



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Assigned] (FLINK-25785) Update com.h2database:h2 to 2.0.210

Reply via email to