Alexey Kukushkin created IGNITE-15241:
-----------------------------------------
Summary: Upgrade H2 dependency
Key: IGNITE-15241
URL: https://issues.apache.org/jira/browse/IGNITE-15241
Project: Ignite
Issue Type: Improvement
Components: sql
Affects Versions: 2.10
Reporter: Alexey Kukushkin
Assignee: Alexey Kukushkin
Upgrade H2 dependency of the ignite-indexing module to the latest version
1.4.200.
Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
1.4.197, which has these two [security
vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-17893/product_id-45580/year-2018/H2database-H2.html]
[CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/] is regarded as
a critical vulnerability by our analyzer (Black Duck SCA) and makes it
impossible to use Ignite SQL due to security policies. We realize this
vulnerability is probably not even applicable to the H2 in Ignite since there
is no H2 database or H2 backups in Ignite. Still the security policies are very
formal and do not allow that anyway.
We believe there are lots of other enterprises having the same issue. For
example, there is another issue IGNITE-14381 referencing the same problem.
The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
