[
https://issues.apache.org/jira/browse/IGNITE-15241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin reopened IGNITE-15241:
---------------------------------------
I guess the issue was closed by mistake. I do not see how the H2 pull request
mentioned in the previous comment addresses this problem
> Ignite H2 Security Vulnerabilities
> ----------------------------------
>
> Key: IGNITE-15241
> URL: https://issues.apache.org/jira/browse/IGNITE-15241
> Project: Ignite
> Issue Type: Bug
> Components: sql
> Affects Versions: 2.10
> Reporter: Alexey Kukushkin
> Assignee: Alexey Kukushkin
> Priority: Major
> Labels: cggg
> Original Estimate: 80h
> Remaining Estimate: 80h
>
> Upgrade H2 dependency of the ignite-indexing module to the latest version
> 1.4.200.
> Apache Ignite SQL (module {{ignite-indexing}}) depends on H2 database version
> 1.4.197, which has these two [security
> vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-17893/product_id-45580/year-2018/H2database-H2.html]
> [CVE-2018-14335|https://www.cvedetails.com/cve/CVE-2018-14335/] is regarded
> as a critical vulnerability by our analyzer (Black Duck SCA) and makes it
> impossible to use Ignite SQL due to security policies. We realize this
> vulnerability is probably not even applicable to the H2 in Ignite since there
> is no H2 database or H2 backups in Ignite. Still the security policies are
> very formal and do not allow that anyway.
> We believe there are lots of other enterprises having the same issue. For
> example, there is another issue IGNITE-14381 referencing the same problem.
> The latest H2 1.4.200 has no vulnerabilities.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
