[jira] [Resolved] (IGNITE-11765) Vulnerable library H2 Database Engine1.4.197 used

Taras Ledkov (JIRA) Wed, 17 Apr 2019 04:12:03 -0700


     [ 
https://issues.apache.org/jira/browse/IGNITE-11765?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Taras Ledkov resolved IGNITE-11765.
-----------------------------------
    Resolution: Not A Problem

Please take a look at the [discussion on 
devlist|http://apache-ignite-developers.2346864.n4.nabble.com/H2-license-and-vulnerabilities-td40417.html]

> Vulnerable library H2 Database Engine1.4.197 used
> -------------------------------------------------
>
>                 Key: IGNITE-11765
>                 URL: https://issues.apache.org/jira/browse/IGNITE-11765
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.7
>            Reporter: VIJAY BHATT
>            Priority: Major
>
> We use blackduck for scanning our project. It has identified Ignite 2.7.0 
> using H2 Database Engine version 1.4.197 as a vulnerable library having the 
> following 2 vulnerabilities:
> BDSA-2018-1048 (CVE-2018-10054)
> BDSA-2018-2507 (CVE-2018-14335)
> Suggested fix by blackduck is to use version 1.4.198
> We tried using 1.4.198 using jar override but it has some breaking changes.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (IGNITE-11765) Vulnerable library H2 Database Engine1.4.197 used

Reply via email to