[jira] [Commented] (IGNITE-11765) Vulnerable library H2 Database Engine1.4.197 used

Andrey Mashenkov (Jira) Wed, 06 Nov 2019 03:56:52 -0800


    [ 
https://issues.apache.org/jira/browse/IGNITE-11765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16968299#comment-16968299
 ]


Andrey Mashenkov commented on IGNITE-11765:
-------------------------------------------

This ticket was closed as the issue doesn't affect Ignite.
See discussion on dev-list  for details.

> Vulnerable library H2 Database Engine1.4.197 used
> -------------------------------------------------
>
>                 Key: IGNITE-11765
>                 URL: https://issues.apache.org/jira/browse/IGNITE-11765
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.7
>            Reporter: VIJAY BHATT
>            Priority: Major
>
> We use blackduck for scanning our project. It has identified Ignite 2.7.0 
> using H2 Database Engine version 1.4.197 as a vulnerable library having the 
> following 2 vulnerabilities:
> BDSA-2018-1048 (CVE-2018-10054)
> BDSA-2018-2507 (CVE-2018-14335)
> Suggested fix by blackduck is to use version 1.4.198
> We tried using 1.4.198 using jar override but it has some breaking changes.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (IGNITE-11765) Vulnerable library H2 Database Engine1.4.197 used

Reply via email to