[ https://issues.apache.org/jira/browse/IGNITE-11765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16968299#comment-16968299 ]
Andrey Mashenkov commented on IGNITE-11765: ------------------------------------------- This ticket was closed as the issue doesn't affect Ignite. See discussion on dev-list for details. > Vulnerable library H2 Database Engine1.4.197 used > ------------------------------------------------- > > Key: IGNITE-11765 > URL: https://issues.apache.org/jira/browse/IGNITE-11765 > Project: Ignite > Issue Type: Bug > Affects Versions: 2.7 > Reporter: VIJAY BHATT > Priority: Major > > We use blackduck for scanning our project. It has identified Ignite 2.7.0 > using H2 Database Engine version 1.4.197 as a vulnerable library having the > following 2 vulnerabilities: > BDSA-2018-1048 (CVE-2018-10054) > BDSA-2018-2507 (CVE-2018-14335) > Suggested fix by blackduck is to use version 1.4.198 > We tried using 1.4.198 using jar override but it has some breaking changes. -- This message was sent by Atlassian Jira (v8.3.4#803005)