[ https://issues.apache.org/jira/browse/NIFI-10748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike R resolved NIFI-10748. --------------------------- Resolution: Won't Fix > Upgrade com.h2database to 2.1.214 > --------------------------------- > > Key: NIFI-10748 > URL: https://issues.apache.org/jira/browse/NIFI-10748 > Project: Apache NiFi > Issue Type: Improvement > Affects Versions: 1.18.0 > Reporter: Mike R > Priority: Major > > There are several versions of com.h2database used in NiFi, with some > instances being 2.1.214, while others are 1.4.200. > There are several CVE in the 1.4.200 program that are resolved in 2.1.214 > that are all high or critical with scores above 8.1: > [CVE-2022-23221|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221] > [CVE-2021-42392|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392] > [CVE-2021-23463|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463] > The last remaining instance is found at: nifi-h2/nifi-h2-database/pom.xml > It looks like the remaining instances of h2 were updated in > [NiFi-9585|[NIFI-9585 Upgraded H2 from 1.4 to 2.1.210 · apache/nifi@bcc8d03 > (github.com)|https://github.com/apache/nifi/commit/bcc8d03314889e7d2d0724390059d0315efe2a34]] > > Here are the release notes for h2 database > http://www.h2database.com/html/changelog.html -- This message was sent by Atlassian Jira (v8.20.10#820010)