[skywalking] 01/01: Fix CVE-2022-23221

Sat, 22 Jan 2022 03:20:16 -0800 

This is an automated email from the ASF dual-hosted git repository.

hanahmily pushed a commit to branch cve-h2
in repository https://gitbox.apache.org/repos/asf/skywalking.git

commit 646cc6a5faaeffce8bec27a8ac7c28f795e0de12
Author: Gao Hongtao <[email protected]>
AuthorDate: Sat Jan 22 11:18:50 2022 +0000

    Fix CVE-2022-23221
    
    H2 Console before 2.1.210 allows remote attackers to execute arbitrary code 
via a jdbc:h2:mem JDBC URL containing the 
IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring
    
    Signed-off-by: Gao Hongtao <[email protected]>
---
 CHANGES.md                            | 1 +
 oap-server-bom/pom.xml                | 2 +-
 test/e2e-v2/java-test-service/pom.xml | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index d0b9722..f2a3b5c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -36,6 +36,7 @@ Release Notes.
 * Bump up GraphQL related dependencies to latest versions.
 * Add `normal` to V9 service meta query.
 * Support `scope=ALL` catalog for metrics.
+* Fix CVE-2022-23221. H2 Console before 2.1.210 allows remote attackers to 
execute arbitrary code via a jdbc:h2:mem JDBC URL containing the 
IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring.
 
 #### UI
 
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 42fe2eb..eb305ce 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -35,7 +35,7 @@
         
<graphql-java-extended-scalars.version>17.0</graphql-java-extended-scalars.version>
         <okhttp.version>3.14.9</okhttp.version>
         <httpclient.version>4.5.13</httpclient.version>
-        <h2.version>2.0.206</h2.version>
+        <h2.version>2.1.210</h2.version>
         <joda-time.version>2.10.5</joda-time.version>
         <zookeeper.version>3.5.7</zookeeper.version>
         <guava.version>28.1-jre</guava.version>
diff --git a/test/e2e-v2/java-test-service/pom.xml 
b/test/e2e-v2/java-test-service/pom.xml
index 1a3784e..9cb9819 100644
--- a/test/e2e-v2/java-test-service/pom.xml
+++ b/test/e2e-v2/java-test-service/pom.xml
@@ -48,7 +48,7 @@
         <jupeter.version>5.6.0</jupeter.version>
         <jackson.version>2.9.7</jackson.version>
         <guava.version>30.1.1-jre</guava.version>
-        <h2.version>2.0.202</h2.version>
+        <h2.version>2.1.210</h2.version>
         <mysql.version>8.0.13</mysql.version>
         <lombok.version>1.18.20</lombok.version>
         <kafka-clients.version>2.4.1</kafka-clients.version>

Reply via email to