[
https://issues.apache.org/jira/browse/NIFI-10748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike R resolved NIFI-10748.
---------------------------
Resolution: Won't Fix
> Upgrade com.h2database to 2.1.214
> ---------------------------------
>
> Key: NIFI-10748
> URL: https://issues.apache.org/jira/browse/NIFI-10748
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.18.0
> Reporter: Mike R
> Priority: Major
>
> There are several versions of com.h2database used in NiFi, with some
> instances being 2.1.214, while others are 1.4.200.
> There are several CVE in the 1.4.200 program that are resolved in 2.1.214
> that are all high or critical with scores above 8.1:
> [CVE-2022-23221|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221]
> [CVE-2021-42392|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392]
> [CVE-2021-23463|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463]
> The last remaining instance is found at: nifi-h2/nifi-h2-database/pom.xml
> It looks like the remaining instances of h2 were updated in
> [NiFi-9585|[NIFI-9585 Upgraded H2 from 1.4 to 2.1.210 · apache/nifi@bcc8d03
> (github.com)|https://github.com/apache/nifi/commit/bcc8d03314889e7d2d0724390059d0315efe2a34]]
>
> Here are the release notes for h2 database
> http://www.h2database.com/html/changelog.html
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
