YAY Scott Cote Senior Application Developer - Java | Electronic Transaction Consultants Corporation (ETC) 1600 N. Collins Boulevard, Suite 4000, Richardson, TX 75080 (o) 469.248.4576 | (c) 972.900.1561 [cid:[email protected]]<https://etcc.com/> [cid:[email protected]] <https://www.linkedin.com/company/etctoll/> [cid:[email protected]] <https://www.youtube.com/channel/UChijFyFc4waNkpsJP52K0xw> [cid:[email protected]] <https://www.facebook.com/ElectronicTransactionConsultants/>
CONFIDENTIALITY NOTICE: The information accompanying this email transmission may contain confidential information that is intended only for the use of the individual or authorized representatives of intended recipient. If you are not the intended recipient or authorized representative, you are hereby notified that any disclosure, copying, distribution or reliance upon the contents of this email is strictly prohibited. If you receive this email in error, please notify the sender immediately by return email and delete message and any attachments from your system. From: Evgenii Zhuravlev <[email protected]> Sent: Tuesday, December 10, 2019 5:22 PM To: [email protected] Subject: Re: H2 version security concern Hi, There are plans to replace H2 with Calcite. You can read more about it on dev list, I've seen several threads regarding this topic there. Evgenii вт, 10 дек. 2019 г. в 13:29, Sobolevsky, Vladik <[email protected]<mailto:[email protected]>>: Hi, It looks like all the recent versions of Apache Ignite ( apache ignite indexing) depends on H2 version 1.4.197. This version has at least 2 CVE’s : https://nvd.nist.gov/vuln/detail/CVE-2018-10054 https://nvd.nist.gov/vuln/detail/CVE-2018-14335 I do understand that not all above CVE’s can be exploited due to a way Ignite uses H2 but still : Is there any plans to upgrade to version that doesn’t has those ? Thank You, Vladik
