ignite icon indicating copy to clipboard operation
ignite copied to clipboard
verified publisher icon apache

because of vulnerability scanning ,H2 version of 1.4.197 , how to upgrade ?

Open qchen007 opened this issue 1 year ago • 1 comments

Is there a plan to upgrade to version h2 or other evasion methods, as there is a remote execution vulnerability (CVE-2021-42392) in the latest version of gnite (2.16.0) using h2 (1.4.197)?

qchen007 avatar Mar 05 '24 08:03 qchen007

The actual vulnerability in this version of H2 is actually in the web console that Ignite disables by default but this fact won't help you with Blackduck and Synk scans. If this is your issue, then exclude the H2 library from the Ignite package if you're not using the SQL features, or switch to the Calcite engine if you are.

daniverltd avatar Mar 10 '24 15:03 daniverltd