Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

because of vulnerability scanning ,H2 version of 1.4.197 , how to upgrade ? #11265

Open
qchen007 opened this issue Mar 5, 2024 · 1 comment
Open

because of vulnerability scanning ,H2 version of 1.4.197 , how to upgrade ? #11265

qchen007 opened this issue Mar 5, 2024 · 1 comment

Comments

@qchen007
Copy link

qchen007 commented Mar 5, 2024

Is there a plan to upgrade to version h2 or other evasion methods, as there is a remote execution vulnerability (CVE-2021-42392) in the latest version of gnite (2.16.0) using h2 (1.4.197)?
@daniverltd
Copy link

The actual vulnerability in this version of H2 is actually in the web console that Ignite disables by default but this fact won't help you with Blackduck and Synk scans. If this is your issue, then exclude the H2 library from the Ignite package if you're not using the SQL features, or switch to the Calcite engine if you are.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daniverltd @qchen007