ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "steve.hostettler@gmail.com" <steve.hostett...@gmail.com>
Subject H2 license and vulnerabilities
Date Tue, 29 Jan 2019 07:35:19 GMT
Hello,
I am using Apache Ignite in an financial setting and it gets reported as a
high risk because of one of its dependencies : H2

The blackduck report warns the following:
1) The H2 license being weak reciprocal it is not the prefered type of OSS
licenses (e.g., Apache, MIT)
2) There are known vulnerabulities for now more than a year that do not get
fixed:
https://www.cvedetails.com/vulnerability-list/vendor_id-17893/product_id-45580/year-2018/H2database-H2.html

So here are my questions : 
1) is there any plan to swap H2 by another in memory database and if not
what is the view of the community on the above points.
2) Does ignite uses the part of H2 that is vulnerable (disk backup)?

Many thanks in advance



--
Sent from: http://apache-ignite-developers.2346864.n4.nabble.com/

Mime
View raw message