ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "VIJAY BHATT (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IGNITE-11765) Vulnerable library H2 Database Engine1.4.197 used
Date Wed, 17 Apr 2019 10:39:00 GMT
VIJAY BHATT created IGNITE-11765:
------------------------------------

             Summary: Vulnerable library H2 Database Engine1.4.197 used
                 Key: IGNITE-11765
                 URL: https://issues.apache.org/jira/browse/IGNITE-11765
             Project: Ignite
          Issue Type: Bug
    Affects Versions: 2.7
            Reporter: VIJAY BHATT


We use blackduck for scanning our project. It has identified Ignite 2.7.0 using H2 Database
Engine version 1.4.197 as a vulnerable library having the following 2 vulnerabilities:

BDSA-2018-1048 (CVE-2018-10054)

BDSA-2018-2507 (CVE-2018-14335)

Suggested fix by blackduck is to use version 1.4.198

We tried using 1.4.198 using jar override but it has some breaking changes.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message