ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "VIJAY BHATT (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IGNITE-11765) Vulnerable library H2 Database Engine1.4.197 used
Date Wed, 17 Apr 2019 10:39:00 GMT
VIJAY BHATT created IGNITE-11765:

             Summary: Vulnerable library H2 Database Engine1.4.197 used
                 Key: IGNITE-11765
                 URL: https://issues.apache.org/jira/browse/IGNITE-11765
             Project: Ignite
          Issue Type: Bug
    Affects Versions: 2.7
            Reporter: VIJAY BHATT

We use blackduck for scanning our project. It has identified Ignite 2.7.0 using H2 Database
Engine version 1.4.197 as a vulnerable library having the following 2 vulnerabilities:

BDSA-2018-1048 (CVE-2018-10054)

BDSA-2018-2507 (CVE-2018-14335)

Suggested fix by blackduck is to use version 1.4.198

We tried using 1.4.198 using jar override but it has some breaking changes.

This message was sent by Atlassian JIRA

View raw message