ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajesh (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (IGNITE-10801) Upgrade H2 version up to 1.4.199
Date Tue, 22 Oct 2019 09:48:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-10801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16956870#comment-16956870
] 

Rajesh edited comment on IGNITE-10801 at 10/22/19 9:47 AM:
-----------------------------------------------------------

There is a security vulnerability with H2 version 1.4.96.

*H2 1.4.197, allows remote code execution because CREATE ALIAS can execute arbitrary Java
code.*

 Ignite should use the higher version of H2 where these severe security vulnerabilities are
fixed.

[https://www.cvedetails.com/cve/CVE-2018-10054/]


was (Author: rajeshn):
There is a security vulnerability with H2 version 1.4.96.

*H2 1.4.197, allows remote code execution because CREATE ALIAS can execute arbitrary Java
code.*

 Ignite should use the higher version of H2 where these severe security vulnerabilities are
fixed.

> Upgrade H2 version up to 1.4.199
> --------------------------------
>
>                 Key: IGNITE-10801
>                 URL: https://issues.apache.org/jira/browse/IGNITE-10801
>             Project: Ignite
>          Issue Type: Improvement
>          Components: sql
>    Affects Versions: 2.7
>            Reporter: Sergey Antonov
>            Priority: Critical
>              Labels: sql
>             Fix For: 2.8
>
>
> After h2 1.4.199 release we should upgrade h2 version using in AI, because of important
bugs will be fixed there. For example https://github.com/h2database/h2database/issues/1057



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message