ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexey Goncharuk (Jira)" <j...@apache.org>
Subject [jira] [Updated] (IGNITE-11765) Vulnerable library H2 Database Engine1.4.197 used
Date Wed, 06 Nov 2019 12:34:00 GMT

     [ https://issues.apache.org/jira/browse/IGNITE-11765?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alexey Goncharuk updated IGNITE-11765:
--------------------------------------
    Ignite Flags:   (was: Docs Required)

> Vulnerable library H2 Database Engine1.4.197 used
> -------------------------------------------------
>
>                 Key: IGNITE-11765
>                 URL: https://issues.apache.org/jira/browse/IGNITE-11765
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.7
>            Reporter: VIJAY BHATT
>            Priority: Major
>
> We use blackduck for scanning our project. It has identified Ignite 2.7.0 using H2 Database
Engine version 1.4.197 as a vulnerable library having the following 2 vulnerabilities:
> BDSA-2018-1048 (CVE-2018-10054)
> BDSA-2018-2507 (CVE-2018-14335)
> Suggested fix by blackduck is to use version 1.4.198
> We tried using 1.4.198 using jar override but it has some breaking changes.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message