ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erikson Murrugarra (Jira)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-11765) Vulnerable library H2 Database Engine1.4.197 used
Date Tue, 05 Nov 2019 19:58:00 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-11765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16967823#comment-16967823
] 

Erikson Murrugarra commented on IGNITE-11765:
---------------------------------------------

Hi. Do you have any updates for this issue?

Thank you.

> Vulnerable library H2 Database Engine1.4.197 used
> -------------------------------------------------
>
>                 Key: IGNITE-11765
>                 URL: https://issues.apache.org/jira/browse/IGNITE-11765
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.7
>            Reporter: VIJAY BHATT
>            Priority: Major
>
> We use blackduck for scanning our project. It has identified Ignite 2.7.0 using H2 Database
Engine version 1.4.197 as a vulnerable library having the following 2 vulnerabilities:
> BDSA-2018-1048 (CVE-2018-10054)
> BDSA-2018-2507 (CVE-2018-14335)
> Suggested fix by blackduck is to use version 1.4.198
> We tried using 1.4.198 using jar override but it has some breaking changes.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message