Hello, I am using Apache Ignite in an financial setting and it gets reported as a high risk because of one of its dependencies : H2
The blackduck report warns the following: 1) The H2 license being weak reciprocal it is not the prefered type of OSS licenses (e.g., Apache, MIT) 2) There are known vulnerabulities for now more than a year that do not get fixed: https://www.cvedetails.com/vulnerability-list/vendor_id-17893/product_id-45580/year-2018/H2database-H2.html So here are my questions : 1) is there any plan to swap H2 by another in memory database and if not what is the view of the community on the above points. 2) Does ignite uses the part of H2 that is vulnerable (disk backup)? Many thanks in advance -- Sent from: http://apache-ignite-developers.2346864.n4.nabble.com/
