Hi All, Apache Ignite 2.8.1 has been released. The release contain fix of critical vulnerability
CVE-2020-1963: Apache Ignite access to file system through predefined H2 SQL functions Severity: Critical Vendor: The Apache Software Foundation Versions Affected: All versions of Apache Ignite up to 2.8 Impact An attacker can use embedded H2 SQL functions to access a filesystem for write and read. Description: Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. Mitigation: Ignite 2.8 or earlier users should upgrade to 2.8.1 In case SQL is not used at all the issue could be mitigated by removing ignite-indexing.jar from Ignite classpath Risk could be partially mitigated by using non privileged user to start Apache Ignite. Credit: This issue was discovered by Sriveena Mattaparthi of ekaplus.com -- Живи с улыбкой! :D