Hello,
In order to fix the CVE CVE-2021-42392, I have to upgrade to H2 v2.0.206.
However, having H2 incompatible with hibernate make the upgrade impossible.,
As I agree the bug could be fixed in Hibernate, shouldn't H2 be more
backward compatible ?
Moreover, when testing my application with H2 v2.0.206, I have the same bug
with camunda, which doesn't use Hibernate, this issue breaks a lot of
applications..
camunda fails with :
Values of types "BOOLEAN" and "INTEGER" are not comparable; SQL statement:
select RES.ID_,
RES.REV_,
RES.DUEDATE_,
RES.PROCESS_INSTANCE_ID_,
RES.EXCLUSIVE_
from ACT_RU_JOB RES
where (RES.RETRIES_ > 0)
and (
RES.DUEDATE_ is null or
RES.DUEDATE_ <= ?
)
and (RES.LOCK_OWNER_ is null or RES.LOCK_EXP_TIME_ < ?)
and RES.SUSPENSION_STATE_ = 1
and (
(
RES.EXCLUSIVE_ = 1
and not exists(
select J2.ID_ from ACT_RU_JOB J2
where J2.PROCESS_INSTANCE_ID_ =
RES.PROCESS_INSTANCE_ID_ -- from
the same proc. inst.
and (J2.EXCLUSIVE_ =
1) -- also
exclusive
and (J2.LOCK_OWNER_ is not null and J2.LOCK_EXP_TIME_ >= ?) --
in progress
)
)
or
RES.EXCLUSIVE_ = 0
)
LIMIT ? OFFSET ? [90110-206]
Le samedi 4 décembre 2021 à 13:21:18 UTC+1, Evgenij Ryazanov a écrit :
> Hello.
>
> It looks like a bug of Hibernate ORM.
>
> The basic Dialect class has the following method:
>
> public String toBooleanValueString(boolean bool) {
>
> return bool ? "1" : "0";
>
> }
>
> It is obliviously wrong for any database system that has BOOLEAN data type.
>
> H2Dialect should override this method to avoid generation of invalid SQL.
>
> Please, report this issue here:
> https://hibernate.atlassian.net/browse/HHH
>
>
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to h2-database+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/h2-database/ef82db4b-1d68-4465-a334-387a0a62f331n%40googlegroups.com.
