[
https://issues.apache.org/jira/browse/NIFI-9585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-9585:
-----------------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Upgrade H2 to 2.1.210
> ---------------------
>
> Key: NIFI-9585
> URL: https://issues.apache.org/jira/browse/NIFI-9585
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: David Handermann
> Assignee: Matt Burgess
> Priority: Major
> Fix For: 1.16.0
>
> Time Spent: 2h 10m
> Remaining Estimate: 0h
>
> The H2 embedded database below version 2.1.210 includes multiple associated
> vulnerabilities related to unsafe XML column handling and other issues.
> Multiple NiFi components leverage H2 for local relational data storage.
> Although NiFi does not appear to have any direct vulnerabilities as a result
> of issues with H2, upgrading to the latest version will avoid false positive
> security scans and provide better maintainability.
> Due to related database components such as Flyway in NiFi Registry, upgrading
> H2 will also require upgrades to related dependencies and services.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
