[ https://issues.apache.org/jira/browse/NIFI-9585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann updated NIFI-9585: ----------------------------------- Resolution: Fixed Status: Resolved (was: Patch Available) > Upgrade H2 to 2.1.210 > --------------------- > > Key: NIFI-9585 > URL: https://issues.apache.org/jira/browse/NIFI-9585 > Project: Apache NiFi > Issue Type: Improvement > Reporter: David Handermann > Assignee: Matt Burgess > Priority: Major > Fix For: 1.16.0 > > Time Spent: 2h 10m > Remaining Estimate: 0h > > The H2 embedded database below version 2.1.210 includes multiple associated > vulnerabilities related to unsafe XML column handling and other issues. > Multiple NiFi components leverage H2 for local relational data storage. > Although NiFi does not appear to have any direct vulnerabilities as a result > of issues with H2, upgrading to the latest version will avoid false positive > security scans and provide better maintainability. > Due to related database components such as Flyway in NiFi Registry, upgrading > H2 will also require upgrades to related dependencies and services. -- This message was sent by Atlassian Jira (v8.20.1#820001)