[jira] [Updated] (NIFI-9585) Upgrade H2 to 2.1.210
[ https://issues.apache.org/jira/browse/NIFI-9585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-9585: --- Resolution: Fixed Status: Resolved (was: Patch Available) > Upgrade H2 to 2.1.210 > - > > Key: NIFI-9585 > URL: https://issues.apache.org/jira/browse/NIFI-9585 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: Matt Burgess >Priority: Major > Fix For: 1.16.0 > > Time Spent: 2h 10m > Remaining Estimate: 0h > > The H2 embedded database below version 2.1.210 includes multiple associated > vulnerabilities related to unsafe XML column handling and other issues. > Multiple NiFi components leverage H2 for local relational data storage. > Although NiFi does not appear to have any direct vulnerabilities as a result > of issues with H2, upgrading to the latest version will avoid false positive > security scans and provide better maintainability. > Due to related database components such as Flyway in NiFi Registry, upgrading > H2 will also require upgrades to related dependencies and services. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (NIFI-9585) Upgrade H2 to 2.1.210
[ https://issues.apache.org/jira/browse/NIFI-9585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matt Burgess updated NIFI-9585: --- Fix Version/s: 1.16.0 Status: Patch Available (was: In Progress) > Upgrade H2 to 2.1.210 > - > > Key: NIFI-9585 > URL: https://issues.apache.org/jira/browse/NIFI-9585 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: Matt Burgess >Priority: Major > Fix For: 1.16.0 > > Time Spent: 50m > Remaining Estimate: 0h > > The H2 embedded database below version 2.1.210 includes multiple associated > vulnerabilities related to unsafe XML column handling and other issues. > Multiple NiFi components leverage H2 for local relational data storage. > Although NiFi does not appear to have any direct vulnerabilities as a result > of issues with H2, upgrading to the latest version will avoid false positive > security scans and provide better maintainability. > Due to related database components such as Flyway in NiFi Registry, upgrading > H2 will also require upgrades to related dependencies and services. -- This message was sent by Atlassian Jira (v8.20.1#820001)
