The script is like the following.
URL="jdbc:h2:/opt/app/var/db/session-db;AUTO_SERVER=TRUE"
set -f
echo "$1" | java -cp "$JAR" org.h2.tools.RunScript -url "$URL" -user ''
-password '' -script /dev/stdin -showResults
maanantai 10. tammikuuta 2022 klo 16.50.24 UTC+2 Evgenij Ryazanov kirjoitti:
>
Thanks for your answer.
I know about the vulnerability - I don't even use the console or H2 in
production.. but my project has a policy about CVE. This vulnerability is
tagged by our CI/CD system and I have to fix it or remove the dependency. I
just can't say "it's not exploitable" if the vulne
Hello.
This vulnerability affects only the H2 Console and it may harm you only if
you run it with -webAllowOthers parameter without additional protection.
You shouldn't do that with any version of H2.
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
It doesn't aff
Hello,
In order to fix CVE-2021-42392, I have to upgrade to H2 v2.0.206
However, a lot of tests fail with this version, I don't known if it's a
bugs or intended changed..
1/ BOOLEAN and INTEGER can't be compared anymore
This breaks hibernate, and other queries (in camunda for example)
2/ VALUE
Hello,
In order to fix the CVE CVE-2021-42392, I have to upgrade to H2 v2.0.206.
However, having H2 incompatible with hibernate make the upgrade impossible.,
As I agree the bug could be fixed in Hibernate, shouldn't H2 be more
backward compatible ?
Moreover, when testing my application with H2
Hello!
How value of -script parameter looks like? It is a regular file, pipe, or
some other special object?
I cannot reproduce this issue with regular files, but BufferedInputStream,
unfortunately, may fail if underlying InputStream thrown exceptions from
its available() method.
Maybe H2 shoul
When I try to run a script that uses H2 version 2.0.206 and executes a
SELECT statement, I get the following error. There is a Java server running
the database. The operating system is Red Hat Enterprise Linux 7.9.
Exception in thread "main" org.h2.message.DbException: IO Exception:
"java.io.
Hello!
I think you need to force inclusion of org.h2.store.fs.disk.* classes into
compiled program somehow, H2 loads them dynamically through reflection and
NPE here mean they weren't found.
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To u
Hello!
H2 database doesn't support warnings and cannot produce java.sql.SQLWarning,
if you see them, they came from some other software.
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails fr
Hello!
You still have 1.4.195 somewhere.
TCP protocol in H2 2.0.206 provides backward compatibility for 1.4.197 and
newer versions only.
Client with 1.4.195 cannot connect to server with 2.0.206 and client with
2.0.206 cannot connect to server with 1.4.195; these versions are too
different fr
10 matches
Mail list logo