[ https://issues.apache.org/jira/browse/IGNITE-11765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16967823#comment-16967823 ]
Erikson Murrugarra commented on IGNITE-11765: --------------------------------------------- Hi. Do you have any updates for this issue? Thank you. > Vulnerable library H2 Database Engine1.4.197 used > ------------------------------------------------- > > Key: IGNITE-11765 > URL: https://issues.apache.org/jira/browse/IGNITE-11765 > Project: Ignite > Issue Type: Bug > Affects Versions: 2.7 > Reporter: VIJAY BHATT > Priority: Major > > We use blackduck for scanning our project. It has identified Ignite 2.7.0 > using H2 Database Engine version 1.4.197 as a vulnerable library having the > following 2 vulnerabilities: > BDSA-2018-1048 (CVE-2018-10054) > BDSA-2018-2507 (CVE-2018-14335) > Suggested fix by blackduck is to use version 1.4.198 > We tried using 1.4.198 using jar override but it has some breaking changes. -- This message was sent by Atlassian Jira (v8.3.4#803005)