Re: H2 version security concern

;user@ignite.apache.org" Date: Wednesday, December 11, 2019 at 04:40 To: "user@ignite.apache.org" , "Sobolevsky, Vladik" Subject: Re: H2 version security concern Hi, Mentioned CVE has no affect Ignite. Please, see discussion on dev-list. http://apache-ignite-devel

H2 version security concern

Hi, It looks like all the recent versions of Apache Ignite ( apache ignite indexing) depends on H2 version 1.4.197. This version has at least 2 CVE’s : https://nvd.nist.gov/vuln/detail/CVE-2018-10054 https://nvd.nist.gov/vuln/detail/CVE-2018-14335 I do understand that not all above CVE’s can be