Hi, Mentioned CVE has no affect Ignite. Please, see discussion on dev-list.
http://apache-ignite-developers.2346864.n4.nabble.com/H2-license-and-vulnerabilities-td40417.html#a40418 On Wed, Dec 11, 2019 at 2:22 AM Evgenii Zhuravlev <e.zhuravlev...@gmail.com> wrote: > Hi, > > There are plans to replace H2 with Calcite. You can read more about it on > dev list, I've seen several threads regarding this topic there. > > Evgenii > > > вт, 10 дек. 2019 г. в 13:29, Sobolevsky, Vladik <vsobo...@akamai.com>: > >> Hi, >> >> >> >> It looks like all the recent versions of Apache Ignite ( apache ignite >> indexing) depends on H2 version 1.4.197. >> >> This version has at least 2 CVE’s : >> >> https://nvd.nist.gov/vuln/detail/CVE-2018-10054 >> >> https://nvd.nist.gov/vuln/detail/CVE-2018-14335 >> >> >> >> I do understand that not all above CVE’s can be exploited due to a way >> Ignite uses H2 but still : Is there any plans to upgrade to version that >> doesn’t has those ? >> >> >> >> Thank You, >> >> Vladik >> >> >> >> >> >> >> > -- Best regards, Andrey V. Mashenkov
