Hi, The current Ignite (v2.11) has h2 v1.4.197 as dependencies, which is subject to the following vulnerabilities. Is there any plan to update to a newer version? Given the currently heightened security awareness, it would be very difficult to make the case to use the current version of Ignite due to corporate security policy. Thanks.
CVE-2021-23463 (BDSA-2021-3744) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463 CVE-2018-10054 (BDSA-2018-1048) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054 BDSA-2022-0048 (H2 Database Vulnerable to Remote Code Execution (RCE) via Unsafe JNDI Class Loading Functionality) https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ CVE-2018-14335 (BDSA-2018-2507) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335 Regards, Marcus
