You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Martijn Visser (Jira)" <ji...@apache.org> on 2022/01/24 12:47:00 UTC
[jira] [Updated] (FLINK-25785) Update com.h2database:h2 to 2.0.210
[ https://issues.apache.org/jira/browse/FLINK-25785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martijn Visser updated FLINK-25785:
-----------------------------------
Summary: Update com.h2database:h2 to 2.0.210 (was: Update com.h2database:h2 to 2.0.206)
> Update com.h2database:h2 to 2.0.210
> -----------------------------------
>
> Key: FLINK-25785
> URL: https://issues.apache.org/jira/browse/FLINK-25785
> Project: Flink
> Issue Type: Technical Debt
> Components: Connectors / JDBC
> Affects Versions: 1.15.0, 1.13.5, 1.14.3
> Reporter: Martijn Visser
> Priority: Major
>
> Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS rebinding attack) are fixed.
> Note: Flink is using this dependency only for testing, so it's not directly impacted by the CVE. We just want to be good citizens and update our dependencies
--
This message was sent by Atlassian Jira
(v8.20.1#820001)