You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Martijn Visser (Jira)" <ji...@apache.org> on 2022/01/24 12:47:00 UTC

[jira] [Updated] (FLINK-25785) Update com.h2database:h2 to 2.0.210

     [ https://issues.apache.org/jira/browse/FLINK-25785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martijn Visser updated FLINK-25785:
-----------------------------------
    Summary: Update com.h2database:h2 to 2.0.210  (was: Update com.h2database:h2 to 2.0.206)

> Update com.h2database:h2 to 2.0.210
> -----------------------------------
>
>                 Key: FLINK-25785
>                 URL: https://issues.apache.org/jira/browse/FLINK-25785
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: Connectors / JDBC
>    Affects Versions: 1.15.0, 1.13.5, 1.14.3
>            Reporter: Martijn Visser
>            Priority: Major
>
> Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS rebinding attack) are fixed.
> Note: Flink is using this dependency only for testing, so it's not directly impacted by the CVE. We just want to be good citizens and update our dependencies



--
This message was sent by Atlassian Jira
(v8.20.1#820001)