You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/11/02 16:31:00 UTC

[jira] [Resolved] (NIFI-10748) Upgrade com.h2database to 2.1.214

     [ https://issues.apache.org/jira/browse/NIFI-10748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mike R resolved NIFI-10748.
---------------------------
    Resolution: Won't Fix

> Upgrade com.h2database to 2.1.214
> ---------------------------------
>
>                 Key: NIFI-10748
>                 URL: https://issues.apache.org/jira/browse/NIFI-10748
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.18.0
>            Reporter: Mike R
>            Priority: Major
>
> There are several versions of com.h2database used in NiFi, with some instances being 2.1.214, while others are 1.4.200.
> There are several CVE in the 1.4.200 program that are resolved in 2.1.214 that are all high or critical with scores above 8.1:
> [CVE-2022-23221|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221]
> [CVE-2021-42392|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392]
> [CVE-2021-23463|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463]
> The last remaining instance is found at: nifi-h2/nifi-h2-database/pom.xml
> It looks like the remaining instances of h2 were updated in [NiFi-9585|[NIFI-9585 Upgraded H2 from 1.4 to 2.1.210 · apache/nifi@bcc8d03 (github.com)|https://github.com/apache/nifi/commit/bcc8d03314889e7d2d0724390059d0315efe2a34]]
>  
> Here are the release notes for h2 database http://www.h2database.com/html/changelog.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)