You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/11/02 12:36:00 UTC
[jira] [Created] (NIFI-10748) Upgrade com.h2database to 2.1.214
Mike R created NIFI-10748:
-----------------------------
Summary: Upgrade com.h2database to 2.1.214
Key: NIFI-10748
URL: https://issues.apache.org/jira/browse/NIFI-10748
Project: Apache NiFi
Issue Type: Improvement
Affects Versions: 1.18.0
Reporter: Mike R
There are several versions of com.h2database used in NiFi, with some instances being 2.1.214, while others are 1.4.200.
There are several CVE in the 1.4.200 program that are resolved in 2.1.214 that are all high or critical with scores above 8.1:
[CVE-2022-23221|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221]
[CVE-2021-42392|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392]
[CVE-2021-23463|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463]
The last remaining instance is found at: nifi-h2/nifi-h2-database/pom.xml
It looks like the remaining instances of h2 were updated in [NiFi-9585|[NIFI-9585 Upgraded H2 from 1.4 to 2.1.210 ยท apache/nifi@bcc8d03 (github.com)|https://github.com/apache/nifi/commit/bcc8d03314889e7d2d0724390059d0315efe2a34]]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)