You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/11/02 12:36:00 UTC

[jira] [Created] (NIFI-10748) Upgrade com.h2database to 2.1.214

Mike R created NIFI-10748:
-----------------------------

             Summary: Upgrade com.h2database to 2.1.214
                 Key: NIFI-10748
                 URL: https://issues.apache.org/jira/browse/NIFI-10748
             Project: Apache NiFi
          Issue Type: Improvement
    Affects Versions: 1.18.0
            Reporter: Mike R


There are several versions of com.h2database used in NiFi, with some instances being 2.1.214, while others are 1.4.200.

There are several CVE in the 1.4.200 program that are resolved in 2.1.214 that are all high or critical with scores above 8.1:
[CVE-2022-23221|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221]
[CVE-2021-42392|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392]
[CVE-2021-23463|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463]

The last remaining instance is found at: nifi-h2/nifi-h2-database/pom.xml

It looks like the remaining instances of h2 were updated in [NiFi-9585|[NIFI-9585 Upgraded H2 from 1.4 to 2.1.210 · apache/nifi@bcc8d03 (github.com)|https://github.com/apache/nifi/commit/bcc8d03314889e7d2d0724390059d0315efe2a34]]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)