You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by wu...@apache.org on 2022/01/07 04:46:31 UTC

[skywalking] branch master updated: Upgrade H2 version to fix GHSA-h376-j262-vhq6 (#8396)

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git


The following commit(s) were added to refs/heads/master by this push:
     new 67f6681  Upgrade H2 version to fix GHSA-h376-j262-vhq6 (#8396)
67f6681 is described below

commit 67f6681ba33d28f8cba7614f5ac34dd84f1f80b6
Author: 吴晟 Wu Sheng <wu...@foxmail.com>
AuthorDate: Fri Jan 7 12:46:12 2022 +0800

    Upgrade H2 version to fix GHSA-h376-j262-vhq6 (#8396)
---
 CHANGES.md                                            | 2 +-
 dist-material/release-docs/LICENSE                    | 2 +-
 oap-server-bom/pom.xml                                | 2 +-
 tools/dependencies/known-oap-backend-dependencies.txt | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 0aa1be8..d79e773 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -20,7 +20,7 @@ Release Notes.
 * Add the analysis of metrics in Satellite MetricsService.
 * Fix `Can't split endpoint id into 2 parts` bug for endpoint ID. In the TCP in service mesh observability, endpoint
   name doesn't exist in TCP traffic.
-* Upgrade H2 version to 2.0.202 to fix CVE-2021-23463.
+* Upgrade H2 version to 2.0.206 to fix CVE-2021-23463 and GHSA-h376-j262-vhq6.
 * Extend column name override mechanism working for `ValueColumnMetadata`.
 * Introduce new concept `Layer` and removed `NodeType`. More details refer to [v9-version-upgrade](https://skywalking.apache.org/docs/main/latest/en/faq/v9-version-upgrade/).
 * Fix query sort metrics failure in H2 Storage.
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 1a0f185..9a0c803 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -381,7 +381,7 @@ MPL 2.0 licenses
 The following components are provided under a MPL 2.0 license. See project link for details.
 The text of each license is also included at licenses/LICENSE-[project].txt.
 
-    H2 Database 2.0.202: http://www.h2database.com/html/main.html , MPL 2.0 or EPL 1.0
+    H2 Database 2.0.206: http://www.h2database.com/html/main.html , MPL 2.0 or EPL 1.0
 
 ========================================
 CC0-1.0 licenses
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 04736bf..1c7f915 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -34,7 +34,7 @@
         <graphql-java.version>8.0</graphql-java.version>
         <okhttp.version>3.14.9</okhttp.version>
         <httpclient.version>4.5.13</httpclient.version>
-        <h2.version>2.0.202</h2.version>
+        <h2.version>2.0.206</h2.version>
         <joda-time.version>2.10.5</joda-time.version>
         <zookeeper.version>3.5.7</zookeeper.version>
         <guava.version>28.1-jre</guava.version>
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
index 4f103ef..090f697 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -55,7 +55,7 @@ gson-2.8.6.jar
 gson-fire-1.8.5.jar
 guava-28.1-jre.jar
 guice-4.1.0.jar
-h2-2.0.202.jar
+h2-2.0.206.jar
 httpasyncclient-4.1.3.jar
 httpclient-4.5.13.jar
 httpcore-4.4.13.jar