You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by wu...@apache.org on 2022/01/07 04:46:31 UTC
[skywalking] branch master updated: Upgrade H2 version to fix GHSA-h376-j262-vhq6 (#8396)
This is an automated email from the ASF dual-hosted git repository.
wusheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git
The following commit(s) were added to refs/heads/master by this push:
new 67f6681 Upgrade H2 version to fix GHSA-h376-j262-vhq6 (#8396)
67f6681 is described below
commit 67f6681ba33d28f8cba7614f5ac34dd84f1f80b6
Author: 吴晟 Wu Sheng <wu...@foxmail.com>
AuthorDate: Fri Jan 7 12:46:12 2022 +0800
Upgrade H2 version to fix GHSA-h376-j262-vhq6 (#8396)
---
CHANGES.md | 2 +-
dist-material/release-docs/LICENSE | 2 +-
oap-server-bom/pom.xml | 2 +-
tools/dependencies/known-oap-backend-dependencies.txt | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 0aa1be8..d79e773 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -20,7 +20,7 @@ Release Notes.
* Add the analysis of metrics in Satellite MetricsService.
* Fix `Can't split endpoint id into 2 parts` bug for endpoint ID. In the TCP in service mesh observability, endpoint
name doesn't exist in TCP traffic.
-* Upgrade H2 version to 2.0.202 to fix CVE-2021-23463.
+* Upgrade H2 version to 2.0.206 to fix CVE-2021-23463 and GHSA-h376-j262-vhq6.
* Extend column name override mechanism working for `ValueColumnMetadata`.
* Introduce new concept `Layer` and removed `NodeType`. More details refer to [v9-version-upgrade](https://skywalking.apache.org/docs/main/latest/en/faq/v9-version-upgrade/).
* Fix query sort metrics failure in H2 Storage.
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 1a0f185..9a0c803 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -381,7 +381,7 @@ MPL 2.0 licenses
The following components are provided under a MPL 2.0 license. See project link for details.
The text of each license is also included at licenses/LICENSE-[project].txt.
- H2 Database 2.0.202: http://www.h2database.com/html/main.html , MPL 2.0 or EPL 1.0
+ H2 Database 2.0.206: http://www.h2database.com/html/main.html , MPL 2.0 or EPL 1.0
========================================
CC0-1.0 licenses
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 04736bf..1c7f915 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -34,7 +34,7 @@
<graphql-java.version>8.0</graphql-java.version>
<okhttp.version>3.14.9</okhttp.version>
<httpclient.version>4.5.13</httpclient.version>
- <h2.version>2.0.202</h2.version>
+ <h2.version>2.0.206</h2.version>
<joda-time.version>2.10.5</joda-time.version>
<zookeeper.version>3.5.7</zookeeper.version>
<guava.version>28.1-jre</guava.version>
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
index 4f103ef..090f697 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -55,7 +55,7 @@ gson-2.8.6.jar
gson-fire-1.8.5.jar
guava-28.1-jre.jar
guice-4.1.0.jar
-h2-2.0.202.jar
+h2-2.0.206.jar
httpasyncclient-4.1.3.jar
httpclient-4.5.13.jar
httpcore-4.4.13.jar