You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/01/18 16:32:00 UTC

[jira] [Created] (NIFI-9585) Upgrade H2 to 2.1.210

David Handermann created NIFI-9585:
--------------------------------------

             Summary: Upgrade H2 to 2.1.210
                 Key: NIFI-9585
                 URL: https://issues.apache.org/jira/browse/NIFI-9585
             Project: Apache NiFi
          Issue Type: Improvement
            Reporter: David Handermann


The H2 embedded database below version 2.1.210 includes multiple associated vulnerabilities related to unsafe XML column handling and other issues.  Multiple NiFi components leverage H2 for local relational data storage. Although NiFi does not appear to have any direct vulnerabilities as a result of issues with H2, upgrading to the latest version will avoid false positive security scans and provide better maintainability.

Due to related database components such as Flyway in NiFi Registry, upgrading H2 will also require upgrades to related dependencies and services.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)