You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by Lokesh Bandaru <lo...@gmail.com> on 2022/05/02 08:28:22 UTC
Re: Apache Ignite H2 Vulnerabilities
Thank you Stephen/Nikita.
Looks like version 2.13 still depends on the older H2 versions - those with
vulnerabilities.
And as the dependencies are all hard, there doesn't seem to be a way to
bypass them and get Ignite running.
Can you please confirm?
On Fri, Apr 29, 2022 at 7:44 PM Nikita Amelchev <na...@apache.org>
wrote:
> Hello, guys.
>
> Thanks for pointing it out.
>
> The calcite module was properly published to the maven. [1] The sync
> with mirrors can take some time.
> The calcite documentation was updated on the site. [2]
>
> [1]
> https://repo.maven.apache.org/maven2/org/apache/ignite/ignite-calcite/2.13.0/
> [2] https://ignite.apache.org/docs/latest/SQL/sql-calcite
>
> пт, 29 апр. 2022 г. в 12:36, Stephen Darlington
> <st...@gridgain.com>:
> >
> > It’ll be added to Maven soon — I’m not exactly sure what happened. It is
> included in the source and binary downloads (download.cgi) if you want to
> get a copy now.
> >
> > On 29 Apr 2022, at 02:19, Lokesh Bandaru <lo...@gmail.com>
> wrote:
> >
> > Hello Stephen, the document(ReadMe) you shared earlier, has mentioned
> that ignite-calcite must be declared as a dependency.
> > In this case, it would be, org.apache.ignite:ignite-calcite:2.13.0
> right!. But, which, at the moment, is not available.
> > Can you please advise?
> >
> > On Thu, Apr 28, 2022 at 5:21 PM Zhenya Stanilovsky <ar...@mail.ru>
> wrote:
> >>
> >> Seems it would be published with new documentation, Nikita Amelchev
> isn`t it ? check [1]
> >>
> >> [1] https://issues.apache.org/jira/browse/IGNITE-15189
> >>
> >>
> >> Thank you Stephen.
> >> Is there also a writeup summarizing what is/isn't supported with this
> 'experimental' feature?
> >>
> >> On Thu, Apr 28, 2022 at 4:30 PM Stephen Darlington <
> stephen.darlington@gridgain.com> wrote:
> >>
> >> https://github.com/apache/ignite/blob/2.13.0/modules/calcite/README.txt
> >>
> >>
> >> On 28 Apr 2022, at 11:46, Lokesh Bandaru <lo...@gmail.com>
> wrote:
> >>
> >> Thanks Ilya.
> >>
> >> Version 2.13 has come out but still seems to be shipping with the same
> vulnerability-ridden version of h2 database.
> >> The documentation doesn't mention if/how Calcite is turned on.
> >> Can you advise on how it can be enabled?
> >>
> >> On Wed, Apr 13, 2022 at 7:29 AM Ilya Korol <ll...@gmail.com>
> wrote:
> >>
> >> Hi Lokesh,
> >>
> >> Updates for running Ignite over Java 17 is already in master. Please
> >> take a look:
> >> https://github.com/apache/ignite/blob/master/bin/include/jvmdefaults.sh
> >>
> >> On 2022/04/12 10:11:57 Lokesh Bandaru wrote:
> >> > You are fast. :) Was just typing a reply on top of the last one and
> yours
> >> > is already here.
> >> >
> >> > Ignore the last question, found this,
> >> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13 .
> >> > *Looking forward to this release. *
> >> >
> >> > *One slightly unrelated question, feel free to ignore. *
> >> > *I know there is no support(or certified) for any version of Java
> greater
> >> > than 11. *
> >> > *What would it take for 2.13 to be able to run on Java17?*
> >> >
> >> > On Tue, Apr 12, 2022 at 3:36 PM Stephen Darlington <
> >> > stephen.darlington@gridgain.com> wrote:
> >> >
> >> > > Code freeze was yesterday. The target release date is 22 April.
> >> > >
> >> > > More here: Apache+Ignite+2.13
> >> > > <
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13>
> >> > >
> >> > > On 12 Apr 2022, at 11:03, Lokesh Bandaru <lo...@gmail.com> wrote:
> >> > >
> >> > > Thanks for getting back, Stephen.
> >> > > I am aware that Calcite is in the plans.
> >> > > Any tentative timeline as to when 2.13(beta/ga) is going to be made
> >> > > available?
> >> > >
> >> > > Regards.
> >> > >
> >> > > On Tue, Apr 12, 2022 at 2:15 PM Stephen Darlington <
> >> > > stephen.darlington@gridgain.com> wrote:
> >> > >
> >> > >> The H2 project removed support for Ignite some time ago (
> >> > >> https://github.com/h2database/h2database/pull/2227) which makes
> it
> >> > >> difficult to move to newer versions.
> >> > >>
> >> > >> The next version of Ignite (2.13) has an alternative SQL engine
> >> (Apache
> >> > >> Calcite) so over time there will be no need for H2.
> >> > >>
> >> > >> On 11 Apr 2022, at 20:34, Lokesh Bandaru <lo...@gmail.com> wrote:
> >> > >>
> >> > >> Resending.
> >> > >>
> >> > >> On Mon, Apr 11, 2022 at 6:42 PM Lokesh Bandaru <lo...@gmail.com>
> >> > >> wrote:
> >> > >>
> >> > >>> Hello there, hi
> >> > >>>
> >> > >>> Writing to you with regards to the security
> >> vulnerabilities(particularly
> >> > >>> the most recent ones, CVE-2022-xxx and CVE-2021-xxx) in the H2
> >> database and
> >> > >>> the Apache Ignite's dependency on the flagged versions of H2.
> >> > >>> There is an open issue tracking this,
> >> > >>> https://issues.apache.org/jira/browse/IGNITE-16542, which
> doesn't
> >> seem
> >> > >>> to have been fully addressed yet.
> >> > >>> Have these problems been overcome already? Can you please advise?
> >> > >>>
> >> > >>> Thanks.
> >> > >>>
> >> > >>
> >> > >>
> >> > >
> >> >
> >>
> >>
> >>
> >>
> >>
> >
> >
>
>
> --
> Best wishes,
> Amelchev Nikita
>
Re: Apache Ignite H2 Vulnerabilities
Posted by Lokesh Bandaru <lo...@gmail.com>.
Thanks for the update Maxim.
Looks like July-ish then, going by how the last few releases came out.
On Fri, May 6, 2022 at 8:02 PM Maxim Muzafarov <mm...@apache.org> wrote:
> Lokesh,
>
> Talking about the Ignite Calcite integration module the dependency
> over the H2 will be removed in the next release 2.14.
>
> On Tue, 3 May 2022 at 15:17, Lokesh Bandaru <lo...@gmail.com>
> wrote:
> >
> > Thanks Stephen.
> > Not sure if this is the right forum but wanted to check if there is a
> plan already to come up with a vulnerability free way of using Ignite?
> > Or if there is a way to request one?
> >
> >
> > On Tue, May 3, 2022 at 2:36 PM Stephen Darlington <
> stephen.darlington@gridgain.com> wrote:
> >>
> >> That is my understanding, yes.
> >>
> >> On 2 May 2022, at 09:28, Lokesh Bandaru <lo...@gmail.com>
> wrote:
> >>
> >> Thank you Stephen/Nikita.
> >> Looks like version 2.13 still depends on the older H2 versions - those
> with vulnerabilities.
> >> And as the dependencies are all hard, there doesn't seem to be a way to
> bypass them and get Ignite running.
> >> Can you please confirm?
> >>
> >> On Fri, Apr 29, 2022 at 7:44 PM Nikita Amelchev <na...@apache.org>
> wrote:
> >>>
> >>> Hello, guys.
> >>>
> >>> Thanks for pointing it out.
> >>>
> >>> The calcite module was properly published to the maven. [1] The sync
> >>> with mirrors can take some time.
> >>> The calcite documentation was updated on the site. [2]
> >>>
> >>> [1]
> https://repo.maven.apache.org/maven2/org/apache/ignite/ignite-calcite/2.13.0/
> >>> [2] https://ignite.apache.org/docs/latest/SQL/sql-calcite
> >>>
> >>> пт, 29 апр. 2022 г. в 12:36, Stephen Darlington
> >>> <st...@gridgain.com>:
> >>> >
> >>> > It’ll be added to Maven soon — I’m not exactly sure what happened.
> It is included in the source and binary downloads (download.cgi) if you
> want to get a copy now.
> >>> >
> >>> > On 29 Apr 2022, at 02:19, Lokesh Bandaru <lo...@gmail.com>
> wrote:
> >>> >
> >>> > Hello Stephen, the document(ReadMe) you shared earlier, has
> mentioned that ignite-calcite must be declared as a dependency.
> >>> > In this case, it would be, org.apache.ignite:ignite-calcite:2.13.0
> right!. But, which, at the moment, is not available.
> >>> > Can you please advise?
> >>> >
> >>> > On Thu, Apr 28, 2022 at 5:21 PM Zhenya Stanilovsky <
> arzamas123@mail.ru> wrote:
> >>> >>
> >>> >> Seems it would be published with new documentation, Nikita Amelchev
> isn`t it ? check [1]
> >>> >>
> >>> >> [1] https://issues.apache.org/jira/browse/IGNITE-15189
> >>> >>
> >>> >>
> >>> >> Thank you Stephen.
> >>> >> Is there also a writeup summarizing what is/isn't supported with
> this 'experimental' feature?
> >>> >>
> >>> >> On Thu, Apr 28, 2022 at 4:30 PM Stephen Darlington <
> stephen.darlington@gridgain.com> wrote:
> >>> >>
> >>> >>
> https://github.com/apache/ignite/blob/2.13.0/modules/calcite/README.txt
> >>> >>
> >>> >>
> >>> >> On 28 Apr 2022, at 11:46, Lokesh Bandaru <lo...@gmail.com>
> wrote:
> >>> >>
> >>> >> Thanks Ilya.
> >>> >>
> >>> >> Version 2.13 has come out but still seems to be shipping with the
> same vulnerability-ridden version of h2 database.
> >>> >> The documentation doesn't mention if/how Calcite is turned on.
> >>> >> Can you advise on how it can be enabled?
> >>> >>
> >>> >> On Wed, Apr 13, 2022 at 7:29 AM Ilya Korol <ll...@gmail.com>
> wrote:
> >>> >>
> >>> >> Hi Lokesh,
> >>> >>
> >>> >> Updates for running Ignite over Java 17 is already in master. Please
> >>> >> take a look:
> >>> >>
> https://github.com/apache/ignite/blob/master/bin/include/jvmdefaults.sh
> >>> >>
> >>> >> On 2022/04/12 10:11:57 Lokesh Bandaru wrote:
> >>> >> > You are fast. :) Was just typing a reply on top of the last one
> and yours
> >>> >> > is already here.
> >>> >> >
> >>> >> > Ignore the last question, found this,
> >>> >> >
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13 .
> >>> >> > *Looking forward to this release. *
> >>> >> >
> >>> >> > *One slightly unrelated question, feel free to ignore. *
> >>> >> > *I know there is no support(or certified) for any version of
> Java greater
> >>> >> > than 11. *
> >>> >> > *What would it take for 2.13 to be able to run on Java17?*
> >>> >> >
> >>> >> > On Tue, Apr 12, 2022 at 3:36 PM Stephen Darlington <
> >>> >> > stephen.darlington@gridgain.com> wrote:
> >>> >> >
> >>> >> > > Code freeze was yesterday. The target release date is 22 April.
> >>> >> > >
> >>> >> > > More here: Apache+Ignite+2.13
> >>> >> > > <
> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13>
> >>> >> > >
> >>> >> > > On 12 Apr 2022, at 11:03, Lokesh Bandaru <lo...@gmail.com>
> wrote:
> >>> >> > >
> >>> >> > > Thanks for getting back, Stephen.
> >>> >> > > I am aware that Calcite is in the plans.
> >>> >> > > Any tentative timeline as to when 2.13(beta/ga) is going to be
> made
> >>> >> > > available?
> >>> >> > >
> >>> >> > > Regards.
> >>> >> > >
> >>> >> > > On Tue, Apr 12, 2022 at 2:15 PM Stephen Darlington <
> >>> >> > > stephen.darlington@gridgain.com> wrote:
> >>> >> > >
> >>> >> > >> The H2 project removed support for Ignite some time ago (
> >>> >> > >> https://github.com/h2database/h2database/pull/2227) which
> makes it
> >>> >> > >> difficult to move to newer versions.
> >>> >> > >>
> >>> >> > >> The next version of Ignite (2.13) has an alternative SQL
> engine
> >>> >> (Apache
> >>> >> > >> Calcite) so over time there will be no need for H2.
> >>> >> > >>
> >>> >> > >> On 11 Apr 2022, at 20:34, Lokesh Bandaru <lo...@gmail.com>
> wrote:
> >>> >> > >>
> >>> >> > >> Resending.
> >>> >> > >>
> >>> >> > >> On Mon, Apr 11, 2022 at 6:42 PM Lokesh Bandaru <
> lo...@gmail.com>
> >>> >> > >> wrote:
> >>> >> > >>
> >>> >> > >>> Hello there, hi
> >>> >> > >>>
> >>> >> > >>> Writing to you with regards to the security
> >>> >> vulnerabilities(particularly
> >>> >> > >>> the most recent ones, CVE-2022-xxx and CVE-2021-xxx) in the
> H2
> >>> >> database and
> >>> >> > >>> the Apache Ignite's dependency on the flagged versions of H2.
> >>> >> > >>> There is an open issue tracking this,
> >>> >> > >>> https://issues.apache.org/jira/browse/IGNITE-16542, which
> doesn't
> >>> >> seem
> >>> >> > >>> to have been fully addressed yet.
> >>> >> > >>> Have these problems been overcome already? Can you please
> advise?
> >>> >> > >>>
> >>> >> > >>> Thanks.
> >>> >> > >>>
> >>> >> > >>
> >>> >> > >>
> >>> >> > >
> >>> >> >
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >
> >>> >
> >>>
> >>>
> >>> --
> >>> Best wishes,
> >>> Amelchev Nikita
> >>
> >>
>
Re: Apache Ignite H2 Vulnerabilities
Posted by Maxim Muzafarov <mm...@apache.org>.
Lokesh,
Talking about the Ignite Calcite integration module the dependency
over the H2 will be removed in the next release 2.14.
On Tue, 3 May 2022 at 15:17, Lokesh Bandaru <lo...@gmail.com> wrote:
>
> Thanks Stephen.
> Not sure if this is the right forum but wanted to check if there is a plan already to come up with a vulnerability free way of using Ignite?
> Or if there is a way to request one?
>
>
> On Tue, May 3, 2022 at 2:36 PM Stephen Darlington <st...@gridgain.com> wrote:
>>
>> That is my understanding, yes.
>>
>> On 2 May 2022, at 09:28, Lokesh Bandaru <lo...@gmail.com> wrote:
>>
>> Thank you Stephen/Nikita.
>> Looks like version 2.13 still depends on the older H2 versions - those with vulnerabilities.
>> And as the dependencies are all hard, there doesn't seem to be a way to bypass them and get Ignite running.
>> Can you please confirm?
>>
>> On Fri, Apr 29, 2022 at 7:44 PM Nikita Amelchev <na...@apache.org> wrote:
>>>
>>> Hello, guys.
>>>
>>> Thanks for pointing it out.
>>>
>>> The calcite module was properly published to the maven. [1] The sync
>>> with mirrors can take some time.
>>> The calcite documentation was updated on the site. [2]
>>>
>>> [1] https://repo.maven.apache.org/maven2/org/apache/ignite/ignite-calcite/2.13.0/
>>> [2] https://ignite.apache.org/docs/latest/SQL/sql-calcite
>>>
>>> пт, 29 апр. 2022 г. в 12:36, Stephen Darlington
>>> <st...@gridgain.com>:
>>> >
>>> > It’ll be added to Maven soon — I’m not exactly sure what happened. It is included in the source and binary downloads (download.cgi) if you want to get a copy now.
>>> >
>>> > On 29 Apr 2022, at 02:19, Lokesh Bandaru <lo...@gmail.com> wrote:
>>> >
>>> > Hello Stephen, the document(ReadMe) you shared earlier, has mentioned that ignite-calcite must be declared as a dependency.
>>> > In this case, it would be, org.apache.ignite:ignite-calcite:2.13.0 right!. But, which, at the moment, is not available.
>>> > Can you please advise?
>>> >
>>> > On Thu, Apr 28, 2022 at 5:21 PM Zhenya Stanilovsky <ar...@mail.ru> wrote:
>>> >>
>>> >> Seems it would be published with new documentation, Nikita Amelchev isn`t it ? check [1]
>>> >>
>>> >> [1] https://issues.apache.org/jira/browse/IGNITE-15189
>>> >>
>>> >>
>>> >> Thank you Stephen.
>>> >> Is there also a writeup summarizing what is/isn't supported with this 'experimental' feature?
>>> >>
>>> >> On Thu, Apr 28, 2022 at 4:30 PM Stephen Darlington <st...@gridgain.com> wrote:
>>> >>
>>> >> https://github.com/apache/ignite/blob/2.13.0/modules/calcite/README.txt
>>> >>
>>> >>
>>> >> On 28 Apr 2022, at 11:46, Lokesh Bandaru <lo...@gmail.com> wrote:
>>> >>
>>> >> Thanks Ilya.
>>> >>
>>> >> Version 2.13 has come out but still seems to be shipping with the same vulnerability-ridden version of h2 database.
>>> >> The documentation doesn't mention if/how Calcite is turned on.
>>> >> Can you advise on how it can be enabled?
>>> >>
>>> >> On Wed, Apr 13, 2022 at 7:29 AM Ilya Korol <ll...@gmail.com> wrote:
>>> >>
>>> >> Hi Lokesh,
>>> >>
>>> >> Updates for running Ignite over Java 17 is already in master. Please
>>> >> take a look:
>>> >> https://github.com/apache/ignite/blob/master/bin/include/jvmdefaults.sh
>>> >>
>>> >> On 2022/04/12 10:11:57 Lokesh Bandaru wrote:
>>> >> > You are fast. :) Was just typing a reply on top of the last one and yours
>>> >> > is already here.
>>> >> >
>>> >> > Ignore the last question, found this,
>>> >> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13 .
>>> >> > *Looking forward to this release. *
>>> >> >
>>> >> > *One slightly unrelated question, feel free to ignore. *
>>> >> > *I know there is no support(or certified) for any version of Java greater
>>> >> > than 11. *
>>> >> > *What would it take for 2.13 to be able to run on Java17?*
>>> >> >
>>> >> > On Tue, Apr 12, 2022 at 3:36 PM Stephen Darlington <
>>> >> > stephen.darlington@gridgain.com> wrote:
>>> >> >
>>> >> > > Code freeze was yesterday. The target release date is 22 April.
>>> >> > >
>>> >> > > More here: Apache+Ignite+2.13
>>> >> > > <https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13>
>>> >> > >
>>> >> > > On 12 Apr 2022, at 11:03, Lokesh Bandaru <lo...@gmail.com> wrote:
>>> >> > >
>>> >> > > Thanks for getting back, Stephen.
>>> >> > > I am aware that Calcite is in the plans.
>>> >> > > Any tentative timeline as to when 2.13(beta/ga) is going to be made
>>> >> > > available?
>>> >> > >
>>> >> > > Regards.
>>> >> > >
>>> >> > > On Tue, Apr 12, 2022 at 2:15 PM Stephen Darlington <
>>> >> > > stephen.darlington@gridgain.com> wrote:
>>> >> > >
>>> >> > >> The H2 project removed support for Ignite some time ago (
>>> >> > >> https://github.com/h2database/h2database/pull/2227) which makes it
>>> >> > >> difficult to move to newer versions.
>>> >> > >>
>>> >> > >> The next version of Ignite (2.13) has an alternative SQL engine
>>> >> (Apache
>>> >> > >> Calcite) so over time there will be no need for H2.
>>> >> > >>
>>> >> > >> On 11 Apr 2022, at 20:34, Lokesh Bandaru <lo...@gmail.com> wrote:
>>> >> > >>
>>> >> > >> Resending.
>>> >> > >>
>>> >> > >> On Mon, Apr 11, 2022 at 6:42 PM Lokesh Bandaru <lo...@gmail.com>
>>> >> > >> wrote:
>>> >> > >>
>>> >> > >>> Hello there, hi
>>> >> > >>>
>>> >> > >>> Writing to you with regards to the security
>>> >> vulnerabilities(particularly
>>> >> > >>> the most recent ones, CVE-2022-xxx and CVE-2021-xxx) in the H2
>>> >> database and
>>> >> > >>> the Apache Ignite's dependency on the flagged versions of H2.
>>> >> > >>> There is an open issue tracking this,
>>> >> > >>> https://issues.apache.org/jira/browse/IGNITE-16542, which doesn't
>>> >> seem
>>> >> > >>> to have been fully addressed yet.
>>> >> > >>> Have these problems been overcome already? Can you please advise?
>>> >> > >>>
>>> >> > >>> Thanks.
>>> >> > >>>
>>> >> > >>
>>> >> > >>
>>> >> > >
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >
>>> >
>>>
>>>
>>> --
>>> Best wishes,
>>> Amelchev Nikita
>>
>>
Re: Apache Ignite H2 Vulnerabilities
Posted by Lokesh Bandaru <lo...@gmail.com>.
Thanks Stephen.
Not sure if this is the right forum but wanted to check if there is a plan
already to come up with a vulnerability free way of using Ignite?
Or if there is a way to request one?
On Tue, May 3, 2022 at 2:36 PM Stephen Darlington <
stephen.darlington@gridgain.com> wrote:
> That is my understanding, yes.
>
> On 2 May 2022, at 09:28, Lokesh Bandaru <lo...@gmail.com> wrote:
>
> Thank you Stephen/Nikita.
> Looks like version 2.13 still depends on the older H2 versions - those
> with vulnerabilities.
> And as the dependencies are all hard, there doesn't seem to be a way to
> bypass them and get Ignite running.
> Can you please confirm?
>
> On Fri, Apr 29, 2022 at 7:44 PM Nikita Amelchev <na...@apache.org>
> wrote:
>
>> Hello, guys.
>>
>> Thanks for pointing it out.
>>
>> The calcite module was properly published to the maven. [1] The sync
>> with mirrors can take some time.
>> The calcite documentation was updated on the site. [2]
>>
>> [1]
>> https://repo.maven.apache.org/maven2/org/apache/ignite/ignite-calcite/2.13.0/
>> [2] https://ignite.apache.org/docs/latest/SQL/sql-calcite
>>
>> пт, 29 апр. 2022 г. в 12:36, Stephen Darlington
>> <st...@gridgain.com>:
>> >
>> > It’ll be added to Maven soon — I’m not exactly sure what happened. It
>> is included in the source and binary downloads (download.cgi) if you want
>> to get a copy now.
>> >
>> > On 29 Apr 2022, at 02:19, Lokesh Bandaru <lo...@gmail.com>
>> wrote:
>> >
>> > Hello Stephen, the document(ReadMe) you shared earlier, has mentioned
>> that ignite-calcite must be declared as a dependency.
>> > In this case, it would be, org.apache.ignite:ignite-calcite:2.13.0
>> right!. But, which, at the moment, is not available.
>> > Can you please advise?
>> >
>> > On Thu, Apr 28, 2022 at 5:21 PM Zhenya Stanilovsky <ar...@mail.ru>
>> wrote:
>> >>
>> >> Seems it would be published with new documentation, Nikita Amelchev
>> isn`t it ? check [1]
>> >>
>> >> [1] https://issues.apache.org/jira/browse/IGNITE-15189
>> >>
>> >>
>> >> Thank you Stephen.
>> >> Is there also a writeup summarizing what is/isn't supported with this
>> 'experimental' feature?
>> >>
>> >> On Thu, Apr 28, 2022 at 4:30 PM Stephen Darlington <
>> stephen.darlington@gridgain.com> wrote:
>> >>
>> >>
>> https://github.com/apache/ignite/blob/2.13.0/modules/calcite/README.txt
>> >>
>> >>
>> >> On 28 Apr 2022, at 11:46, Lokesh Bandaru <lo...@gmail.com>
>> wrote:
>> >>
>> >> Thanks Ilya.
>> >>
>> >> Version 2.13 has come out but still seems to be shipping with the same
>> vulnerability-ridden version of h2 database.
>> >> The documentation doesn't mention if/how Calcite is turned on.
>> >> Can you advise on how it can be enabled?
>> >>
>> >> On Wed, Apr 13, 2022 at 7:29 AM Ilya Korol <ll...@gmail.com>
>> wrote:
>> >>
>> >> Hi Lokesh,
>> >>
>> >> Updates for running Ignite over Java 17 is already in master. Please
>> >> take a look:
>> >>
>> https://github.com/apache/ignite/blob/master/bin/include/jvmdefaults.sh
>> >>
>> >> On 2022/04/12 10:11:57 Lokesh Bandaru wrote:
>> >> > You are fast. :) Was just typing a reply on top of the last one and
>> yours
>> >> > is already here.
>> >> >
>> >> > Ignore the last question, found this,
>> >> >
>> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13 .
>> >> > *Looking forward to this release. *
>> >> >
>> >> > *One slightly unrelated question, feel free to ignore. *
>> >> > *I know there is no support(or certified) for any version of Java
>> greater
>> >> > than 11. *
>> >> > *What would it take for 2.13 to be able to run on Java17?*
>> >> >
>> >> > On Tue, Apr 12, 2022 at 3:36 PM Stephen Darlington <
>> >> > stephen.darlington@gridgain.com> wrote:
>> >> >
>> >> > > Code freeze was yesterday. The target release date is 22 April.
>> >> > >
>> >> > > More here: Apache+Ignite+2.13
>> >> > > <
>> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13>
>> >> > >
>> >> > > On 12 Apr 2022, at 11:03, Lokesh Bandaru <lo...@gmail.com> wrote:
>> >> > >
>> >> > > Thanks for getting back, Stephen.
>> >> > > I am aware that Calcite is in the plans.
>> >> > > Any tentative timeline as to when 2.13(beta/ga) is going to be
>> made
>> >> > > available?
>> >> > >
>> >> > > Regards.
>> >> > >
>> >> > > On Tue, Apr 12, 2022 at 2:15 PM Stephen Darlington <
>> >> > > stephen.darlington@gridgain.com> wrote:
>> >> > >
>> >> > >> The H2 project removed support for Ignite some time ago (
>> >> > >> https://github.com/h2database/h2database/pull/2227) which makes
>> it
>> >> > >> difficult to move to newer versions.
>> >> > >>
>> >> > >> The next version of Ignite (2.13) has an alternative SQL engine
>> >> (Apache
>> >> > >> Calcite) so over time there will be no need for H2.
>> >> > >>
>> >> > >> On 11 Apr 2022, at 20:34, Lokesh Bandaru <lo...@gmail.com>
>> wrote:
>> >> > >>
>> >> > >> Resending.
>> >> > >>
>> >> > >> On Mon, Apr 11, 2022 at 6:42 PM Lokesh Bandaru <lo...@gmail.com>
>> >> > >> wrote:
>> >> > >>
>> >> > >>> Hello there, hi
>> >> > >>>
>> >> > >>> Writing to you with regards to the security
>> >> vulnerabilities(particularly
>> >> > >>> the most recent ones, CVE-2022-xxx and CVE-2021-xxx) in the H2
>> >> database and
>> >> > >>> the Apache Ignite's dependency on the flagged versions of H2.
>> >> > >>> There is an open issue tracking this,
>> >> > >>> https://issues.apache.org/jira/browse/IGNITE-16542, which
>> doesn't
>> >> seem
>> >> > >>> to have been fully addressed yet.
>> >> > >>> Have these problems been overcome already? Can you please
>> advise?
>> >> > >>>
>> >> > >>> Thanks.
>> >> > >>>
>> >> > >>
>> >> > >>
>> >> > >
>> >> >
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>> --
>> Best wishes,
>> Amelchev Nikita
>>
>
>
Re: Apache Ignite H2 Vulnerabilities
Posted by Stephen Darlington <st...@gridgain.com>.
That is my understanding, yes.
> On 2 May 2022, at 09:28, Lokesh Bandaru <lo...@gmail.com> wrote:
>
> Thank you Stephen/Nikita.
> Looks like version 2.13 still depends on the older H2 versions - those with vulnerabilities.
> And as the dependencies are all hard, there doesn't seem to be a way to bypass them and get Ignite running.
> Can you please confirm?
>
> On Fri, Apr 29, 2022 at 7:44 PM Nikita Amelchev <namelchev@apache.org <ma...@apache.org>> wrote:
> Hello, guys.
>
> Thanks for pointing it out.
>
> The calcite module was properly published to the maven. [1] The sync
> with mirrors can take some time.
> The calcite documentation was updated on the site. [2]
>
> [1] https://repo.maven.apache.org/maven2/org/apache/ignite/ignite-calcite/2.13.0/ <https://repo.maven.apache.org/maven2/org/apache/ignite/ignite-calcite/2.13.0/>
> [2] https://ignite.apache.org/docs/latest/SQL/sql-calcite <https://ignite.apache.org/docs/latest/SQL/sql-calcite>
>
> пт, 29 апр. 2022 г. в 12:36, Stephen Darlington
> <stephen.darlington@gridgain.com <ma...@gridgain.com>>:
> >
> > It’ll be added to Maven soon — I’m not exactly sure what happened. It is included in the source and binary downloads (download.cgi) if you want to get a copy now.
> >
> > On 29 Apr 2022, at 02:19, Lokesh Bandaru <lokeshbandaru@gmail.com <ma...@gmail.com>> wrote:
> >
> > Hello Stephen, the document(ReadMe) you shared earlier, has mentioned that ignite-calcite must be declared as a dependency.
> > In this case, it would be, org.apache.ignite:ignite-calcite:2.13.0 right!. But, which, at the moment, is not available.
> > Can you please advise?
> >
> > On Thu, Apr 28, 2022 at 5:21 PM Zhenya Stanilovsky <arzamas123@mail.ru <ma...@mail.ru>> wrote:
> >>
> >> Seems it would be published with new documentation, Nikita Amelchev isn`t it ? check [1]
> >>
> >> [1] https://issues.apache.org/jira/browse/IGNITE-15189 <https://issues.apache.org/jira/browse/IGNITE-15189>
> >>
> >>
> >> Thank you Stephen.
> >> Is there also a writeup summarizing what is/isn't supported with this 'experimental' feature?
> >>
> >> On Thu, Apr 28, 2022 at 4:30 PM Stephen Darlington <stephen.darlington@gridgain.com <ma...@gridgain.com>> wrote:
> >>
> >> https://github.com/apache/ignite/blob/2.13.0/modules/calcite/README.txt <https://github.com/apache/ignite/blob/2.13.0/modules/calcite/README.txt>
> >>
> >>
> >> On 28 Apr 2022, at 11:46, Lokesh Bandaru <lokeshbandaru@gmail.com <ma...@gmail.com>> wrote:
> >>
> >> Thanks Ilya.
> >>
> >> Version 2.13 has come out but still seems to be shipping with the same vulnerability-ridden version of h2 database.
> >> The documentation doesn't mention if/how Calcite is turned on.
> >> Can you advise on how it can be enabled?
> >>
> >> On Wed, Apr 13, 2022 at 7:29 AM Ilya Korol <llivezking@gmail.com <ma...@gmail.com>> wrote:
> >>
> >> Hi Lokesh,
> >>
> >> Updates for running Ignite over Java 17 is already in master. Please
> >> take a look:
> >> https://github.com/apache/ignite/blob/master/bin/include/jvmdefaults.sh <https://github.com/apache/ignite/blob/master/bin/include/jvmdefaults.sh>
> >>
> >> On 2022/04/12 10:11:57 Lokesh Bandaru wrote:
> >> > You are fast. :) Was just typing a reply on top of the last one and yours
> >> > is already here.
> >> >
> >> > Ignore the last question, found this,
> >> > https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13 <https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13> .
> >> > *Looking forward to this release. *
> >> >
> >> > *One slightly unrelated question, feel free to ignore. *
> >> > *I know there is no support(or certified) for any version of Java greater
> >> > than 11. *
> >> > *What would it take for 2.13 to be able to run on Java17?*
> >> >
> >> > On Tue, Apr 12, 2022 at 3:36 PM Stephen Darlington <
> >> > stephen.darlington@gridgain.com <ma...@gridgain.com>> wrote:
> >> >
> >> > > Code freeze was yesterday. The target release date is 22 April.
> >> > >
> >> > > More here: Apache+Ignite+2.13
> >> > > <https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13 <https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13>>
> >> > >
> >> > > On 12 Apr 2022, at 11:03, Lokesh Bandaru <lo...@gmail.com <ma...@gmail.com>> wrote:
> >> > >
> >> > > Thanks for getting back, Stephen.
> >> > > I am aware that Calcite is in the plans.
> >> > > Any tentative timeline as to when 2.13(beta/ga) is going to be made
> >> > > available?
> >> > >
> >> > > Regards.
> >> > >
> >> > > On Tue, Apr 12, 2022 at 2:15 PM Stephen Darlington <
> >> > > stephen.darlington@gridgain.com <ma...@gridgain.com>> wrote:
> >> > >
> >> > >> The H2 project removed support for Ignite some time ago (
> >> > >> https://github.com/h2database/h2database/pull/2227 <https://github.com/h2database/h2database/pull/2227>) which makes it
> >> > >> difficult to move to newer versions.
> >> > >>
> >> > >> The next version of Ignite (2.13) has an alternative SQL engine
> >> (Apache
> >> > >> Calcite) so over time there will be no need for H2.
> >> > >>
> >> > >> On 11 Apr 2022, at 20:34, Lokesh Bandaru <lo...@gmail.com <ma...@gmail.com>> wrote:
> >> > >>
> >> > >> Resending.
> >> > >>
> >> > >> On Mon, Apr 11, 2022 at 6:42 PM Lokesh Bandaru <lo...@gmail.com <ma...@gmail.com>>
> >> > >> wrote:
> >> > >>
> >> > >>> Hello there, hi
> >> > >>>
> >> > >>> Writing to you with regards to the security
> >> vulnerabilities(particularly
> >> > >>> the most recent ones, CVE-2022-xxx and CVE-2021-xxx) in the H2
> >> database and
> >> > >>> the Apache Ignite's dependency on the flagged versions of H2.
> >> > >>> There is an open issue tracking this,
> >> > >>> https://issues.apache.org/jira/browse/IGNITE-16542 <https://issues.apache.org/jira/browse/IGNITE-16542>, which doesn't
> >> seem
> >> > >>> to have been fully addressed yet.
> >> > >>> Have these problems been overcome already? Can you please advise?
> >> > >>>
> >> > >>> Thanks.
> >> > >>>
> >> > >>
> >> > >>
> >> > >
> >> >
> >>
> >>
> >>
> >>
> >>
> >
> >
>
>
> --
> Best wishes,
> Amelchev Nikita