[FLINK-25785] Update com.h2database:h2 to 2.0.210 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Technical Debt
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.13.5, 1.14.3, 1.15.0
Fix Version/s: 1.14.4, 1.15.0, 1.13.7
Component/s: Connectors / JDBC
Labels:
- pull-request-available

Description

Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS rebinding attack) are fixed in 2.0.120. Flink is currently on 2.0.206 since https://issues.apache.org/jira/browse/FLINK-25576

Note: Flink is using this dependency only for testing, so it's not directly impacted by the CVE. We just want to be good citizens and update our dependencies

Attachments

Issue Links

links to

GitHub Pull Request #18605

GitHub Pull Request #18727

GitHub Pull Request #18728

Activity

People

Assignee:: Martijn Visser

Reporter:: Martijn Visser

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/Jan/22 12:46

Updated:: 16/Feb/22 18:24

Resolved:: 12/Feb/22 07:55