VIJAY BHATT created IGNITE-11765:
------------------------------------
Summary: Vulnerable library H2 Database Engine1.4.197 used
Key: IGNITE-11765
URL:
https://issues.apache.org/jira/browse/IGNITE-11765 Project: Ignite
Issue Type: Bug
Affects Versions: 2.7
Reporter: VIJAY BHATT
We use blackduck for scanning our project. It has identified Ignite 2.7.0 using H2 Database Engine version 1.4.197 as a vulnerable library having the following 2 vulnerabilities:
BDSA-2018-1048 (CVE-2018-10054)
BDSA-2018-2507 (CVE-2018-14335)
Suggested fix by blackduck is to use version 1.4.198
We tried using 1.4.198 using jar override but it has some breaking changes.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
