Details
-
Task
-
Status: Closed
-
Trivial
-
Resolution: Fixed
-
None
-
None
Description
The 1.4.197 version suffers from multiple CVEs such as:
https://nvd.nist.gov/vuln/detail/CVE-2018-14335
https://nvd.nist.gov/vuln/detail/CVE-2018-10054
https://nvd.nist.gov/vuln/detail/CVE-2021-42392
https://nvd.nist.gov/vuln/detail/CVE-2022-23221
In the project, we use H2 only for testing purposes thus the H2 binaries are not present in the runtime classpath thus these CVEs do not pose a problem for Calcite or its users. Nevertheless, it would be good to upgrade to a more recent version to avoid Calcite coming up in vulnerability scans due to this.
Attachments
Issue Links
- links to