Uploaded image for project: 'Ignite'
  1. Ignite
  2. IGNITE-16441

Upgrade H2 to version 2.0.206+ to resolve critical vulnerability

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • h2-limitation
    • None
    • Docs Required, Release Notes Required

    Description

      Critical bug found with the current version of h2 used by ignite 1.4.197 that affects all releases of ignite. Please upgrade h2 to use version 2.0.206 or greater. This version of h2 is not backwards compatible, so modifying the h2 functions used in ignite may be necessary.

       

      CVE-2021-42392
      https://nvd.nist.gov/vuln/detail/CVE-2021-42392

      My development team heavily uses apache ignite and hopes to continue so. However, this is a critical vulnerability, so our security team has made the decision to stop developing with ignite until this vulnerability is patched. Please make this upgrade asap so users can continue to use this product without fear of a security breach.

      Attachments

        Activity

          People

            Unassigned Unassigned
            SaHenning Sander Henning
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 168h
                168h
                Remaining:
                Remaining Estimate - 168h
                168h
                Logged:
                Time Spent - Not Specified
                Not Specified