Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
The H2 embedded database below version 2.1.210 includes multiple associated vulnerabilities related to unsafe XML column handling and other issues. Multiple NiFi components leverage H2 for local relational data storage. Although NiFi does not appear to have any direct vulnerabilities as a result of issues with H2, upgrading to the latest version will avoid false positive security scans and provide better maintainability.
Due to related database components such as Flyway in NiFi Registry, upgrading H2 will also require upgrades to related dependencies and services.