[NIFI-9585] Upgrade H2 to 2.1.210 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.16.0
Component/s: None
Labels:
None

Description

The H2 embedded database below version 2.1.210 includes multiple associated vulnerabilities related to unsafe XML column handling and other issues. Multiple NiFi components leverage H2 for local relational data storage. Although NiFi does not appear to have any direct vulnerabilities as a result of issues with H2, upgrading to the latest version will avoid false positive security scans and provide better maintainability.

Due to related database components such as Flyway in NiFi Registry, upgrading H2 will also require upgrades to related dependencies and services.

Attachments

Issue Links

causes

NIFI-9763 Correct Configure Details Insert SQL for Auditing

Resolved

relates to

NIFI-1533 Update H2 to the latest version

Resolved

links to

GitHub Pull Request #5724

Activity

People

Assignee:: Matt Burgess

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Jan/22 16:31

Updated:: 04/Mar/22 20:33

Resolved:: 26/Feb/22 01:21

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2h 10m