Hello,
In order to fix the CVE CVE-2021-42392, I have to upgrade to H2 v2.0.206.
However, having H2 incompatible with hibernate make the upgrade impossible.,
As I agree the bug could be fixed in Hibernate, shouldn't H2 be more
backward compatible ?
Moreover, when testing my application with H2 v2.0.206, I have the same bug
with camunda, which doesn't use Hibernate, this issue breaks a lot of
applications..
camunda fails with :
Values of types "BOOLEAN" and "INTEGER" are not comparable; SQL statement:
select RES.ID_,
RES.REV_,
RES.DUEDATE_,
RES.PROCESS_INSTANCE_ID_,
RES.EXCLUSIVE_
from ACT_RU_JOB RES
where (RES.RETRIES_ > 0)
and (
RES.DUEDATE_ is null or
RES.DUEDATE_ <= ?
)
and (RES.LOCK_OWNER_ is null or RES.LOCK_EXP_TIME_ < ?)
and RES.SUSPENSION_STATE_ = 1
and (
(
RES.EXCLUSIVE_ = 1
and not exists(
select J2.ID_ from ACT_RU_JOB J2
where J2.PROCESS_INSTANCE_ID_ =
RES.PROCESS_INSTANCE_ID_ -- from
the same proc. inst.
and (J2.EXCLUSIVE_ =
1) -- also
exclusive
and (J2.LOCK_OWNER_ is not null and J2.LOCK_EXP_TIME_ >= ?) --
in progress
)
)
or
RES.EXCLUSIVE_ = 0
)
LIMIT ? OFFSET ? [90110-206]
Le samedi 4 décembre 2021 à 13:21:18 UTC+1, Evgenij Ryazanov a écrit :
> Hello.
>
> It looks like a bug of Hibernate ORM.
>
> The basic Dialect class has the following method:
>
> public String toBooleanValueString(boolean bool) {
>
> return bool ? "1" : "0";
>
> }
>
> It is obliviously wrong for any database system that has BOOLEAN data type.
>
> H2Dialect should override this method to avoid generation of invalid SQL.
>
> Please, report this issue here:
> https://hibernate.atlassian.net/browse/HHH
>
>
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/h2-database/ef82db4b-1d68-4465-a334-387a0a62f331n%40googlegroups.com.
