[
https://issues.apache.org/jira/browse/FLINK-25785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martijn Visser updated FLINK-25785:
-----------------------------------
Description:
Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS
rebinding attack) are fixed in 2.0.120. Flink is currently on 2.0.206 since
https://issues.apache.org/jira/browse/FLINK-25576
Note: Flink is using this dependency only for testing, so it's not directly
impacted by the CVE. We just want to be good citizens and update our
dependencies
was:
Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS
rebinding attack) are fixed.
Note: Flink is using this dependency only for testing, so it's not directly
impacted by the CVE. We just want to be good citizens and update our
dependencies
> Update com.h2database:h2 to 2.0.210
> -----------------------------------
>
> Key: FLINK-25785
> URL: https://issues.apache.org/jira/browse/FLINK-25785
> Project: Flink
> Issue Type: Technical Debt
> Components: Connectors / JDBC
> Affects Versions: 1.15.0, 1.13.5, 1.14.3
> Reporter: Martijn Visser
> Priority: Major
>
> Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS
> rebinding attack) are fixed in 2.0.120. Flink is currently on 2.0.206 since
> https://issues.apache.org/jira/browse/FLINK-25576
> Note: Flink is using this dependency only for testing, so it's not directly
> impacted by the CVE. We just want to be good citizens and update our
> dependencies
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
