Thanks Stephen. Not sure if this is the right forum but wanted to check if there is a plan already to come up with a vulnerability free way of using Ignite? Or if there is a way to request one?
On Tue, May 3, 2022 at 2:36 PM Stephen Darlington < stephen.darling...@gridgain.com> wrote: > That is my understanding, yes. > > On 2 May 2022, at 09:28, Lokesh Bandaru <lokeshband...@gmail.com> wrote: > > Thank you Stephen/Nikita. > Looks like version 2.13 still depends on the older H2 versions - those > with vulnerabilities. > And as the dependencies are all hard, there doesn't seem to be a way to > bypass them and get Ignite running. > Can you please confirm? > > On Fri, Apr 29, 2022 at 7:44 PM Nikita Amelchev <namelc...@apache.org> > wrote: > >> Hello, guys. >> >> Thanks for pointing it out. >> >> The calcite module was properly published to the maven. [1] The sync >> with mirrors can take some time. >> The calcite documentation was updated on the site. [2] >> >> [1] >> https://repo.maven.apache.org/maven2/org/apache/ignite/ignite-calcite/2.13.0/ >> [2] https://ignite.apache.org/docs/latest/SQL/sql-calcite >> >> пт, 29 апр. 2022 г. в 12:36, Stephen Darlington >> <stephen.darling...@gridgain.com>: >> > >> > It’ll be added to Maven soon — I’m not exactly sure what happened. It >> is included in the source and binary downloads (download.cgi) if you want >> to get a copy now. >> > >> > On 29 Apr 2022, at 02:19, Lokesh Bandaru <lokeshband...@gmail.com> >> wrote: >> > >> > Hello Stephen, the document(ReadMe) you shared earlier, has mentioned >> that ignite-calcite must be declared as a dependency. >> > In this case, it would be, org.apache.ignite:ignite-calcite:2.13.0 >> right!. But, which, at the moment, is not available. >> > Can you please advise? >> > >> > On Thu, Apr 28, 2022 at 5:21 PM Zhenya Stanilovsky <arzamas...@mail.ru> >> wrote: >> >> >> >> Seems it would be published with new documentation, Nikita Amelchev >> isn`t it ? check [1] >> >> >> >> [1] https://issues.apache.org/jira/browse/IGNITE-15189 >> >> >> >> >> >> Thank you Stephen. >> >> Is there also a writeup summarizing what is/isn't supported with this >> 'experimental' feature? >> >> >> >> On Thu, Apr 28, 2022 at 4:30 PM Stephen Darlington < >> stephen.darling...@gridgain.com> wrote: >> >> >> >> >> https://github.com/apache/ignite/blob/2.13.0/modules/calcite/README.txt >> >> >> >> >> >> On 28 Apr 2022, at 11:46, Lokesh Bandaru <lokeshband...@gmail.com> >> wrote: >> >> >> >> Thanks Ilya. >> >> >> >> Version 2.13 has come out but still seems to be shipping with the same >> vulnerability-ridden version of h2 database. >> >> The documentation doesn't mention if/how Calcite is turned on. >> >> Can you advise on how it can be enabled? >> >> >> >> On Wed, Apr 13, 2022 at 7:29 AM Ilya Korol <llivezk...@gmail.com> >> wrote: >> >> >> >> Hi Lokesh, >> >> >> >> Updates for running Ignite over Java 17 is already in master. Please >> >> take a look: >> >> >> https://github.com/apache/ignite/blob/master/bin/include/jvmdefaults.sh >> >> >> >> On 2022/04/12 10:11:57 Lokesh Bandaru wrote: >> >> > You are fast. :) Was just typing a reply on top of the last one and >> yours >> >> > is already here. >> >> > >> >> > Ignore the last question, found this, >> >> > >> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13 . >> >> > *Looking forward to this release. * >> >> > >> >> > *One slightly unrelated question, feel free to ignore. * >> >> > *I know there is no support(or certified) for any version of Java >> greater >> >> > than 11. * >> >> > *What would it take for 2.13 to be able to run on Java17?* >> >> > >> >> > On Tue, Apr 12, 2022 at 3:36 PM Stephen Darlington < >> >> > stephen.darling...@gridgain.com> wrote: >> >> > >> >> > > Code freeze was yesterday. The target release date is 22 April. >> >> > > >> >> > > More here: Apache+Ignite+2.13 >> >> > > < >> https://cwiki.apache.org/confluence/display/IGNITE/Apache+Ignite+2.13> >> >> > > >> >> > > On 12 Apr 2022, at 11:03, Lokesh Bandaru <lo...@gmail.com> wrote: >> >> > > >> >> > > Thanks for getting back, Stephen. >> >> > > I am aware that Calcite is in the plans. >> >> > > Any tentative timeline as to when 2.13(beta/ga) is going to be >> made >> >> > > available? >> >> > > >> >> > > Regards. >> >> > > >> >> > > On Tue, Apr 12, 2022 at 2:15 PM Stephen Darlington < >> >> > > stephen.darling...@gridgain.com> wrote: >> >> > > >> >> > >> The H2 project removed support for Ignite some time ago ( >> >> > >> https://github.com/h2database/h2database/pull/2227) which makes >> it >> >> > >> difficult to move to newer versions. >> >> > >> >> >> > >> The next version of Ignite (2.13) has an alternative SQL engine >> >> (Apache >> >> > >> Calcite) so over time there will be no need for H2. >> >> > >> >> >> > >> On 11 Apr 2022, at 20:34, Lokesh Bandaru <lo...@gmail.com> >> wrote: >> >> > >> >> >> > >> Resending. >> >> > >> >> >> > >> On Mon, Apr 11, 2022 at 6:42 PM Lokesh Bandaru <lo...@gmail.com> >> >> > >> wrote: >> >> > >> >> >> > >>> Hello there, hi >> >> > >>> >> >> > >>> Writing to you with regards to the security >> >> vulnerabilities(particularly >> >> > >>> the most recent ones, CVE-2022-xxx and CVE-2021-xxx) in the H2 >> >> database and >> >> > >>> the Apache Ignite's dependency on the flagged versions of H2. >> >> > >>> There is an open issue tracking this, >> >> > >>> https://issues.apache.org/jira/browse/IGNITE-16542, which >> doesn't >> >> seem >> >> > >>> to have been fully addressed yet. >> >> > >>> Have these problems been overcome already? Can you please >> advise? >> >> > >>> >> >> > >>> Thanks. >> >> > >>> >> >> > >> >> >> > >> >> >> > > >> >> > >> >> >> >> >> >> >> >> >> >> >> > >> > >> >> >> -- >> Best wishes, >> Amelchev Nikita >> > >
