Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1187

Remove H2 JDBC Driver due to 3rd party vulnerability issue CVE-2021-23463

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.0.0
    • 2.2.0
    • None
    • None
    • CVE-2021-23463

    Description

      Current Situation

      • Currently JOC Cockpit ships with an H2 JDBC Driver h2-1.4.200.jar
      • The JDBC Driver and built-in H2 database can be used for evaluation purposes of the JS7.
        • H2 is a DBMS preferably designed for testing, not for ongoing operation.
      • a vulnerability affects this version,

      Desired Behavior

      • The JDBC Driver is removed from JOC Cockpit.
      • Users who want to evaluate JS7 with an H2 database can download the respective H2 JDBC Driver and specify the JDBC Driver location with the JOC Cockpit setup. The .jar file is then added to the JETTY_BASE/lib/ext/joc directory.

      Attachments

        Issue Links

          is related to

          Fix - JS-1967 Remove support for H2 due to 3rd-party vulnerability issue CVE-2021-23463

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Activity

            People

              oh Oliver Haufe
              ap Andreas Püschel
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: