Uploaded image for project: 'JS - JobScheduler'
  1. JS - JobScheduler
  2. JS-1967

Remove support for H2 due to 3rd-party vulnerability issue CVE-2021-23463

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 1.13
    • 1.13.10
    • None
    • None
    • CVE-2021-23463

    Description

      Current Situation

      • Currently JobScheduler Master ships with an H2 JDBC Driver h2-1.3.170.jar
      • The JDBC Driver is not used for access to the JobScheduler database but can be used for access to H2 databases, for example with JITL jobs.
      • a vulnerability affects this version,

      Desired Behavior

      • The JDBC Driver is removed from the JobScheduler Master.
      • Users who want to access H2 databases can download the respective H2 JDBC Driver and add the .jar file to the ./lib/jdbc directory of the Master.

      Attachments

        Issue Links

          relates to

          Fix - JOC-1187 Remove H2 JDBC Driver due to 3rd party vulnerability issue CVE-2021-23463

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Fix - JS-1977 Remove H2 Test Project from Repository due to 3rd-party vulnerability issue CVE-2022-23221

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Activity

            People

              oh Oliver Haufe
              ap Andreas Püschel
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: