Update h2 test database version #647
Conversation
|
VALUE is a reserved word in the SQL Standard and H2, it cannot be used as unquoted identifier. |
|
@willmostly @oneonestar please review |
|
We discussed this PR in the dev sync. Instead of updating the version of H2 and changing the SQL statements we think it would be better to get rid of H2 completely and migrate the tests to use PostgreSQL .. this would be consistent with the actual use and we already have such setups for other tests. The time savings from using H2 for testing are not worth the additional complexity and confusion and we will not support H2 as the production use database |
|
should i work on this ? |
should i work on this? @mosabua |
|
That would be good @Akanksha-kedia |
Description
The H2 Database Engine, a popular open-source relational database management system written in Java, has identified vulnerabilities that could be exploited by malicious actors. Below is a brief description and impact of these vulnerabilities:
Vulnerabilities:
CVE-2022-23221:
Impact: High - Can lead to complete control of the affected system.
CVE-2021-42392:
Impact: High - Can result in complete system compromise.
Context in Trino Gateway and applicability details from @mosabua:
"The H2 database is only used in testing and NOT included in the shipped binaries. There is therefore zero impact from these reported vulnerabilities and we could safely use the old version. However for code quality and cleanness reasons we will update the version."
Additional context and related issues
Release notes
(x) This is not user-visible or is docs only, and no release notes are required.