Latest News

the latest news from our team

Home JavaJNDI vulnerability in H2 database consoles
11
January, 2022
#H2 #H2 Java Database #Java #JNDI #Log4j #Security

JNDI vulnerability in H2 database consoles

By: /
With: No Comments /
In: Java

A vulnerability similar to Log4j has been reported, a JNDI-based vulnerability in the H2 database console.

The .jar file in question is used in some eFORMz implementations. There are several ways to mitigate this vulnerability:

  • Do not open unnecessary TCP ports to the internet.
  • Remove the H2 jar file if present and not used.
  • Update to the latest h2 (http://www.h2database.com/html/download.html) 2.0.206
  • Ensure your settings do not start unused features.

Please contact Minisoft Support (support@minisoft.com) to schedule a checkup.

Upgrading the database

Upgrading the database, a backup with the old version and restoring with a new version needs to happen. For more information: http://www.h2database.com/html/tutorial.html#upgrade_backup_restore

If you replace the h2 jar file without doing an upgrade to the database, you get the following message when connecting in the console or Composer:

General error: “The write format 1 is smaller than the supported format 2 [2.1.210/5]” [50000-210] HY000/50000 (Help)

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *