Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.de/users/lan/statuses/110734380711807803">alan (lan@mastodon.de)'s status on Thursday, 20-Jul-2023 05:32:43 JST</a><a href="https://mastodon.de/@lan" title="lan@mastodon.de"><img src="https://gnusocial.jp/avatar/151061-48-20230719203241.webp" width="48" height="48" alt="alan" style="position: absolute; left: 0; top: 0;">alan</a></section><article><p>lol 😅 <a href="https://github.com/h2database/h2database/issues/3686" rel="nofollow noreferrer">https://github.com/h2database/h2database/issues/3686</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1818296#notice-3566694">In conversation</a><time datetime="2023-07-20T05:32:43+09:00" title="Thursday, 20-Jul-2023 05:32:43 JST">Thursday, 20-Jul-2023 05:32:43 JST</time> <span>from <span><a href="https://mastodon.de/@lan/110734380711807803" rel="external" title="Sent from mastodon.de via ActivityPub">mastodon.de</a></span></span><a href="https://mastodon.de/@lan/110734380711807803">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1283233">A screenshot of a GitHub issue comment thread that reads: enaiel commented on Feb 28:@grandinj I hope you do realize that if this CVE stays, it would be the end of the use of H2 database by major corporations. We would all need to find alternate solutions and exit H2 within the next 6 months. Please reconsider.MostAwesomeDude reacted with thumbs up emoji
yuvipanda, ThatOneCalculator, and nullchilly reacted with hooray emoji
awoo-civ, fuomag9, ThatOneCalculator, nullchilly, and siranweb reacted with confused emojigrandinj commented on Feb 28:I struggle to understand why I should feel the slightest shred of sympathy for "major corporations" that are using a volunteer-developed open-source project.
Feel free to get your corporation to pay someone to deal with this, or pay for a similar commercial library.</a></label><br><a href="https://mastodon.de/system/media_attachments/files/110/734/373/555/171/394/original/afb5e1898970742a.jpg" rel="external">https://mastodon.de/system/media_attachments/files/110/734/373/555/171/394/original/afb5e1898970742a.jpg</a></li><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/h2database/h2database/issues/3686">CVE-2022-45868: Password exposure in H2 Database (not an issue) · Issue #3686 · h2database/h2database</a></h5><div></div></header><div>Dependabot and org.owasp:dependency-check-maven have been reporting CVE-2022-45868 (see GHSA-22wj-vf5f-wrvj) to me. I didn't find this CVE referenced from any issue in the issue tracker here, so I'...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
alan (lan@mastodon.de)'s status on Thursday, 20-Jul-2023 05:32:43 JST alan
lol 😅 https://github.com/h2database/h2database/issues/3686
In conversationThursday, 20-Jul-2023 05:32:43 JST from mastodon.depermalink
Attachments
1. A screenshot of a GitHub issue comment thread that reads: enaiel commented on Feb 28: @grandinj I hope you do realize that if this CVE stays, it would be the end of the use of H2 database by major corporations. We would all need to find alternate solutions and exit H2 within the next 6 months. Please reconsider. MostAwesomeDude reacted with thumbs up emoji yuvipanda, ThatOneCalculator, and nullchilly reacted with hooray emoji awoo-civ, fuomag9, ThatOneCalculator, nullchilly, and siranweb reacted with confused emoji grandinj commented on Feb 28: I struggle to understand why I should feel the slightest shred of sympathy for "major corporations" that are using a volunteer-developed open-source project. Feel free to get your corporation to pay someone to deal with this, or pay for a similar commercial library.
  https://mastodon.de/system/media_attachments/files/110/734/373/555/171/394/original/afb5e1898970742a.jpg
2. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  CVE-2022-45868: Password exposure in H2 Database (not an issue) · Issue #3686 · h2database/h2database
  Dependabot and org.owasp:dependency-check-maven have been reporting CVE-2022-45868 (see GHSA-22wj-vf5f-wrvj) to me. I didn't find this CVE referenced from any issue in the issue tracker here, so I'...

Public

Embed Notice

HTML Code

Corresponding Notice