From 67f6681ba33d28f8cba7614f5ac34dd84f1f80b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=90=B4=E6=99=9F=20Wu=20Sheng?= <wu.sheng@foxmail.com>
Date: Fri, 7 Jan 2022 12:46:12 +0800
Subject: [PATCH] Upgrade H2 version to fix GHSA-h376-j262-vhq6 (#8396)

---
 CHANGES.md                                            | 2 +-
 dist-material/release-docs/LICENSE                    | 2 +-
 oap-server-bom/pom.xml                                | 2 +-
 tools/dependencies/known-oap-backend-dependencies.txt | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 0aa1be82a9..d79e773ec0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -20,7 +20,7 @@ Release Notes.
 * Add the analysis of metrics in Satellite MetricsService.
 * Fix `Can't split endpoint id into 2 parts` bug for endpoint ID. In the TCP in service mesh observability, endpoint
   name doesn't exist in TCP traffic.
-* Upgrade H2 version to 2.0.202 to fix CVE-2021-23463.
+* Upgrade H2 version to 2.0.206 to fix CVE-2021-23463 and GHSA-h376-j262-vhq6.
 * Extend column name override mechanism working for `ValueColumnMetadata`.
 * Introduce new concept `Layer` and removed `NodeType`. More details refer to [v9-version-upgrade](https://skywalking.apache.org/docs/main/latest/en/faq/v9-version-upgrade/).
 * Fix query sort metrics failure in H2 Storage.
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 1a0f185abb..9a0c80328d 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -381,7 +381,7 @@ MPL 2.0 licenses
 The following components are provided under a MPL 2.0 license. See project link for details.
 The text of each license is also included at licenses/LICENSE-[project].txt.
 
-    H2 Database 2.0.202: http://www.h2database.com/html/main.html , MPL 2.0 or EPL 1.0
+    H2 Database 2.0.206: http://www.h2database.com/html/main.html , MPL 2.0 or EPL 1.0
 
 ========================================
 CC0-1.0 licenses
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 04736bf409..1c7f915de6 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -34,7 +34,7 @@
         <graphql-java.version>8.0</graphql-java.version>
         <okhttp.version>3.14.9</okhttp.version>
         <httpclient.version>4.5.13</httpclient.version>
-        <h2.version>2.0.202</h2.version>
+        <h2.version>2.0.206</h2.version>
         <joda-time.version>2.10.5</joda-time.version>
         <zookeeper.version>3.5.7</zookeeper.version>
         <guava.version>28.1-jre</guava.version>
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
index 4f103efbb6..090f697a35 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -55,7 +55,7 @@ gson-2.8.6.jar
 gson-fire-1.8.5.jar
 guava-28.1-jre.jar
 guice-4.1.0.jar
-h2-2.0.202.jar
+h2-2.0.206.jar
 httpasyncclient-4.1.3.jar
 httpclient-4.5.13.jar
 httpcore-4.4.13.jar
-- 
GitLab