H2 Vulnerability False Positive

Summary

Unused H2 Database libraries included in project distributions may cause vulnerability report false positives.

Details

Bloomreach Experience Manager (brXM) includes H2 Database to enable developers to quickly set up a development environment on their local machine. H2 is not supported in production environments, however some H2 libraries are packaged with brXM when creating a project distribution for deployment in a production environment. Despite being included in the distribution, these H2 libraries are never actually used.

When scanning your brXM implementation project for known vulnerabilities, H2-related vulnerabilities may be reported. These vulnerability reports are false positive because the included H2 libraries are never used or exposed in a production scenario. You can therefore ignore these vulnerability reports.

For more information, please contact your Bloomreach support contact.

Did you find this page helpful?

How could this documentation serve you better?

Did you find this page helpful?

How could this documentation serve you better?

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

H2 Vulnerability False Positive

Summary

Details

Did you find this page helpful?

On this page

Did you find this page helpful?