Open dneufeldcu opened 5 years ago
Possibly related note: I had trouble deploying api-metadata to a tomcat container with the context path /onestop/admin because of way liquibase and spring tried to resolve the URLs for the migration files, and the way that tomcat handles paths (it creates a directory named onestop#admin, and the # does not appear to place nicely as a URL component. At least I believe that was the issue).
So that's something to keep an eye on as we work on removing the h2 owasp problem.
Postgres driver also has CVEs, we don't know what to do!
Plan to explore some other in-memory options, otherwise we plan to just remove h2.
Finished PR #849 to change the H2 dependency. This issue is being left open until we revisit the ICAM security and verify everything is working again (deliberately dropped for the 2.1 release)
Context: H2 was used as authz support for ICAM based metadata upload.
We have two options: