The current Derby version 10.14.2.0 provided by pax-jdbc contains a critical security vulnerability (CVE-2022-46337). We should update it to the latest version once we switch to Java 21 in the odlparent-14.
- relates to
-
ODLPARENT-309 Rework odl-karaf-feat-jdbc feature to be more lightweight
- In Progress
-
ODLPARENT-306 Exclude Apache Derby from build
- Resolved