Skip to main content
Common Reference

Various CVE's within derby.jar

Known Issue

Affecting versions up to 8.0.3.

The following vulnerabilities have been identified in the derby.jar library shipped with Tungsten up to, and including, 8.0.3:

  • CVE-2022-46337
  • CVE-2018-1313

The derby.jar library is only used internally for testing and not required for operational installations, therefore the file can simply be removed.

shell> cd /opt/continuent/software/tungsten-replicator-8.0.4-132/tungsten-replicator/lib-ext
shell> rm derby.jar
shell> cd /opt/continuent/tungsten/tungsten-replicator/lib-ext
shell> rm derby.jar[object Object]