CVE-2021-23463

[Ben Shapiro]

We were doing a security audit and found this vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463).  Maven shows that all build less than 2.0.202 are effected by this vulnerability, but when I researched it, I found that is has to do with the JdbcSQLXML class object that is used in the JdbcResultSet.getSQLXML method.

This method was defined as unsupported in all builds prior to 1.4.198, and the associated JdbcSQLXML class is not found in any earlier builds.

How would we go about getting the vulnerability removed from Maven for the older builds of H2 as it does not really effect them?

Thanks,

Ben Shapiro