Security Vulnerability CVE-2020-6230

Versions of OrientDB prior to 3.0.29 have a security vulnerability in the default JavaScript engine.

Since 3.0.29 the JavaScript engine has been sandboxed so that only explicitly defined classes are allowed to be used.

In orientdb-server-config.xml:

                <parameter name="enabled" value="true"/>
                <parameter name="allowedLanguages" value="SQL"/>
                <!--  Comma separated packages  allowed in JS scripts eg. java.math.*, java.util.ArrayList -->
                <parameter name="allowedPackages" value=""/>