Security Vulnerability CVE-2020-6230

Versions of OrientDB prior to 3.0.29 have a security vulnerability in the default JavaScript engine.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6230

Since 3.0.29 the JavaScript engine has been sandboxed so that only explicitly defined classes are allowed to be used.

In orientdb-server-config.xml:

       <handler
                class="com.orientechnologies.orient.server.handler.OServerSideScriptInterpreter">
            <parameters>
                <parameter name="enabled" value="true"/>
                <parameter name="allowedLanguages" value="SQL"/>
                <!--  Comma separated packages  allowed in JS scripts eg. java.math.*, java.util.ArrayList -->
                <parameter name="allowedPackages" value="com.orientechnologies.orient.core.security.OSecurityManager"/>
            </parameters>
        </handler>