Metabase has issued an urgent advisory to upgrade installations immediately due to a series of critical vulnerabilities associated with the H2 in-memory database, which allows a connection string to execute code. The vulnerabilities were discovered by independent security researchers, leading to the decision to remove H2 support entirely from Metabase, as continuing to patch over the insecure core was deemed irresponsible. Users are advised to upgrade to the latest patched versions, with specific instructions provided for both self-hosted and Metabase Cloud environments. Metabase acknowledges the contributions of researchers from AssetNote, Chaitin Security Response Institute, and Calif.io for uncovering these vulnerabilities, emphasizing the importance of community efforts in maintaining the security of open-source software. Users still utilizing H2 are strongly encouraged to migrate their databases to more secure alternatives.