From 28c0520802aab5ef7158dd51a036a8d81b147a59 Mon Sep 17 00:00:00 2001 From: Will Mooreston Date: Wed, 30 Apr 2025 10:54:52 -0700 Subject: [PATCH 1/2] bump springboot etc for tomcat CVE-2025-31650 --- gradle.properties | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gradle.properties b/gradle.properties index bd1f179029..dabebb5e44 100644 --- a/gradle.properties +++ b/gradle.properties @@ -99,7 +99,7 @@ apacheDirectoryVersion=2.1.7 apacheMinaVersion=2.2.4 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) -apacheTomcatVersion=10.1.39 +apacheTomcatVersion=10.1.40 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm @@ -289,9 +289,9 @@ slf4jLog4jApiVersion=2.0.16 snappyJavaVersion=1.1.10.7 # Also, update apacheTomcatVersion above to match Spring Boot's Tomcat dependency version -springBootVersion=3.4.1 +springBootVersion=3.4.5 # This usually matches the Spring Framework version dictated by springBootVersion -springVersion=6.2.1 +springVersion=6.2.6 sqliteJdbcVersion=3.48.0.0 From c6a5318c9a3b805be754cc4d1b99c34ea71ad1a2 Mon Sep 17 00:00:00 2001 From: Will Mooreston Date: Wed, 30 Apr 2025 13:41:53 -0700 Subject: [PATCH 2/2] bump sqliteJdbcVersion for CVE-2025-29087 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index dabebb5e44..98cb10ec30 100644 --- a/gradle.properties +++ b/gradle.properties @@ -293,7 +293,7 @@ springBootVersion=3.4.5 # This usually matches the Spring Framework version dictated by springBootVersion springVersion=6.2.6 -sqliteJdbcVersion=3.48.0.0 +sqliteJdbcVersion=3.49.1.0 # NLP and SAML bring stax2-api in as a transitive dependency but with very different versions. We force the later version. stax2ApiVersion=4.2.2