From 634404ba6d4f2935309c6c7dc9cf4f067966ce8a Mon Sep 17 00:00:00 2001 From: Will Mooreston <97046018+labkey-willm@users.noreply.github.com> Date: Thu, 1 May 2025 09:30:46 -0700 Subject: [PATCH 1/2] bump springboot etc and sqliteJdbcVersion for CVEs (#1055) * bump springboot etc for tomcat CVE-2025-31650 * bump sqliteJdbcVersion for CVE-2025-29087 --- gradle.properties | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gradle.properties b/gradle.properties index bd1f179029..98cb10ec30 100644 --- a/gradle.properties +++ b/gradle.properties @@ -99,7 +99,7 @@ apacheDirectoryVersion=2.1.7 apacheMinaVersion=2.2.4 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) -apacheTomcatVersion=10.1.39 +apacheTomcatVersion=10.1.40 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm @@ -289,11 +289,11 @@ slf4jLog4jApiVersion=2.0.16 snappyJavaVersion=1.1.10.7 # Also, update apacheTomcatVersion above to match Spring Boot's Tomcat dependency version -springBootVersion=3.4.1 +springBootVersion=3.4.5 # This usually matches the Spring Framework version dictated by springBootVersion -springVersion=6.2.1 +springVersion=6.2.6 -sqliteJdbcVersion=3.48.0.0 +sqliteJdbcVersion=3.49.1.0 # NLP and SAML bring stax2-api in as a transitive dependency but with very different versions. We force the later version. stax2ApiVersion=4.2.2 From a795a1abff1eacec7e31ec9e03cbe02521aedf53 Mon Sep 17 00:00:00 2001 From: Josh Eckels Date: Fri, 2 May 2025 09:23:52 -0700 Subject: [PATCH 2/2] Upgrade to ProtoBuf 3.25.6 (#1024) --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index cba52e55d3..74364c104b 100644 --- a/gradle.properties +++ b/gradle.properties @@ -157,7 +157,7 @@ googleAutoValueAnnotationsVersion=1.10.4 googleErrorProneAnnotationsVersion=2.33.0 googleHttpClientVersion=1.45.0 googleOauthClientVersion=1.36.0 -googleProtocolBufVersion=3.25.5 +googleProtocolBufVersion=3.25.6 graalVersion=24.1.1