From c68ab184d7c279866381c984d77c8cc91270be75 Mon Sep 17 00:00:00 2001 From: labkey-susanh Date: Fri, 13 Jun 2025 07:01:17 -0700 Subject: [PATCH 1/3] Suppress irrelevant CVE-2025-49146 --- dependencyCheckSuppression.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml index e05aa61253..0ec7e51890 100644 --- a/dependencyCheckSuppression.xml +++ b/dependencyCheckSuppression.xml @@ -217,4 +217,13 @@ ^pkg:maven/org\.itadaki/bzip2@.*$ CVE-2005-1260 + + + + + ^pkg:maven/org\.postgresql/postgresql@.*$ + CVE-2025-49146 + From 2887a7a2a8d2e99a9a8ab4c8dc05eba1ac08291b Mon Sep 17 00:00:00 2001 From: labkey-susanh Date: Fri, 13 Jun 2025 07:18:23 -0700 Subject: [PATCH 2/3] Go back to 42.7.4 to avoid performance degradation --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index e2e0549417..031eeeafe3 100644 --- a/gradle.properties +++ b/gradle.properties @@ -266,7 +266,7 @@ poiVersion=5.4.0 pollingWatchVersion=0.2.0 -postgresqlDriverVersion=42.7.7 +postgresqlDriverVersion=42.7.4 quartzVersion=2.5.0 From 224c9cd11efa493b38843946db7f883053675e4a Mon Sep 17 00:00:00 2001 From: labkey-susanh Date: Fri, 13 Jun 2025 09:51:03 -0700 Subject: [PATCH 3/3] Add comment --- gradle.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/gradle.properties b/gradle.properties index 031eeeafe3..3b79b8ac3e 100644 --- a/gradle.properties +++ b/gradle.properties @@ -266,6 +266,7 @@ poiVersion=5.4.0 pollingWatchVersion=0.2.0 +# Newer versions of the driver have a perf degradation that's important for us. https://github.com/pgjdbc/pgjdbc/issues/3505 postgresqlDriverVersion=42.7.4 quartzVersion=2.5.0