From b2aa5a6c41dcb58496a561c5993cdd7e736c02df Mon Sep 17 00:00:00 2001
From: Josh Eckels <jeckels@labkey.com>
Date: Mon, 1 Sep 2025 16:55:59 -0700
Subject: [PATCH 1/2] Update tika version (#1163)

* Resolve Tika backport conflicts

* More dependency version bumps

* New JSoup needed for correct HTML indexing

---------

Co-authored-by: Marty Pradere <martyp@labkey.com>
---
 gradle.properties | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index af769e688a..2d202c4458 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -104,7 +104,7 @@ apacheTomcatVersion=10.1.44
 # (mothership) -> json-path -> json-smart -> accessor-smart
 # (core) -> graalvm
 # tika
-asmVersion=9.7.1
+asmVersion=9.8
 
 # Apache Batik -- Batik version needs to be compatible with Apache FOP, but we need to pull in batik-codec separately
 batikVersion=1.18
@@ -125,7 +125,7 @@ commonsBeanutilsVersion=1.11.0
 commonsCodecVersion=1.17.1
 commonsCollections4Version=4.4
 commonsCollectionsVersion=3.2.2
-commonsCompressVersion=1.27.1
+commonsCompressVersion=1.28.0
 commonsDbcpVersion=1.4
 commonsDigesterVersion=1.8.1
 commonsDiscoveryVersion=0.2
@@ -230,7 +230,7 @@ jsr305Version=3.0.2
 
 orgJsonVersion=20250107
 
-jsoupVersion=1.18.3
+jsoupVersion=1.21.1
 
 junitVersion=4.13.2
 
@@ -259,7 +259,7 @@ opencsvVersion=2.3
 openTracingVersion=0.33.0
 
 # sync with version Tika ships
-pdfboxVersion=3.0.3
+pdfboxVersion=3.0.4
 
 # sync with version Tika ships
 poiVersion=5.4.0
@@ -282,9 +282,9 @@ romeVersion=2.1.0
 servletApiVersion=6.0.0
 
 # this version is forced for compatibility with pipeline and tika
-slf4jLog4j12Version=2.0.16
+slf4jLog4j12Version=2.0.17
 # this version is forced for compatibility with api, LDK, and workflow
-slf4jLog4jApiVersion=2.0.16
+slf4jLog4jApiVersion=2.0.17
 
 # This is a dependency for HTSJDK. Force version for CVE-2023-43642
 snappyJavaVersion=1.1.10.7
@@ -302,7 +302,7 @@ stax2ApiVersion=4.2.2
 thumbnailatorVersion=0.4.20
 
 # used for tika-core in API and tika-parsers in search
-tikaVersion=3.0.0
+tikaVersion=3.2.2
 
 # sync with Tika
 tukaaniXZVersion=1.10

From 32ca4139e04817c8e9662c9f98f2374fedc1ba0f Mon Sep 17 00:00:00 2001
From: Will Mooreston <97046018+labkey-willm@users.noreply.github.com>
Date: Fri, 5 Sep 2025 14:46:05 -0700
Subject: [PATCH 2/2] bump Netty version for CVE-2025-58057 (#1176)

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index 8e5966d107..dc87d30952 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -247,7 +247,7 @@ luceneVersion=9.12.2
 mssqlJdbcVersion=12.10.1.jre11
 
 # force for docker
-nettyVersion=4.2.2.Final
+nettyVersion=4.2.5.Final
 
 objenesisVersion=1.0