Merge 25.6 to develop

labkey-teamcity · labkey-teamcity · commit 6aae8072774d · 2025-06-18T09:35:03.000Z
diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
@@ -217,4 +217,13 @@
        <packageUrl regex="true">^pkg:maven/org\.itadaki/bzip2@.*$</packageUrl>
        <cve>CVE-2005-1260</cve>
     </suppress>
+
+    <!-- Related to the setting of channel binding as required, which is not relevant to us. -->
+    <suppress>
+        <notes><![CDATA[
+       file name: postgresql-42.7.4.jar
+       ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.postgresql/postgresql@.*$</packageUrl>
+        <vulnerabilityName>CVE-2025-49146</vulnerabilityName>
+    </suppress>
 </suppressions>
diff --git a/gradle.properties b/gradle.properties
@@ -263,6 +263,7 @@ poiVersion=5.4.0
 
 pollingWatchVersion=0.2.0
 
+# Newer versions of the driver have a perf degradation that's important for us. https://github.com/pgjdbc/pgjdbc/issues/3505
 postgresqlDriverVersion=42.7.4
 
 quartzVersion=2.5.0
@@ -288,7 +289,7 @@ snappyJavaVersion=1.1.10.7
 # Also, update apacheTomcatVersion above to match Spring Boot's Tomcat dependency version
 springBootVersion=3.5.0
 # This usually matches the Spring Framework version dictated by springBootVersion
-springVersion=6.2.7
+springVersion=6.2.8
 
 sqliteJdbcVersion=3.49.1.0
 
