From b27445ee1e8a89b18214374a4bc028f67d90bc7a Mon Sep 17 00:00:00 2001 From: labkey-susanh Date: Mon, 2 Jun 2025 13:26:29 -0700 Subject: [PATCH 1/2] Upgrade to Apache Tomcat 10.1.41 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index d08eea9569..031eeeafe3 100644 --- a/gradle.properties +++ b/gradle.properties @@ -99,7 +99,7 @@ apacheDirectoryVersion=2.1.7 apacheMinaVersion=2.2.4 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) -apacheTomcatVersion=10.1.40 +apacheTomcatVersion=10.1.41 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm From c46c450d697866cfe876d08f0741b19c5cfab83d Mon Sep 17 00:00:00 2001 From: labkey-susanh Date: Tue, 3 Jun 2025 10:55:32 -0700 Subject: [PATCH 2/2] Suppress false positive CVEs from bzip2 library --- dependencyCheckSuppression.xml | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml index 5f8f9d157b..e05aa61253 100644 --- a/dependencyCheckSuppression.xml +++ b/dependencyCheckSuppression.xml @@ -194,5 +194,27 @@ ^pkg:maven/io\.github\.x-stream/mxparser@.*$ cpe:/a:xstream:xstream - + + + + + ^pkg:maven/org\.itadaki/bzip2@.*$ + CVE-2019-12900 + + + + ^pkg:maven/org\.itadaki/bzip2@.*$ + CVE-2010-0405 + + + + ^pkg:maven/org\.itadaki/bzip2@.*$ + CVE-2005-1260 +