LabKey · labkey-martyp · Aug 20, 2025 · Aug 21, 2025 · Aug 21, 2025
diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
@@ -248,4 +248,14 @@
        <packageUrl regex="true">^pkg:maven/com\.google\.code\.gson/gson@.*$</packageUrl>
        <vulnerabilityName>CVE-2025-53864</vulnerabilityName>
     </suppress>
+
+    <!-- Old version of protobuf brought in as a transitive dependency in Sequence Analysis module. Currently no way to force upgrade.   -->
+    <suppress>
+        <notes><![CDATA[
+        file name: protobuf-java-util-3.23.2.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-java-util@.*$</packageUrl>
+        <cve>CVE-2024-7254</cve>
+    </suppress>
+
 </suppressions>