Merge 23.7 to 23.10

LabKey · Oct 10, 2023 · c13ad93 · c13ad93
2 parents 2419c8e + 3de6e24
commit c13ad93
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -257,6 +257,8 @@ allprojects {
                     force "com.fasterxml.jackson.core:jackson-databind:${jacksonDatabindVersion}"
                     // The version of picard we depend on brings in an older version of htsjdk, but SequenceAnalysis depends on a later version
                     force "com.github.samtools:htsjdk:${htsjdkVersion}"
+                    // This is a dependency for HTSJDK. Force version for CVE-2023-43642
+                    force "org.xerial.snappy:snappy-java:${snappyJavaVersion}"
                     // Cloud module brings in earlier versions of this library, so we force the later one
                     force "org.apache.tika:tika-core:${tikaVersion}"
                     // OpenLDAPSync and premium have transitive dependency on a broken version of MINA

diff --git a/gradle.properties b/gradle.properties
@@ -279,6 +279,9 @@ slf4jLog4j12Version=2.0.7
 # this version is forced for compatibility with api, LDK, and workflow
 slf4jLog4jApiVersion=2.0.7
 
+# This is a dependency for HTSJDK. Force version for CVE-2023-43642
+snappyJavaVersion=1.1.10.4
+
 springBootVersion=2.7.16
 # This MUST match the Tomcat version dictated by springBootVersion
 # Also, keep this in sync with apacheTomcatVersion above