From 3de6e24f78ba2e93abb000e9bf7412d251ed1ca1 Mon Sep 17 00:00:00 2001
From: Will Mooreston <97046018+labkey-willm@users.noreply.github.com>
Date: Wed, 4 Oct 2023 09:47:02 -0700
Subject: [PATCH] force snappy-java version for CVE-2023-43642 (#581)

---
 build.gradle      | 2 +-
 gradle.properties | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index e062ce2f18..d91a25b770 100644
--- a/build.gradle
+++ b/build.gradle
@@ -251,7 +251,7 @@ allprojects {
                     force "com.fasterxml.jackson.core:jackson-databind:${jacksonDatabindVersion}"
                     // The version of picard we depend on brings in an older version of htsjdk, but SequenceAnalysis depends on a later version
                     force "com.github.samtools:htsjdk:${htsjdkVersion}"
-                    // This is a dependency for HTSJDK. Force to avoid a deserialization problem. Remove once HTSJDK bumps its preferred version
+                    // This is a dependency for HTSJDK. Force to avoid a deserialization problem. Remove once HTSJDK bumps its preferred version.
                     force "org.xerial.snappy:snappy-java:${snappyJavaVersion}"
                     // Cloud module brings in earlier versions of this library, so we force the later one
                     force "org.apache.tika:tika-core:${tikaVersion}"
diff --git a/gradle.properties b/gradle.properties
index 9524b08f5d..dc6a4a996e 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -274,7 +274,7 @@ slf4jLog4j12Version=2.0.7
 slf4jLog4jApiVersion=2.0.7
 
 # This is a dependency for HTSJDK. Force to avoid a deserialization problem. Remove once HTSJDK bumps its preferred version
-snappyJavaVersion=1.1.10.1
+snappyJavaVersion=1.1.10.4
 
 springBootVersion=2.7.16
 # This MUST match the Tomcat version dictated by springBootVersion