LabKey · github-actions · Oct 11, 2023 · Oct 4, 2023 · Oct 10, 2023 · Oct 11, 2023
diff --git a/build.gradle b/build.gradle
@@ -257,6 +257,8 @@ allprojects {
                     force "com.fasterxml.jackson.core:jackson-databind:${jacksonDatabindVersion}"
                     // The version of picard we depend on brings in an older version of htsjdk, but SequenceAnalysis depends on a later version
                     force "com.github.samtools:htsjdk:${htsjdkVersion}"
+                    // This is a dependency for HTSJDK. Force version for CVE-2023-43642
+                    force "org.xerial.snappy:snappy-java:${snappyJavaVersion}"
                     // Cloud module brings in earlier versions of this library, so we force the later one
                     force "org.apache.tika:tika-core:${tikaVersion}"
                     // OpenLDAPSync and premium have transitive dependency on a broken version of MINA

diff --git a/gradle.properties b/gradle.properties
@@ -279,7 +279,7 @@ slf4jLog4j12Version=2.0.7
 # this version is forced for compatibility with api, LDK, and workflow
 slf4jLog4jApiVersion=2.0.7
 
-# Force snappy-java version for CVE-2023-43642
+# This is a dependency for HTSJDK. Force version for CVE-2023-43642
 snappyJavaVersion=1.1.10.4
 
 springBootVersion=2.7.16