From 5e24e59b867409d254c9384af294925af1454a7d Mon Sep 17 00:00:00 2001
From: labkey-susanh <susanh@labkey.com>
Date: Thu, 26 Dec 2024 12:58:20 -0800
Subject: [PATCH 1/2] Suppress CVE-2024-56337

---
 dependencyCheckSuppression.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index e38b2c81d9..844103d7fe 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -378,5 +378,14 @@
         <packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
         <vulnerabilityName>CVE-2024-38828</vulnerabilityName>
     </suppress>
+
+    <!-- We don't use the sun.io.useCanonCaches setting referenced by this CVE.  -->
+    <suppress>
+        <notes><![CDATA[
+   file name: tomcat-catalina-10.1.34.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat-catalina@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-56337</vulnerabilityName>
+    </suppress>
 </suppressions>
 

From 306472002942ff7bbeb4206f839ef733bf1bce2f Mon Sep 17 00:00:00 2001
From: labkey-susanh <susanh@labkey.com>
Date: Thu, 26 Dec 2024 12:59:52 -0800
Subject: [PATCH 2/2] Update Apache mina and directory versions for
 CVE-2024-52046

---
 gradle.properties | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index 94db979493..80cbb01e19 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -95,9 +95,9 @@ annotationsVersion=15.0
 antVersion=1.10.13
 
 #Unifying version used by DISCVR and Premium
-apacheDirectoryVersion=2.1.3
+apacheDirectoryVersion=2.1.7
 #Transitive dependency of Apache directory: 2.0.18 contains some regressions
-apacheMinaVersion=2.2.1
+apacheMinaVersion=2.2.4
 
 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below)
 apacheTomcatVersion=10.1.34