From ba1c3d6ddc765ac429f0b5032c62fb81efb565a1 Mon Sep 17 00:00:00 2001
From: Susan Hert <susanh@labkey.com>
Date: Thu, 26 Dec 2024 16:24:41 -0800
Subject: [PATCH] Version update and CVE suppression (#958)

---
 dependencyCheckSuppression.xml | 9 +++++++++
 gradle.properties              | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index e38b2c81d9..844103d7fe 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -378,5 +378,14 @@
         <packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
         <vulnerabilityName>CVE-2024-38828</vulnerabilityName>
     </suppress>
+
+    <!-- We don't use the sun.io.useCanonCaches setting referenced by this CVE.  -->
+    <suppress>
+        <notes><![CDATA[
+   file name: tomcat-catalina-10.1.34.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.tomcat/tomcat-catalina@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-56337</vulnerabilityName>
+    </suppress>
 </suppressions>
 
diff --git a/gradle.properties b/gradle.properties
index 94db979493..80cbb01e19 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -95,9 +95,9 @@ annotationsVersion=15.0
 antVersion=1.10.13
 
 #Unifying version used by DISCVR and Premium
-apacheDirectoryVersion=2.1.3
+apacheDirectoryVersion=2.1.7
 #Transitive dependency of Apache directory: 2.0.18 contains some regressions
-apacheMinaVersion=2.2.1
+apacheMinaVersion=2.2.4
 
 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below)
 apacheTomcatVersion=10.1.34