From 8f7c30e95ec78797a31e3ee335dbcd8b3827b75f Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Fri, 1 May 2026 16:46:52 -0700 Subject: [PATCH 1/6] Update Apache Mina & Spring to the latest versions (#1359) --- gradle.properties | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gradle.properties b/gradle.properties index 4c59a7fa57..b593a0b65f 100644 --- a/gradle.properties +++ b/gradle.properties @@ -96,8 +96,8 @@ antlrST4Version=4.3.4 #Unifying version used by DISCVR and Premium apacheDirectoryVersion=2.1.7 -#Transitive dependency of Apache directory: 2.0.18 contains some regressions -apacheMinaVersion=2.2.5 +#Transitive dependency of Apache directory +apacheMinaVersion=2.2.7 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) apacheTomcatVersion=11.0.21 @@ -294,9 +294,9 @@ slf4jLog4jApiVersion=2.0.17 snappyJavaVersion=1.1.10.8 # Also, update apacheTomcatVersion above to match Spring Boot's Tomcat dependency version -springBootVersion=4.0.5 +springBootVersion=4.0.6 # This usually matches the Spring Framework version dictated by springBootVersion -springVersion=7.0.6 +springVersion=7.0.7 springAiVersion=2.0.0-M4 sqliteJdbcVersion=3.51.1.0 From dc0d1e5a1f4063e436f19b2eb2f6880ce37bc3fc Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Mon, 4 May 2026 14:26:11 -0700 Subject: [PATCH 2/6] Update PostgreSQL JDBC driver (#1360) --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index b593a0b65f..b6c45444f6 100644 --- a/gradle.properties +++ b/gradle.properties @@ -271,7 +271,7 @@ poiVersion=5.4.0 pollingWatchVersion=0.2.0 -postgresqlDriverVersion=42.7.9 +postgresqlDriverVersion=42.7.11 quartzVersion=2.5.2 From e17e4f142bb2ec81fb3206283ace3a7d8c14cece Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Mon, 4 May 2026 17:53:11 -0700 Subject: [PATCH 3/6] Upgrade to Spring AI 2.0.0-M5 (#1352) * Upgrade to Spring AI 2.0.0-M5 * Bump Spring Framework and Spring Boot as well --- build.gradle | 3 --- gradle.properties | 5 +---- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/build.gradle b/build.gradle index a5224c25f8..43d3040ee6 100644 --- a/build.gradle +++ b/build.gradle @@ -352,9 +352,6 @@ allprojects { force "org.springframework:spring-messaging:${springVersion}" force "org.springframework:spring-webflux:${springVersion}" - // spring-ai dependency. Force to mitigate a CVE. - force "io.modelcontextprotocol.sdk:mcp:${modelContextProtocolVersion}" - // Force consistency between pipeline's ActiveMQ and cloud's jClouds dependencies force "javax.annotation:javax.annotation-api:${javaxAnnotationVersion}" diff --git a/gradle.properties b/gradle.properties index b6c45444f6..8d4400135b 100644 --- a/gradle.properties +++ b/gradle.properties @@ -252,9 +252,6 @@ lombokVersion=1.18.42 luceneVersion=10.3.2 -# Spring-AI dependency that's showing a CVE -modelContextProtocolVersion=1.1.1 - mssqlJdbcVersion=13.2.1.jre11 objenesisVersion=1.0 @@ -297,7 +294,7 @@ snappyJavaVersion=1.1.10.8 springBootVersion=4.0.6 # This usually matches the Spring Framework version dictated by springBootVersion springVersion=7.0.7 -springAiVersion=2.0.0-M4 +springAiVersion=2.0.0-M5 sqliteJdbcVersion=3.51.1.0 From bac40d291115222068047598ce5ece7b759ef245 Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Thu, 7 May 2026 16:23:18 -0700 Subject: [PATCH 4/6] Update log4j2 (#1366) --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 8d4400135b..385ec07d85 100644 --- a/gradle.properties +++ b/gradle.properties @@ -246,7 +246,7 @@ jxlVersion=2.6.3 kaptchaVersion=2.3 -log4j2Version=2.25.4 +log4j2Version=2.26.0 lombokVersion=1.18.42 From 3ed81492911699dc9591e054d73d0b42ead96d9f Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Wed, 13 May 2026 11:47:50 -0700 Subject: [PATCH 5/6] Update Spring AI and Tomcat dependencies (#1374) --- gradle.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gradle.properties b/gradle.properties index 385ec07d85..b5ba586dce 100644 --- a/gradle.properties +++ b/gradle.properties @@ -100,7 +100,7 @@ apacheDirectoryVersion=2.1.7 apacheMinaVersion=2.2.7 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) -apacheTomcatVersion=11.0.21 +apacheTomcatVersion=11.0.22 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm @@ -294,7 +294,7 @@ snappyJavaVersion=1.1.10.8 springBootVersion=4.0.6 # This usually matches the Spring Framework version dictated by springBootVersion springVersion=7.0.7 -springAiVersion=2.0.0-M5 +springAiVersion=2.0.0-M6 sqliteJdbcVersion=3.51.1.0 From 1bd160cabbed5719c8e09dcec0ade20b52549800 Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Thu, 14 May 2026 10:14:58 -0700 Subject: [PATCH 6/6] Update Netty (#1376) --- gradle.properties | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/gradle.properties b/gradle.properties index 037fddd143..d50ccd41cd 100644 --- a/gradle.properties +++ b/gradle.properties @@ -262,12 +262,10 @@ microsoftGraphVersion=6.59.0 mssqlJdbcVersion=13.4.0.jre11 # Netty - transitive dependency via azure-core-http-netty; force for CVE-2026-33871, CVE-2026-33870 -nettyVersion=4.2.12.Final +nettyVersion=4.2.13.Final # Reactor - transitive dependency via azure-core; force for version consistency across modules reactorCoreVersion=3.8.1 -mssqlJdbcVersion=13.2.1.jre11 - objenesisVersion=1.0 opencsvVersion=2.3