From 15ebb30a68f0aa7f544650e083be2ceacebc908a Mon Sep 17 00:00:00 2001
From: Trey Chadick <tchad@labkey.com>
Date: Mon, 18 Nov 2024 09:31:39 -0800
Subject: [PATCH 1/2] Update netty-common to 4.1.115.Final (#927)

https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index df2d7b6cdc..c10f478268 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -246,7 +246,7 @@ mssqlJdbcVersion=12.8.1.jre11
 mysqlDriverVersion=9.1.0
 
 # forced compatibility between docker and UserReg-WS
-nettyVersion=4.1.114.Final
+nettyVersion=4.1.115.Final
 
 objenesisVersion=1.0
 

From aec0270994a842b1e20faf5ed75667e7a394512d Mon Sep 17 00:00:00 2001
From: Trey Chadick <tchad@labkey.com>
Date: Mon, 18 Nov 2024 16:40:39 -0800
Subject: [PATCH 2/2] Ignore CVE false-positive for spring-web 6.1.14 (#928)

Only 5.3.0 - 5.3.41 are affected:
https://spring.io/security/cve-2024-38828
---
 dependencyCheckSuppression.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index 67b14dd54a..e38b2c81d9 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -369,5 +369,14 @@
     </suppress>
     <!-- end of glassfish false positive suppressions -->
 
+    <!-- False positive. Only 5.3.0 - 5.3.41 are affected:
+     https://spring.io/security/cve-2024-38828 -->
+    <suppress>
+        <notes><![CDATA[
+   file name: spring-web-6.1.14.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-38828</vulnerabilityName>
+    </suppress>
 </suppressions>