From 7761872a6e8bd8b44f98d419b1669527b37f4ad7 Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Thu, 25 Jun 2026 14:38:14 -0400 Subject: [PATCH 1/5] MLE-30953 --- build.gradle | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build.gradle b/build.gradle index 1b494c88d..99f178e21 100644 --- a/build.gradle +++ b/build.gradle @@ -18,6 +18,9 @@ subprojects { resolutionStrategy { // Forcing the latest commons-lang3 version to eliminate CVEs. force "org.apache.commons:commons-lang3:3.20.0" + // Forcing the OpenTelemetry version to eliminate CVEs. + force "io.opentelemetry:opentelemetry-api:1.62.0" + force "io.opentelemetry:opentelemetry-context:1.62.0" } } } From 0e8005560e05cd4d0fe6cf7a474932b831648380 Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Thu, 25 Jun 2026 15:05:45 -0400 Subject: [PATCH 2/5] MLE-30952 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 1065a0023..8213e4b39 100644 --- a/gradle.properties +++ b/gradle.properties @@ -8,7 +8,7 @@ okhttpVersion=5.3.2 jacksonVersion=2.21.1 junitVersion=6.0.3 -logbackVersion=1.5.32 +logbackVersion=1.5.35 # Defined at this level so that they can be set as system properties and used by the marklogic-client-api and test-app # project From 9e2ebed37a8d6e1d18698dc531f1ea51684aef6d Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Mon, 29 Jun 2026 13:56:17 -0400 Subject: [PATCH 3/5] MLE-30953 Kotlin upgrade Upgraded Kotlin to resolve opentelemetry java vulnerability --- build.gradle | 3 --- ml-development-tools/build.gradle | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/build.gradle b/build.gradle index 99f178e21..1b494c88d 100644 --- a/build.gradle +++ b/build.gradle @@ -18,9 +18,6 @@ subprojects { resolutionStrategy { // Forcing the latest commons-lang3 version to eliminate CVEs. force "org.apache.commons:commons-lang3:3.20.0" - // Forcing the OpenTelemetry version to eliminate CVEs. - force "io.opentelemetry:opentelemetry-api:1.62.0" - force "io.opentelemetry:opentelemetry-context:1.62.0" } } } diff --git a/ml-development-tools/build.gradle b/ml-development-tools/build.gradle index 294969679..89238f06b 100644 --- a/ml-development-tools/build.gradle +++ b/ml-development-tools/build.gradle @@ -9,7 +9,7 @@ plugins { id 'maven-publish' id "com.gradle.plugin-publish" version "1.2.1" id "java-gradle-plugin" - id 'org.jetbrains.kotlin.jvm' version '2.2.21' + id 'org.jetbrains.kotlin.jvm' version '2.4.0' } dependencies { @@ -23,7 +23,7 @@ dependencies { // additional work during development, though we rarely modify the code in this plugin anymore. implementation "com.marklogic:marklogic-client-api:${version}" - implementation 'org.jetbrains.kotlin:kotlin-stdlib:2.2.21' + implementation 'org.jetbrains.kotlin:kotlin-stdlib:2.4.0' implementation "com.fasterxml.jackson.module:jackson-module-kotlin:${jacksonVersion}" // Sticking with this older version for now as the latest 1.x version introduces breaking changes. From 067c0c5d65a09c0fe3625879ede7cb0c0a4cdfc4 Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Mon, 29 Jun 2026 13:58:50 -0400 Subject: [PATCH 4/5] MLE-30952 Update logback to 1.5.37 for newer version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 8213e4b39..3a3c1bb65 100644 --- a/gradle.properties +++ b/gradle.properties @@ -8,7 +8,7 @@ okhttpVersion=5.3.2 jacksonVersion=2.21.1 junitVersion=6.0.3 -logbackVersion=1.5.35 +logbackVersion=1.5.37 # Defined at this level so that they can be set as system properties and used by the marklogic-client-api and test-app # project From 5a6651d1787770bc372f7df70a4868523a653e45 Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Mon, 29 Jun 2026 14:17:48 -0400 Subject: [PATCH 5/5] MLE-30968 Bump JacksonVersion to 2.22.0 Bump jacksonVersion from 2.21.1 to 2.22.0 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 3a3c1bb65..a04d077cb 100644 --- a/gradle.properties +++ b/gradle.properties @@ -5,7 +5,7 @@ publishUrl=file:../marklogic-java/releases okhttpVersion=5.3.2 # See https://github.com/FasterXML/jackson for more information on the Jackson libraries. -jacksonVersion=2.21.1 +jacksonVersion=2.22.0 junitVersion=6.0.3 logbackVersion=1.5.37