From 777b32b6cdf8fef6e78ed7da6eeac38667075802 Mon Sep 17 00:00:00 2001
From: Adam Rauch <adam@labkey.com>
Date: Thu, 4 Dec 2025 07:17:18 -0800
Subject: [PATCH 1/2] Bump lz4 library to 1.8.1 (#271)

---
 tcrdb/build.gradle      | 9 +++++++++
 tcrdb/gradle.properties | 1 +
 2 files changed, 10 insertions(+)

diff --git a/tcrdb/build.gradle b/tcrdb/build.gradle
index 8218384ef..f22702e73 100644
--- a/tcrdb/build.gradle
+++ b/tcrdb/build.gradle
@@ -5,6 +5,15 @@ repositories {
    mavenCentral()
 }
 
+configurations.all {
+    resolutionStrategy {
+        // Related to: https://nvd.nist.gov/vuln/detail/CVE-2025-12183
+        dependencySubstitution {
+            substitute module('org.lz4:lz4-java') using module("at.yawk.lz4:lz4-java:${lz4Version}")
+        }
+    }
+}
+
 dependencies {
    BuildUtils.addLabKeyDependency(project: project, config: "implementation", depProjectPath: ":server:modules:DiscvrLabKeyModules:singlecell", depProjectConfig: "apiJarFile")
    BuildUtils.addLabKeyDependency(project: project, config: "implementation", depProjectPath: ":server:modules:DiscvrLabKeyModules:SequenceAnalysis", depProjectConfig: "apiJarFile")
diff --git a/tcrdb/gradle.properties b/tcrdb/gradle.properties
index 50708a527..a8367a182 100644
--- a/tcrdb/gradle.properties
+++ b/tcrdb/gradle.properties
@@ -1 +1,2 @@
+lz4Version=1.8.1
 repseqVersion=1.7.0
\ No newline at end of file

From e731d9490a0d013e783b1539c1a99b713fbcd81f Mon Sep 17 00:00:00 2001
From: Adam Rauch <adam@labkey.com>
Date: Thu, 11 Dec 2025 11:14:50 -0800
Subject: [PATCH 2/2] Latest version of lz4 (#276)

---
 tcrdb/gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcrdb/gradle.properties b/tcrdb/gradle.properties
index a8367a182..0e8bb0888 100644
--- a/tcrdb/gradle.properties
+++ b/tcrdb/gradle.properties
@@ -1,2 +1,2 @@
-lz4Version=1.8.1
+lz4Version=1.10.1
 repseqVersion=1.7.0
\ No newline at end of file