Merge 25.6 to develop

labkey-teamcity · labkey-teamcity · commit 1937cf234a6c · 2025-06-11T08:26:18.000Z
diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
@@ -185,4 +185,36 @@
         <packageUrl regex="true">^pkg:maven/org\.labkey\.api/labkey-client-api@.*$</packageUrl>
         <cve>CVE-2019-3913</cve>
     </suppress>
+
+    <!-- False positive - mxparser is not XStream -->
+    <suppress>
+        <notes><![CDATA[
+    file name: mxparser-1.2.2.jar
+    ]]></notes>
+        <packageUrl regex="true">^pkg:maven/io\.github\.x-stream/mxparser@.*$</packageUrl>
+        <cpe>cpe:/a:xstream:xstream</cpe>
+    </suppress>
+    
+    <!-- False positives - bzip2 from a different source -->
+    <suppress>
+       <notes><![CDATA[
+       file name: bzip2-0.9.1.jar
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/org\.itadaki/bzip2@.*$</packageUrl>
+       <cve>CVE-2019-12900</cve>
+    </suppress>
+    <suppress>
+       <notes><![CDATA[
+       file name: bzip2-0.9.1.jar
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/org\.itadaki/bzip2@.*$</packageUrl>
+       <cve>CVE-2010-0405</cve>
+    </suppress>
+    <suppress>
+       <notes><![CDATA[
+       file name: bzip2-0.9.1.jar
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/org\.itadaki/bzip2@.*$</packageUrl>
+       <cve>CVE-2005-1260</cve>
+    </suppress>
 </suppressions>
diff --git a/gradle.properties b/gradle.properties
@@ -121,7 +121,7 @@ commonmarkVersion=0.24.0
 
 # the beanutils version is not the default version brought from commons-validator and/or commons-digester
 # in the :server:api module but is required for some of our code to compile
-commonsBeanutilsVersion=1.10.1
+commonsBeanutilsVersion=1.11.0
 commonsCodecVersion=1.18.0
 commonsCollections4Version=4.5.0
 commonsCollectionsVersion=3.2.2
diff --git a/server/configs/application.properties b/server/configs/application.properties
@@ -58,6 +58,7 @@ context.encryptionKey=@@encryptionKey@@
 #context.additionalWebapps.firstContextPath=/my/webapp/path
 #context.additionalWebapps.secondContextPath=/my/other/webapp/path
 
+#context.externalModules=/path/to/external/modules/dir
 #context.requiredModules=
 #context.pipelineConfig=/path/to/pipeline/config/dir
 #context.serverGUID=
diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
@@ -441,6 +441,8 @@ public static class ContextProperties
         private String contextPath = "";
         private String pipelineConfig;
         private String requiredModules;
+        /** Path to external modules directory */
+        private String externalModules;
         private boolean bypass2FA = false;
         private String serverGUID;
         private Integer httpPort;
@@ -586,6 +588,16 @@ public void setRequiredModules(String requiredModules)
             this.requiredModules = requiredModules;
         }
 
+        public String getExternalModules()
+        {
+            return externalModules;
+        }
+
+        public void setExternalModules(String externalModules)
+        {
+            this.externalModules = externalModules;
+        }
+
         public boolean isBypass2FA()
         {
             return bypass2FA;
diff --git a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java
@@ -175,6 +175,11 @@ protected TomcatWebServer getTomcatWebServer(Tomcat tomcat)
                 {
                     context.addParameter("requiredModules", contextProperties.getRequiredModules());
                 }
+                if (contextProperties.getExternalModules() != null)
+                {
+                    // We've long supported configuring this via a system property so propagate the value
+                    System.setProperty("labkey.externalModulesDir", contextProperties.getExternalModules());
+                }
                 if (contextProperties.getPipelineConfig() != null)
                 {
                     context.addParameter("org.labkey.api.pipeline.config", contextProperties.getPipelineConfig());

Original file line number	Diff line number	Diff line change
`@@ -175,6 +175,11 @@ protected TomcatWebServer getTomcatWebServer(Tomcat tomcat)`
`175`	`175`	`{`
`176`	`176`	`context.addParameter("requiredModules", contextProperties.getRequiredModules());`
`177`	`177`	`}`
	`178`	`+ if (contextProperties.getExternalModules() != null)`
	`179`	`+ {`
	`180`	`+ // We've long supported configuring this via a system property so propagate the value`
	`181`	`+ System.setProperty("labkey.externalModulesDir", contextProperties.getExternalModules());`
	`182`	`+ }`
`178`	`183`	`if (contextProperties.getPipelineConfig() != null)`
`179`	`184`	`{`
`180`	`185`	`context.addParameter("org.labkey.api.pipeline.config", contextProperties.getPipelineConfig());`