From 46b5a08135c3c4818a2837bb289c8337123a3966 Mon Sep 17 00:00:00 2001
From: Thierry Boileau <thierry.boileau@qlik.com>
Date: Thu, 11 Jun 2026 21:00:52 +0200
Subject: [PATCH 1/2] Issue #1510: Upgrade libraries to fix CVEs

---
 changes.md | 13 ++++++++++++-
 pom.xml    | 24 ++++++++++++------------
 2 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/changes.md b/changes.md
index fe8b5e7b23..dc7acdb9d9 100644
--- a/changes.md
+++ b/changes.md
@@ -7,6 +7,17 @@ Changes log
         - Complete test classes. Issue #1490.
         - Deprecate the implementations of the clone method. Issue #1498.
         - Avoid non-short-circuit logic in FileClientHelper. Issue #1495. 
+    - Misc
+        - Upgraded Gson library to 2.14.0.
+        - Upgraded GWT library to 2.13.0.
+        - Upgraded Jackson library to 2.19.4.
+        - Upgraded JaxB runtime library to 4.0.9.
+        - Upgraded JaxB API library to 4.0.5.
+        - Upgraded Jetty library to version 12.1.10.
+        - Upgraded Joda-Time library to 2.14.2.
+        - Upgraded Slf4j library to 2.0.28.
+        - Upgraded Spring library to 6.2.19.
+        - Upgraded Thymeleaf library to 3.1.5.RELEASE.
 
 - 2.6.0 (29-06-2025)
 
@@ -14,7 +25,7 @@ Changes log
     - Misc
         - Upgraded to Jakarta EE 10
           - JAXB to 4.0.0
-          - Servlet API to 6.0.0 
+          - Servlet API to 6.0.0
         - Upgraded Gson library to 2.13.1.
         - Upgraded Jackson library to 2.19.1.
         - Upgraded Jetty library to version 12.0.22.
diff --git a/pom.xml b/pom.xml
index a21eec6d11..d7a0652d57 100644
--- a/pom.xml
+++ b/pom.xml
@@ -51,27 +51,27 @@
 
         <!-- dependencies -->
         <lib-freemarker-version>2.3.34</lib-freemarker-version>
-        <lib-gson-version>2.13.1</lib-gson-version>
+        <lib-gson-version>2.14.0</lib-gson-version>
         <lib-guice-version>7.0.0</lib-guice-version>
-        <lib-gwt-version>2.12.2</lib-gwt-version>
-        <lib-gwt-server-version>2.12.2</lib-gwt-server-version>
+        <lib-gwt-version>2.13.0</lib-gwt-version>
+        <lib-gwt-server-version>2.13.0</lib-gwt-server-version>
         <lib-istack-version>3.0.12</lib-istack-version>
-        <lib-jackson-version>2.19.1</lib-jackson-version>
-        <lib-jaxb-ri-version>4.0.0</lib-jaxb-ri-version>
-        <lib-jaxb-api-version>4.0.0</lib-jaxb-api-version>
-        <lib-joda-time-version>2.14.0</lib-joda-time-version>
-        <lib-jetty-version>12.0.22</lib-jetty-version>
+        <lib-jackson-version>2.19.4</lib-jackson-version>
+        <lib-jaxb-ri-version>4.0.9</lib-jaxb-ri-version>
+        <lib-jaxb-api-version>4.0.5</lib-jaxb-api-version>
+        <lib-jetty-version>12.1.10</lib-jetty-version>
+        <lib-joda-time-version>2.14.2</lib-joda-time-version>
         <lib-json-version>20250517</lib-json-version>
         <lib-log4j-version>1.2.17</lib-log4j-version>
         <lib-hamcrest-version>1.3</lib-hamcrest-version>
         <lib-osgi-version>4.3.1</lib-osgi-version>
         <lib-servlet-version>6.0.0</lib-servlet-version>
-        <lib-slf4j-version>2.0.17</lib-slf4j-version>
-        <lib-spring-version>6.2.8</lib-spring-version>
-        <lib-thymeleaf-version>3.1.3.RELEASE</lib-thymeleaf-version>
+        <lib-slf4j-version>2.0.18</lib-slf4j-version>
+        <lib-spring-version>6.2.19</lib-spring-version>
+        <lib-thymeleaf-version>3.1.5.RELEASE</lib-thymeleaf-version>
         <lib-velocity-version>2.4.1</lib-velocity-version>
         <!-- tests -->
-        <lib-junit-version>5.13.1</lib-junit-version>
+        <lib-junit-version>5.14.4</lib-junit-version>
     </properties>
 
     <profiles>

From c727ba5ad9dee8a2004ecaa0d1b9df2c047518f1 Mon Sep 17 00:00:00 2001
From: Thierry Boileau <thierry.boileau@qlik.com>
Date: Thu, 11 Jun 2026 21:26:14 +0200
Subject: [PATCH 2/2] Issue #1510: Upgrade libraries to fix CVEs

---
 changes.md | 2 +-
 pom.xml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/changes.md b/changes.md
index dc7acdb9d9..63d6c06ed0 100644
--- a/changes.md
+++ b/changes.md
@@ -13,7 +13,7 @@ Changes log
         - Upgraded Jackson library to 2.19.4.
         - Upgraded JaxB runtime library to 4.0.9.
         - Upgraded JaxB API library to 4.0.5.
-        - Upgraded Jetty library to version 12.1.10.
+        - Upgraded Jetty library to version 12.0.36.
         - Upgraded Joda-Time library to 2.14.2.
         - Upgraded Slf4j library to 2.0.28.
         - Upgraded Spring library to 6.2.19.
diff --git a/pom.xml b/pom.xml
index d7a0652d57..7c6d581415 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <lib-jackson-version>2.19.4</lib-jackson-version>
         <lib-jaxb-ri-version>4.0.9</lib-jaxb-ri-version>
         <lib-jaxb-api-version>4.0.5</lib-jaxb-api-version>
-        <lib-jetty-version>12.1.10</lib-jetty-version>
+        <lib-jetty-version>12.0.36</lib-jetty-version>
         <lib-joda-time-version>2.14.2</lib-joda-time-version>
         <lib-json-version>20250517</lib-json-version>
         <lib-log4j-version>1.2.17</lib-log4j-version>