From c2db7be0ea53b1f62d84f8a6d96b7085f32b936c Mon Sep 17 00:00:00 2001
From: Susan Hert <susanh@labkey.com>
Date: Thu, 3 Jul 2025 14:37:30 -0700
Subject: [PATCH 1/2] Gradle Plugins v6.3.0 for faster builds (#1119)

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index 7f7c51b2f0..f8da7958ba 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -59,7 +59,7 @@ windowsProteomicsBinariesVersion=1.0
 # The current version numbers for the gradle plugins.
 artifactoryPluginVersion=5.2.5
 gradleNodePluginVersion=7.1.0
-gradlePluginsVersion=6.2.0
+gradlePluginsVersion=6.3.0
 owaspDependencyCheckPluginVersion=12.1.3
 versioningPluginVersion=1.1.2
 

From cba5eff29a7ccf9beb1fb97b8f9e4a5bde6e9824 Mon Sep 17 00:00:00 2001
From: Adam Rauch <adam@labkey.com>
Date: Tue, 8 Jul 2025 10:11:39 -0700
Subject: [PATCH 2/2] A couple more CSP enhancements (#1112)

---
 server/configs/application.properties                        | 1 +
 server/embedded/build.gradle                                 | 2 +-
 server/embedded/src/org/labkey/embedded/LabKeyServer.java    | 5 ++---
 .../labkey/embedded/LabKeyTomcatServletWebServerFactory.java | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/configs/application.properties b/server/configs/application.properties
index 654295dae7..fdf7676483 100644
--- a/server/configs/application.properties
+++ b/server/configs/application.properties
@@ -46,6 +46,7 @@ context.encryptionKey=@@encryptionKey@@
 
 ## By default, we serve LabKey at the root context path (e.g. http://localhost:8080)
 ## You may customize the context path if you wish (e.g. http://localhost:8080/labkey)
+## The context path value must start with a slash
 #context.contextPath=@@contextPath@@
 
 ## Using a legacy context path provides backwards compatibility with old deployments. A typical use case would be to
diff --git a/server/embedded/build.gradle b/server/embedded/build.gradle
index 90ea0bb022..588653ff18 100644
--- a/server/embedded/build.gradle
+++ b/server/embedded/build.gradle
@@ -161,7 +161,7 @@ project.publishing {
             artifact project.tasks.bootJar.outputs.files.singleFile
             pom {
                 name = "LabKey Server Embedded"
-                description = "LabKey classes for producing distributions with embedded TomCat."
+                description = "Embedded Tomcat, Spring Boot, and the LabKey classes that configure these components"
                 developers PomFileHelper.getLabKeyTeamDevelopers()
                 licenses PomFileHelper.getApacheLicense()
                 organization PomFileHelper.getLabKeyOrganization()
diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
index dc111f3916..e716072caf 100644
--- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java
+++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
@@ -46,7 +46,7 @@ public static void main(String[] args)
             return;
         }
 
-        // Issue 40038: Ride-or-die Mode - default to shutting down by default in embedded deployment scenario
+        // Issue 40038: Ride-or-die Mode - default to shutting down by default
         if (System.getProperty(TERMINATE_ON_STARTUP_FAILURE) == null)
         {
             System.setProperty(TERMINATE_ON_STARTUP_FAILURE, "true");
@@ -71,7 +71,7 @@ public static void main(String[] args)
         String baseCsp = """
                 default-src 'self' ;
                 connect-src 'self' ${CONNECTION.SOURCES} ;
-                object-src 'none' ;
+                object-src ${OBJECT.SOURCES} ;  /* Substitution value defaults to 'none' unless overridden by an admin */
                 style-src 'self' 'unsafe-inline' ${STYLE.SOURCES} ;
                 img-src 'self' data: ${IMAGE.SOURCES} ;
                 font-src 'self' data: ${FONT.SOURCES} ;
@@ -871,5 +871,4 @@ public void setKeyStore(String keyStore)
             this.keyStore = keyStore;
         }
     }
-
 }
diff --git a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java
index 112cca31f7..40ad299e3b 100644
--- a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java
+++ b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java
@@ -275,7 +275,7 @@ private void addContextProperty(StandardContext context, String value, String na
         }
     }
 
-    // Issue 48565: allow for JSON-formatted access logs in embedded tomcat
+    // Issue 48565: allow for JSON-formatted access logs
     private void configureJsonAccessLogging(Tomcat tomcat, LabKeyServer.JsonAccessLog logConfig)
     {
         var v = new JsonAccessLogValve();