ls1intum · Michael-Breu-UIbk · Mar 18, 2026 · Mar 21, 2026 · Apr 17, 2026 · Apr 20, 2026
@@ -205,7 +205,7 @@ Refer to [Using JHipster in production](http://www.jhipster.tech/production) for
 The following command can automate the deployment to a server. The example shows the deployment to the main Artemis test server (which runs a virtual machine):
 
 ```shell
-./artemis-server-cli deploy username@artemis-test0.artemis.in.tum.de -w build/libs/Artemis-8.7.4.war
+./artemis-server-cli deploy username@artemis-test0.artemis.in.tum.de -w build/libs/Artemis-8.7.5.war
 ```
 
 ## Architecture

@@ -33,7 +33,7 @@ plugins {
 }
 
 group = "de.tum.cit.aet.artemis"
-version = "8.7.4"
+version = "8.7.5"
 description = "Interactive Learning with Individual Feedback"
 
 java {
@@ -43,7 +43,7 @@ java {
 }
 
 wrapper {
-    gradleVersion = "9.3.0"
+    gradleVersion = "9.4.1"
 }
 
 node {
@@ -215,7 +215,7 @@ dependencies {
     implementation "de.jplag:typescript:${jplag_version}"
 
     // Align all Spring AI modules to the same version
-    implementation platform("org.springframework.ai:spring-ai-bom:1.1.2")
+    implementation platform("org.springframework.ai:spring-ai-bom:1.1.3")
     // Azure OpenAI (prod, or when you want Azure)
     implementation "org.springframework.ai:spring-ai-starter-model-azure-openai" // can also use non-azure models
     implementation "org.springframework.ai:spring-ai-starter-model-chat-memory-repository-jdbc"
@@ -298,7 +298,7 @@ dependencies {
     implementation "io.opentelemetry:opentelemetry-exporter-otlp"
 
     // Prometheus requires the protobuf-java dependency, but we explicitly use the latest version to avoid security vulnerabilities
-    implementation "com.google.protobuf:protobuf-java:4.33.4"
+    implementation "com.google.protobuf:protobuf-java:4.34.1"
 
     implementation "tech.jhipster:jhipster-framework:${jhipster_dependencies_version}"
 
@@ -356,16 +356,16 @@ dependencies {
     implementation "org.springframework.boot:spring-boot-starter-aop"
     implementation "org.springframework.boot:spring-boot-starter-data-jpa"
     implementation "org.springframework.boot:spring-boot-starter-security"
-    implementation "org.springframework.boot:spring-boot-starter-web"
+    implementation "org.springframework.boot:spring-boot-starter-web:3.5.13"
     implementation "org.springframework.boot:spring-boot-starter-tomcat"
     implementation "org.springframework.boot:spring-boot-starter-websocket"
-    implementation "org.springframework.boot:spring-boot-starter-thymeleaf"
+    implementation "org.springframework.boot:spring-boot-starter-thymeleaf:3.5.13"
     implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server"
     implementation "org.springframework.boot:spring-boot-starter-oauth2-client"
 
-    implementation "org.springframework.data:spring-data-jpa:3.5.8"
-    implementation "org.springframework.data:spring-data-ldap:3.5.8"
-    implementation "org.springframework.ldap:spring-ldap-core:3.3.5"
+    implementation "org.springframework.data:spring-data-jpa:3.5.10"
+    implementation "org.springframework.data:spring-data-ldap:3.5.10"
+    implementation "org.springframework.ldap:spring-ldap-core:3.3.6"
 
     implementation "org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:${spring_cloud_version}"
     implementation "org.springframework.cloud:spring-cloud-starter-config:${spring_cloud_version}"
@@ -416,9 +416,9 @@ dependencies {
     implementation "org.zalando:problem-spring-web:0.29.1"
     implementation "org.zalando:jackson-datatype-problem:0.27.1"
     // Required by JPlag
-    implementation "com.ibm.icu:icu4j-charset:78.2"
+    implementation "com.ibm.icu:icu4j-charset:78.3"
     // Required by exam session service
-    implementation "com.github.seancfoley:ipaddress:5.5.1"
+    implementation "com.github.seancfoley:ipaddress:5.6.2"
 
     // used for testing and Java Template Upgrade Service
     implementation "org.apache.maven:maven-model:3.9.12"
@@ -442,7 +442,7 @@ dependencies {
 
     implementation "com.google.errorprone:error_prone_annotations:2.46.0"
     // needed for OpenAPI generation
-    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.15"
+    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.16"
 
 
     // NOTE: we want to keep the same unique version for all configurations, implementation and annotationProcessor
@@ -457,7 +457,7 @@ dependencies {
     annotationProcessor "org.glassfish.jaxb:jaxb-runtime:${jaxb_runtime_version}"
     annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
 
-    implementation "org.mnode.ical4j:ical4j:4.2.3"
+    implementation "org.mnode.ical4j:ical4j:4.2.4"
 
 
     // ---- CHECKSTYLE DEPENDENCIES ----
@@ -485,9 +485,9 @@ dependencies {
     testImplementation "io.github.classgraph:classgraph:4.8.184"
     testImplementation "org.awaitility:awaitility:4.3.0"
     testImplementation "org.apache.maven.shared:maven-invoker:3.3.0"
-    testImplementation "org.gradle:gradle-tooling-api:9.3.0"
-    testImplementation "org.apache.maven.surefire:surefire-report-parser:3.5.4"
-    testImplementation "io.zonky.test:embedded-database-spring-test:2.7.1"
+    testImplementation "org.gradle:gradle-tooling-api:9.4.1"
+    testImplementation "org.apache.maven.surefire:surefire-report-parser:3.5.5"
+    testImplementation "io.zonky.test:embedded-database-spring-test:2.8.0"
     testImplementation "com.redis:testcontainers-redis:2.2.4"
     testImplementation "com.tngtech.archunit:archunit:1.4.1"
     testImplementation "org.skyscreamer:jsonassert:1.5.3"
@@ -556,13 +556,15 @@ def isNonStable = { String version ->
     return !stableKeyword && !(version ==~ regex)
 }
 
-tasks.named("dependencyUpdates").configure {
-    rejectVersionIf {
-        isNonStable(it.candidate.version)
-    }
+def getMajorVersion = { String version ->
+    version.tokenize('.')[0]
+}
 
+tasks.named("dependencyUpdates").configure {
+    def rawSkipMajor = System.getProperty("skipMajorUpdates")
+    def skipMajor = rawSkipMajor != null && (rawSkipMajor.isBlank() || rawSkipMajor.toBoolean())
     rejectVersionIf {
-        isNonStable(it.candidate.version) && !isNonStable(it.currentVersion)
+        isNonStable(it.candidate.version) || (skipMajor && getMajorVersion(it.candidate.version) != getMajorVersion(it.currentVersion))
     }
 }
 
@@ -578,7 +580,8 @@ tasks.named("dependencyUpdates").configure {
 // 3) Verify code coverage (after tests):           ./gradlew jacocoTestCoverageVerification -x webapp
 // 4) Check Java code format:                       ./gradlew spotlessCheck -x webapp
 // 5) Apply Java code formatter:                    ./gradlew spotlessApply -x webapp
-// 6) Find dependency updates:                      ./gradlew dependencyUpdates -Drevision=release
+// 6) Find dependency updates:                      ./gradlew dependencyUpdates -Drevision=release -x webapp
+// 6a) Find only minor/patch dependency updates:     ./gradlew dependencyUpdates -Drevision=release -DskipMajorUpdates -x webapp
 // 7) Check JavaDoc:                                ./gradlew checkstyleMain -x webapp
 // 8) Detects uses of legacy code:                  ./gradlew modernizer -x webapp
 // 9) Check for vulnerabilities in dependencies     ./gradlew dependencyCheckAnalyze -x webapp

@@ -7,55 +7,57 @@ npm_version=11.5.1
 
 # Dependency versions
 jhipster_dependencies_version=8.12.0
-spring_boot_version=3.5.10
+spring_boot_version=3.5.12
 tomcat_version=10.1.49
 spring_cloud_version=4.3.1
 # TODO: upgrading to 6.6.x currently leads to issues due to internal changes in Hibernate and potentially wrong use in Artemis server code. See https://hibernate.atlassian.net/browse/HHH-19249
 hibernate_version=6.5.3.Final
 opensaml_version=5.1.6
 jwt_version=0.13.0
-jaxb_runtime_version=4.0.6
+jaxb_runtime_version=4.0.7
 hazelcast_version=5.5.0
 fasterxml_version=2.20.1
 netty_version=4.2.7.Final
-jgit_version=7.5.0.202512021534-r
+jgit_version=7.6.0.202603022253-r
 sshd_version=2.16.0
-checkstyle_version=13.0.0
+checkstyle_version=13.3.0
 jplag_version=6.3.0
 # not really used in Artemis, nor JPlag, nor the used version of Stanford CoreNLP, but we use the latest to avoid security vulnerability warnings
 # NOTE: we cannot need to use the latest version 9.x or 10.x here as long as Stanford CoreNLP does not reference it
 lucene_version=8.11.4
 slf4j_version=2.0.17
 sentry_version=8.31.0
 liquibase_version=5.0.1
-docker_java_version=3.7.0
+docker_java_version=3.7.1
 logback_version=1.5.21
 java_parser_version=3.26.2
-byte_buddy_version=1.18.4
+byte_buddy_version=1.18.7
 mysql_version=9.5.0
 micrometer_version=1.16.2
 # micrometer-tracing follows a different versioning schema than micrometer-core
 micrometer_tracing_version=1.6.2
 snakeyaml_version=2.5
 helios_status_version=1.1.0
-bucket4j_version=8.16.0
+bucket4j_version=8.17.0
 commons_lang3_version=3.20.0
 commons_text_version=1.15.0
 redisson_version=3.52.0
 
 
 # testing
 # make sure both versions are compatible
-junit_version=6.0.2
-mockito_version=5.21.0
+junit_version=6.0.3
+mockito_version=5.23.0
+testcontainers_version=2.0.4
+ryuk_version=0.14.0
 
 
 # gradle plugin version
 gradle_node_plugin_version=7.1.0
 apt_plugin_version=0.21
 liquibase_plugin_version=3.1.0
-modernizer_plugin_version=1.12.0
-spotless_plugin_version=8.2.0
+modernizer_plugin_version=1.13.0
+spotless_plugin_version=8.4.0
 
 org.gradle.jvmargs=-Xmx4g -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 -Duser.country=US -Duser.language=en \
   --add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED \

@@ -1,6 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-9.3.0-bin.zip
+distributionSha256Sum=2ab2958f2a1e51120c326cad6f385153bb11ee93b3c216c5fccebfdfbb7ec6cb
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

@@ -1,6 +1,6 @@
 {
     "name": "artemis",
-    "version": "8.7.4",
+    "version": "8.7.5",
     "description": "Interactive Learning with Individual Feedback",
     "private": true,
     "license": "MIT",

@@ -10,6 +10,10 @@ public LocalVCForbiddenException() {
         // empty constructor
     }
 
+    public LocalVCForbiddenException(String message) {
+        super(message);
+    }
+
     public LocalVCForbiddenException(Throwable cause) {
         super(cause);
     }

@@ -7,6 +7,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 
 import org.eclipse.jgit.http.server.GitServlet;
+import org.eclipse.jgit.http.server.resolver.AsIsFileService;
 import org.eclipse.jgit.transport.ReceivePack;
 import org.eclipse.jgit.transport.UploadPack;
 import org.slf4j.Logger;
@@ -71,6 +72,11 @@ public ArtemisGitServletService(LocalVCServletService localVCServletService) {
     @Override
     public void init() throws ServletException {
         super.init();
+        // Disable dumb HTTP protocol (serving raw files like /HEAD, /objects/).
+        // Only the smart HTTP protocol (info/refs + git-upload-pack/git-receive-pack) is allowed,
+        // which goes through our authentication and authorization filters.
+        this.setAsIsFileService(AsIsFileService.DISABLED);
+
         this.setRepositoryResolver((request, name) -> {
             // request – the current request, may be used to inspect session state including cookies or user authentication.
             // name – name of the repository, as parsed out of the URL (everything after /git/).