Skip to content
Snippets Groups Projects

Dependency Bumps - Vulnerabilities

Merged Daniel Scholl (MS] requested to merge vulnerabilities into master

Summary

This merge request updates the core-lib-azure dependency version from 2.0.2 to 2.0.4 in the provider/search-azure module.

Changes

Dependencies

  • Updated core-lib-azure version from 2.0.2 to 2.0.4 in provider/search-azure/pom.xml.

Security Impact

New Vulnerabilities

Medium Severity:

  • CVE-2025-25193 (pom): A vulnerability in io.netty:netty-common version 4.1.116.Final introduced by the updated core-lib-azure dependency. This vulnerability could potentially cause a denial of service in Netty when an unsafe reading of an environment file occurs.

Fixed Vulnerabilities

High Severity:

  • CVE-2025-24970 (pom): A vulnerability in io.netty:netty-handler version 4.1.115.Final related to improper packet validation in SslHandler, which could lead to a native crash when using the native SSLEngine. This vulnerability has been fixed in the updated core-lib-azure dependency.

Medium Severity:

  • CVE-2025-25193 (pom): The same vulnerability in io.netty:netty-common version 4.1.115.Final has been fixed in the updated core-lib-azure dependency.

Vulnerability Comparison

Fixed Vulnerabilities

HIGH

  • CVE-2025-24970 in io.netty:netty-handler 4.1.115.Final (provider/search-azure/pom.xml)

MEDIUM

  • CVE-2025-25193 in io.netty:netty-common 4.1.115.Final (provider/search-azure/pom.xml

Merge request reports

Merge request pipeline #309193 failed

Pipeline: Search

#309194

    Merge request pipeline failed for 73dddc86

    5 environments impacted.
    Approved by

    Merged by Daniel Scholl (MS]Daniel Scholl (MS] 2 months ago (Feb 14, 2025 8:17pm UTC)

    Merge details

    • Changes merged into master with 1bd1481f (commits were squashed).
    • Deleted the source branch.

    Pipeline #309215 failed

    Pipeline failed for 1bd1481f on master

    10 environments impacted.

    Activity

    Filter activity
    • Approvals
    • Assignees & reviewers
    • Comments (from bots)
    • Comments (from users)
    • Commits & branches
    • Edits
    • Labels
    • Lock status
    • Mentions
    • Merge request status
    • Tracking
    Please register or sign in to reply
    Loading