Skip to content

Dependency Bumps - Vulnerabilities

Daniel Scholl (MS] requested to merge vulnerabilities into master

Summary

This merge request updates the version of the core-lib-azure dependency to 2.0.4 in the provider/storage-azure module.

Key Changes

  • The version of the core-lib-azure dependency has been updated from 2.0.3 to 2.0.4 in the pom.xml file.

Security Impact

This update addresses the following security vulnerability:

  • CVE-2025-24970 (HIGH Severity): This vulnerability in the io.netty:netty-handler package (version 4.1.116.Final) used by the provider/storage-azure module has been fixed. The issue involved the SslHandler not correctly validating packets, which could lead to a native crash when using the native SSLEngine.

    • By updating the core-lib-azure dependency to version 2.0.4, this vulnerability has been addressed and mitigated.

Vulnerability Comparison

Fixed Vulnerabilities

HIGH

  • CVE-2025-24970 in io.netty:netty-handler 4.1.116.Final (provider/storage-azure/pom.xml)
Edited by Daniel Scholl (MS]

Merge request reports

Loading