Dependency Bumps - Vulnerabilities

Summary

This merge request updates the version of the core-lib-azure dependency to 2.0.4 in the provider/storage-azure module.

Key Changes

• The version of the core-lib-azure dependency has been updated from 2.0.3 to 2.0.4 in the pom.xml file.

Security Impact

This update addresses the following security vulnerability:

• CVE-2025-24970 (HIGH Severity): This vulnerability in the io.netty:netty-handler package (version 4.1.116.Final) used by the provider/storage-azure module has been fixed. The issue involved the SslHandler not correctly validating packets, which could lead to a native crash when using the native SSLEngine.

  • By updating the core-lib-azure dependency to version 2.0.4, this vulnerability has been addressed and mitigated.

Vulnerability Comparison

Fixed Vulnerabilities

HIGH

• CVE-2025-24970 in io.netty:netty-handler 4.1.116.Final (provider/storage-azure/pom.xml)

changed milestone to %M25 - Release 0.28

added Azure Common Code ImpactPatch MRDependencies Upgrade Vulnerability Management labels

assigned to @danielscholl

added 1 commit

• 78cdf1dd - Revert json-smart

Compare with previous version

removed Common Code label

changed the description

approved this merge request

mentioned in commit 7499211e

merged