Dependency Bumps - Vulnerabilities
Summary
This merge request updates the version of the core-lib-azure
dependency to 2.0.4 in the provider/storage-azure
module.
Key Changes
- The version of the
core-lib-azure
dependency has been updated from 2.0.3 to 2.0.4 in thepom.xml
file.
Security Impact
This update addresses the following security vulnerability:
-
CVE-2025-24970 (HIGH Severity): This vulnerability in the
io.netty:netty-handler
package (version 4.1.116.Final) used by theprovider/storage-azure
module has been fixed. The issue involved theSslHandler
not correctly validating packets, which could lead to a native crash when using the nativeSSLEngine
.- By updating the
core-lib-azure
dependency to version 2.0.4, this vulnerability has been addressed and mitigated.
- By updating the
Vulnerability Comparison
Fixed Vulnerabilities
HIGH
- CVE-2025-24970 in io.netty:netty-handler 4.1.116.Final (provider/storage-azure/pom.xml)
Edited by Daniel Scholl (MS]