Describe the bug
There's a CVE-2025-22227 for azure sdk for java in the dependency reactor-http-netty. Reactor-netty-http 1.0.48 is used by the sdk. It seems that there's a version 1.0.49 available but only in spring with a commercial license.
It would be good to have a new version without going to the latest version 1.2.x of the reactor-netty-http since it needs a more recent netty version and it can break applications that are stuck with an earlier netty version (it's my case).
Another question would be if this CVE affects in any way the azure sdk. Maybe the sdk client doesn't follow redirects
Describe the bug
There's a CVE-2025-22227 for azure sdk for java in the dependency reactor-http-netty. Reactor-netty-http 1.0.48 is used by the sdk. It seems that there's a version 1.0.49 available but only in spring with a commercial license.
It would be good to have a new version without going to the latest version 1.2.x of the reactor-netty-http since it needs a more recent netty version and it can break applications that are stuck with an earlier netty version (it's my case).
Another question would be if this CVE affects in any way the azure sdk. Maybe the sdk client doesn't follow redirects