com.microsoft.sqlserver:mssql-jdbc has been updated to 10.2.4.jre11 to fix CVE-2025-59250.

This update introduces some breaking changes, especially that encryption is now enabled by default. To restore the old behavior, you can add ;encrypt=false to the JDBC url.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250

https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver17#changes-in-102

(CMS-28866)