[keycloak-user] Security Patches

[Veit Guna]

Hi.

As the keycloak support page explicitly states, that the keycloak
community edition will _never_ get patches, I'm wondering how this is
usually handled.

Let's assume there's a security critical bug in keycloak that can be
exploited from the outside. Usually how quickly gets this fixed in the
community edition?

I know, that this is will be quickly patched in the Red Hat SSO version
of keycloak, but what does that mean regarding keycloak CE?

When will such fixes usually reach keycloak? Are patches for Red Hat SSO
public available so one could theoretically use them to patch keycloak
by oneself?

Cheers
Veit