[keycloak-user] KeyCloak CVE's
Stian Thorgersen
sthorger at redhat.com
Tue Feb 20 02:54:44 EST 2018
The 3 CVEs you listed where all fixed in 3.3.0.Final, but for some reason
the CVEs still haven't been updated. Will chase that (again).
On 20 February 2018 at 08:34, Hynek Mlnarik <hmlnarik at redhat.com> wrote:
> For critical production environment consider using Red Hat Single Sign On
> [1].
>
> --Hynek
>
> [1] http://www.keycloak.org/support.html
>
> On Thu, Feb 15, 2018 at 8:12 PM, Yuriy Yunikov <
> yuriy.yunikov at verygood.systems> wrote:
>
> > There's been an issue before about KeyCloak CVE's however no more
> > information found about it.
> > http://lists.jboss.org/pipermail/keycloak-user/2017-December/012541.html
> >
> > I would like to get a clear understanding about
> > https://nvd.nist.gov/vuln/detail/CVE-2017-12160
> > https://www.saucs.com/cve/CVE-2017-12159
> > https://www.saucs.com/cve/CVE-2017-12158
> >
> > Why they're the case and if there are patches for them. There are no
> > information on CVE websites. It's critical for us to make sure KeyCloak
> has
> > known vulnerabilities fixed. Can anyone point me please in the right
> > direction or post more information about them?
> >
> > Regards,
> > Yuriy Yunikov
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
> --
>
> --Hynek
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list