Hello group,
I just ran findbugs [1] with the find-sec-bugs [0] and found quite a bunch of rather
suspicious places in the Keycloak codebase.
Note that I don't wont to blame anyone but rather try to improve the codebase :)
For instance there are some quite prominent (and sensitive) non-final public static fields that could
be easily changed to something else (in case they aren't inlined).
Further more there seem to be some dead code left-overs from merges spread over the codebase e.g:
Question is how to deal with that?
I could send PRs for those issues - they would contain quite a bunch of files
with minor changes. Would you be open to such contributions and if so, what JIRA issue
should one reference here?
Cheers,
Thomas