Hello group,I just ran findbugs [1] with the find-sec-bugs [0] and found quite a bunch of rathersuspicious places in the Keycloak codebase.Note that I don't wont to blame anyone but rather try to improve the codebase :)For instance there are some quite prominent (and sensitive) non-final public static fields that couldbe easily changed to something else (in case they aren't inlined).
Further more there seem to be some dead code left-overs from merges spread over the codebase e.g:
Question is how to deal with that?I could send PRs for those issues - they would contain quite a bunch of fileswith minor changes. Would you be open to such contributions and if so, what JIRA issueshould one reference here?
Cheers,Thomas
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev