Hello,
I created the security issue yesterday.
https://issues.jboss.org/browse/KEYCLOAK-3692
Can only core members see the ticket?
I wrote reproduce steps too. Please check the issue.
Regards,
--
Hiroyuki Wada
On Wed, Oct 12, 2016 at 5:01 PM, Hiroyuki Wada <wadahiro(a)gmail.com> wrote:
Hello Thomas,
Thanks for your quick reply.
I'll create a jira ticket soon.
On Wed, Oct 12, 2016 at 4:36 PM, Thomas Darimont
<thomas.darimont(a)googlemail.com> wrote:
> Hello Hiroyuki,
>
> Just create a new issue here
https://issues.jboss.org/projects/KEYCLOAK
> Mark it as Security Sensitive Issue (x) This issue is security relevant.
>
> Cheers,
> Thomas
>
> 2016-10-12 9:30 GMT+02:00 Hiroyuki Wada <wadahiro(a)gmail.com>:
>>
>> Hello,
>>
>> I have security concern in Keycloak server. It might be a vulnerability.
>> Where should I report this problem?
>>
>>
>> Regards,
>>
>> --
>> Hiroyuki Wada,
>> Developer,
>> Nomura Research Institute, Ltd.
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>