Re: [keycloak-dev] CVE-2019-3875- Keycloak X.509 Authenticator Man-In-The-Middle Weak Authentication
Yes it was fixed and will be available on the next release.
On Tue, Aug 13, 2019 at 11:42 AM Shiva Prasad Thagadur Prakash
<shiva.prasad.thagadur.prakash(a)ericsson.com> wrote:
Hi Guys,
Is this CVE already fixed in keycloak version 6.0.1? The CVE
description says vulnerable upto 6.0.2 and the redhat link https://bugz
illa.redhat.com/show_bug.cgi?id=1690628 says fixed in version 6.0.2.
But we couldn't find keycloak version 6.0.2?
Thanks,
Shiva
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
- abstractj