Re: [keycloak-user] KeyCloak CVE's

There's been an issue before about KeyCloak CVE's however no more information found about it. http://lists.jboss.org/pipermail/keycloak-user/2017-December/012541.html I would like to get a clear understanding about https://nvd.nist.gov/vuln/detail/CVE-2017-12160 https://www.saucs.com/cve/CVE-2017-12159 https://www.saucs.com/cve/CVE-2017-12158 Why they're the case and if there are patches for them. There are no information on CVE websites. It's critical for us to make sure KeyCloak has known vulnerabilities fixed. Can anyone point me please in the right direction or post more information about them? Regards, Yuriy Yunikov _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user