[keycloak-dev] CVE-2019-3875 and handling of security issues
Lösch, Sebastian
Sebastian.Loesch at governikus.de
Tue Jul 9 09:26:17 EDT 2019
Dear devs,
is the CVE-2019-3875 <https://www.cvedetails.com/cve/CVE-2019-3875/> fixed
already? Also CVE-2019-10157
<https://www.cvedetails.com/cve/CVE-2019-10157/> seems to be still
unresolved.
When do you plan to release 6.0.2 including the fixes?
Is there a place to get more information about upcoming releases? I have
access to
https://issues.jboss.org/projects/KEYCLOAK?selectedItem=com.atlassian.jira.j
ira-projects-plugin%3Arelease-page
<https://issues.jboss.org/projects/KEYCLOAK?selectedItem=com.atlassian.jira.
jira-projects-plugin%3Arelease-page&status=no-filter> &status=no-filter but
there are no release dates fixed.
Especially with open security issues I would appreciate quick bugfix
releases. Or is it something that is only expectable from RH-SSO and not
from Keycloak?
Best regards,
Sebastian
More information about the keycloak-dev
mailing list