[keycloak-user] KeyCloak CVE's
Hynek Mlnarik
hmlnarik at redhat.com
Tue Feb 20 02:34:24 EST 2018
For critical production environment consider using Red Hat Single Sign On
[1].
--Hynek
[1] http://www.keycloak.org/support.html
On Thu, Feb 15, 2018 at 8:12 PM, Yuriy Yunikov <
yuriy.yunikov at verygood.systems> wrote:
> There's been an issue before about KeyCloak CVE's however no more
> information found about it.
> http://lists.jboss.org/pipermail/keycloak-user/2017-December/012541.html
>
> I would like to get a clear understanding about
> https://nvd.nist.gov/vuln/detail/CVE-2017-12160
> https://www.saucs.com/cve/CVE-2017-12159
> https://www.saucs.com/cve/CVE-2017-12158
>
> Why they're the case and if there are patches for them. There are no
> information on CVE websites. It's critical for us to make sure KeyCloak has
> known vulnerabilities fixed. Can anyone point me please in the right
> direction or post more information about them?
>
> Regards,
> Yuriy Yunikov
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
--Hynek
More information about the keycloak-user
mailing list