[keycloak-user] [keycloak-users] [jackson-databind] is default typing enabled in keycloak

Shiva Prasad Thagadur Prakash shivaprasadtp8 at gmail.com
Tue Jul 2 03:18:29 EDT 2019

Previous message: [keycloak-user] Getting this exception Caused by: javax.persistence.EntityExistsException: A different object with the same identifier value was already associated with the session : [org.keycloak.storage.jpa.entity.FederatedUserRoleMappingEntity#org.keycloak.storage.jpa.entity.FederatedUserRoleMappingEntity$Key at e3a03493]
Next message: [keycloak-user] Reset credentials link without tab_id parameter
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi guys,
I was looking into CVE-2019-12814 and CVE-2019-12086. These are related to
default typing in jackson-databind. *Is default typing enabled in keylock?*
When I searched in code base I didn't see it enabled but I wanted to be
sure and hence mailed you guys!

Thanks,
Shiva

More information about the keycloak-user mailing list