Hello everyone,
In both cases “A flaw was found in Keycloak before 13.0.0”
On the other hand from here it’s evident, that both CVEs were fixed in version 13.0.0, but from what I understood, this version is unreleased yet.
I decided to use one of the latest version of Keycloak either 12.0.1 or 12.0.2 for my project. How can I figure out that these versions are fixed also and is it even possible?
Thank you.
[UPDATE]:
I found this link: Update Keycloak to 12.0.0+ · Issue #88 · strimzi/strimzi-kafka-oauth · GitHub
Does it mean that list of all CVEs mentioned in this #88 issue are fixed from version 12.0.1 up to 12.0.2 etc…?
Please, if some responsible person read this post, can you let me know, how I can figure out, if some specific CVE been patched also for specific version of Keycloak?
Because till now, nobody was able to answer me how I can identify if patch for unreleased version 13.0.0 is also backported into latest version 12.0.x.
Thx.
@wh33zy did you get an answer to you questions?
We are in the process of adopting Keycloak 11.0.3, however just recently we paid attention to the vulnerabilities…our scan yields this list:
CVE-2020-10770
CVE-2020-10776
CVE-2020-14302
CVE-2020-14359
CVE-2020-14366
CVE-2020-14389
CVE-2020-1725
Because of this we are thinking of upgrading to version 12.0.4, however even in that version the following are reported:
CVE-2020-10770
CVE-2020-14302
CVE-2020-1725
Does anyone know whether there is a chance these issues to be fixed in versions 11.x or 12.x ?
Thanks
If they don’t get fixed in 12.x, do we have at least a planned release date for 13.0.0?