Hello KeyCloak Community,
We noticed that a fix for CVE-2020-14389 has been released for the branch 12.x [1], but this has not been backported to the branch 10.x. Are you planning to backport it ? And if so, when ?
We are also wondering when the support for the branch 10.x will end ?
[1] 1875843 – (CVE-2020-14389) CVE-2020-14389 keycloak: user can manage resources with just "view-profile" role using new Account Console
Best,
Laurent
IMHO it won’t be backported. There is no concept of LTS releases for the Keycloak: LTS policy and supported versions, recommended versions - #3 by ieugen
So you have to use the latest release.
Thank you for this clarification jangaraj