Keycloak 11 & CVE-2018-5382 bouncycastle. Is BKS-1 enabled?

Keycloak 11 is vulnerable to CVE-2018-5382 because of its dependency on: org.bouncycastle bcprov-ext-jdk15on

To remediate the vulnerability one must disable the use of BKS-1 (legacy signature format).

Please confirm if Keycloak 11 uses BKS-1.


Hi all,

I have the same question. Can anyone help with this or is there any link with more information about this problem available?


Can anybody help with this problem?