Severe security issue in Keycloak >= 12.0.0 and <= 15.1.0

dasniko · December 20, 2021, 1:23pm

I strongly recommend to update your Keycloak deployments to latest 15.1.1 or 16.0.0!

hmof · December 23, 2021, 5:09am

So Keycloak 10 is not vulnerable?

dasniko · December 23, 2021, 7:58am

Don‘t know.
But KC10 is already 1,5 yrs old (at least) and thus has other issues. So, you always should upgrade to the most recent version.

dasniko · December 23, 2021, 3:30pm

More info:

Topic		Replies	Views
Keycloak 13.0.1 vulnerabilities Securing applications upgrading	1	660	February 8, 2022
Planning to Upgrade the Keycloak from 3.4.0 to 15.0 and Recommended Stable Keycloak Version (Production Ready) authentication	0	286	September 16, 2021
Upgrade Keycloak version 12.0 to 21.0 Getting advice	3	3521	March 30, 2023
Upgrading the Keycloak from 3.4.0 to 15.0? and Recommended Stable Keycloak Version (Production Ready) Getting advice authentication , upgrading	2	2110	February 9, 2022
CVE-2020-1714 remote code execution before Keycloak 11 Getting advice	5	2013	June 10, 2020