Where to subscribe to security advisories?

thokuest · February 12, 2020, 2:20pm

Team,

Keycloak had a very severe security issue in the LDAP module that had been resolved with Keycloak 8.0.1. Apart from the release notes page, how do I subscribe to security advisories such as the mentioned one? Is there a mailing list I should subscribe to?

-Thomas

dasniko · February 13, 2020, 6:57am

You can find all available resources here: https://www.keycloak.org/community.html

thokuest · February 13, 2020, 10:26am

Thanks Niko. What specifically are you referring to? What do you recommend? Looking at the Community page:

There’s a user mailing list for questions, much like the forum here
There’s a dev mailing list for, well, development related discussions
The security mailing list is private. Much like reporting security relevant issues with JIRA.
There’s JIRA which can indeed be filtered for issue type bug and Security Sensitive Issues.

dasniko · February 13, 2020, 11:33am

I don’t refer to anything specific.
All available resources are on the mentioned page, and if there’s nothing listed what you’re looking for, then it’s probably not available.

There is not security advisory for the open source project Keycloak. If you run Keycloak, you always should use the most recent version.
If you’re looking for something supported in terms of security patches, think about using the commercial supported “Red Hat SSO”.

thokuest · February 13, 2020, 2:22pm

There’re CVE entries for Keycloak.

Topic		Replies	Views
Security Updates for Keycloak	2	1395	June 29, 2021
Community strength vs professional services Getting advice	1	296	December 13, 2022
Mailing list for academic Keycloak users Getting advice	4	252	May 4, 2023
Limit access to a Discourse forum based on AD Group using Keycloak? Getting advice authentication	0	304	December 7, 2020
Interested In Keycloak - List of Customers Getting advice	0	336	January 30, 2020

Where to subscribe to security advisories?

Related Topics