Where to subscribe to security advisories?


Keycloak had a very severe security issue in the LDAP module that had been resolved with Keycloak 8.0.1. Apart from the release notes page, how do I subscribe to security advisories such as the mentioned one? Is there a mailing list I should subscribe to?


You can find all available resources here: https://www.keycloak.org/community.html

Thanks Niko. What specifically are you referring to? What do you recommend? Looking at the Community page:

  • There’s a user mailing list for questions, much like the forum here
  • There’s a dev mailing list for, well, development related discussions
  • The security mailing list is private. Much like reporting security relevant issues with JIRA.
  • There’s JIRA which can indeed be filtered for issue type bug and Security Sensitive Issues.

I don’t refer to anything specific.
All available resources are on the mentioned page, and if there’s nothing listed what you’re looking for, then it’s probably not available.

There is not security advisory for the open source project Keycloak. If you run Keycloak, you always should use the most recent version.
If you’re looking for something supported in terms of security patches, think about using the commercial supported “Red Hat SSO”.

There’re CVE entries for Keycloak.

1 Like