Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEYCLOAK-33: Upgrade keycloak from 25 to 26 fixing vulns #36

Closed
wants to merge 2 commits into from
Closed

KEYCLOAK-33: Upgrade keycloak from 25 to 26 fixing vulns #36

wants to merge 2 commits into from

Conversation

julianladisch
Copy link

https://folio-org.atlassian.net/browse/SECURITY-231

Upgrade keycloak from 25.0.6 to 26.0.7 fixing security vulnerabilities:

https://github.com/keycloak/keycloak/security

Purpose

Fix security vulnerablities.

Approach

Bump keycloak major version.

TODOS and Open Questions

  • Check logging

Pre-Merge Checklist:

Before merging this PR, please go through the following list and take appropriate actions.

  • Does this PR meet or exceed the expected quality standards?
    • Code coverage on new code is 80% or greater
    • Duplications on new code is 3% or less
    • There are no major code smells or security issues
  • Does this introduce breaking changes?
    • There are no breaking changes in this PR.

@julianladisch julianladisch requested a review from a team as a code owner December 4, 2024 13:09
@julianladisch
Copy link
Author

Obsoleted by #37

@julianladisch
Upgrade keycloak from 26.0.7 to 26.0.8 fixing vulns
220314d 
https://www.keycloak.org/2025/01/keycloak-2608-released

Fix
* CVE-2024-11736 Unrestricted admin use of system and environment variables
* CVE-2024-11734 Denial of Service in Keycloak Server via Security Headers
@yauhen-vavilkin yauhen-vavilkin deleted the KEYCLOAK-33-keycloak-26.0.7 branch January 31, 2025 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@julianladisch @yauhen-vavilkin