This is being picked up by my github action for dependency review (actions/dependency-review-action@v4). Does anyone know if there is an expected patch?
https://github.com/advisories/GHSA-rg35-5v25-mqvp
Thanks
-Jonathan
Best to ask on the Keycloak repo where the maintainers are, as this is a community forum GitHub - keycloak/keycloak: Open Source Identity and Access Management For Modern Applications and Services
FYI I checked, and I don’t see any specific discussions about that CVE. However, sometimes when something gets reported to security@, they don’t respond or post about it until the patch is done and the release has been cut.