Hi,
We recently upgraded keycloak from 25.0.6 to 26.1.0 to resolve some security vulnerability issues.
v26.1.0 also got following jar ‘io.quarkus.http.quarkus-http-core-5.3.3’ as HIGH vulnerable.
Is there any way to fix this issue, or can we expect some upgrade soon for this?
Really appreciate your response
Thank You,
Ayyandurai M
This is a community forum, Keycloak maintainers doesn’t read here.
If you have questions to the project team, please visit the GitHub repo, thanks.
Check Keycloak.X, but secure – without vulnerable libraries for an idea on how build your own custom image with such deps patched if you need the patches urgently.
Or just use 26.1.1, which was just relesed and the CVE is fixed.