We are using keycloak-admin dependency and resteasy for the integration with keycloak on a open source project. But any version of keycloak-admin is not compatible with the version 4.5.7 of resteasy and older versions of reasteasy have a vulnerability, Generation of Error Message Containing Sensitive Information in RESTEasy client · CVE-2020-25633 · GitHub Advisory Database · GitHub. Is there a plan to upgrade resteasy on keycloak?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| How to use a rest-client in keycloak 19 authenticators/required actions (Migration issue from v15) | 1 | 1179 | April 3, 2024 | |
| Using keycloak-admin-client within a Keycloak extension | 5 | 1558 | July 15, 2022 | |
| Keycloak-admin-client in javax.ws.rs 1.x environment | 3 | 1246 | January 24, 2022 | |
| RESTEASY003940: Unable to instantiate MessageBodyReader | 2 | 2698 | July 30, 2021 | |
| Apache Commons-codec module with vulnerability is being pulled in latest Keycloak admin client | 0 | 413 | March 9, 2022 |