Package keycloak: Information
Source package: keycloak
Version: 26.1.3-alt1
Build time: Mar 3, 2025, 01:30 PM in the task #376632
Category: System/Servers
Report package bugHome page: https://github.com/keycloak/keycloak
License: Apache-2.0
Summary: Open Source Identity and Access Management For Modern Applications and Services
Description:
Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.
Maintainer: Andrey Cherepanov
Last changed
March 2, 2025 Andrey Cherepanov 26.1.3-alt1
- New version. - Security fixes: + CVE-2025-0736 Error during JGroups channel creation may reveal secure information + CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
Feb. 19, 2025 Andrey Cherepanov 26.1.2-alt2
- (%post) Copy configuration files from /usr/share/keycloak/conf. - Mention CVE-2024-7260, fixed in 24.0.7.
Feb. 11, 2025 Andrey Cherepanov 26.1.2-alt1
- New version. - Security fixes: + CVE-2024-11736 Unrestricted admin use of system and environment variables + CVE-2024-11734 Denial of Service in Keycloak Server via Security Headers + CVE-2024-10451 Sensitive Data Exposure in Keycloak Build Process + CVE-2024-10270 Potential Denial of Service + CVE-2024-10492 Keycloak path trasversal + CVE-2024-9666 Keycloak proxy header handling Denial-of-Service (DoS) vulnerability + CVE-2024-10039 Bypassing mTLS validation + CVE-2021-44549 org.eclipse.angus/angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication + CVE-2024-8883 Vulnerable Redirect URI Validation Results in Open Redirect + CVE-2024-8698 Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak + CVE-2024-7341 Session fixation in the SAML adapters