fix(deps): update dependency org.keycloak:keycloak-core to v26.0.6 [security] - autoclosed #267
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
26.0.5
->26.0.6
GitHub Vulnerability Alerts
CVE-2024-10039
A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.
Release Notes
keycloak/keycloak (org.keycloak:keycloak-core)
v26.0.6
Compare Source
Highlights
Admin events might include now additional details about the context when the event is fired
In this release, admin events might hold additional details about the context when the event is fired. When upgrading you should expect the database schema being updated to add a new column
DETAILS_JSON
to theADMIN_EVENT_ENTITY
table.Updates to documentation of X.509 client certificate lookup via proxy
Potential vulnerable configurations have been identified in the X.509 client certificate lookup when using a reverse proxy. Additional configuration steps might be required depending on your current configuration. Make sure to review the updated reverse proxy guide if you have configured the client certificate lookup via a proxy header.
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
All resolved issues
Enhancements
docs
Bugs
ldap
ldap
ldap
ci
ci
ldap
admin/ui
admin/ui
organizations
admin/ui
admin/ui
admin/api
admin/api
admin/ui
admin/ui
dist/quarkus
admin/ui
infinispan
docs
docs
infinispan
core
login/ui
ci
Configuration
📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.