Keycloak

Форк
0
51 строка · 2.4 Кб
1
version: v1.22.2
2
ignore:
3
  SNYK-JAVA-ORGKEYCLOAK-1062507:
4
    - "*":
5
        reason: >
6
          The Keycloak core module is not affected by Open Redirect
7
          Vulnerability (CVE-2020-1723), that relates to Gatekeeper, an old
8
          project already decommissioned from our org. More details:
9
            - https://issues.redhat.com/browse/KEYCLOAK-11318
10
            - https://www.keycloak.org/2020/08/sunsetting-louketo-project.adoc
11
            - https://hub.docker.com/r/keycloak/keycloak-gatekeeper
12
  SNYK-JAVA-ORGKEYCLOAK-1088339:
13
    - "*":
14
        reason: >
15
          The Keycloak services module is not affected by CVE-2021-3461 anymore,  
16
          the issue was fixed on Keycloak 14.0.0 last year. More details:
17
            - https://issues.redhat.com/browse/KEYCLOAK-17495
18
  SNYK-JAVA-IONETTY-1042268:
19
    - "*":
20
        reason: >
21
          There is no fixed version for io.netty:netty-handler. More details:
22
            - https://github.com/netty/netty/issues/10806
23
            - https://github.com/netty/netty/issues/8537
24
            - https://github.com/netty/netty/issues/9930
25
            - https://github.com/netty/netty/issues/10362
26
          Netty Handler is a transitive dependency coming from Quarkus,
27
          according to the Netty team, the fix should be available on Netty 5.
28
          The expiry date was set as a reminder for us to upgrade, once they
29
          provide the fix.
30
        expires: 2024-06-31T00:00:00.000Z
31
  SNYK-JAVA-ORGKEYCLOAK-1658295:
32
    - "*":
33
        reason: >
34
          Keycloak is no longer vulnerable. The issue was fixed on Keycloak 18.0.0
35
          More details:
36
            - https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v   
37
            - https://access.redhat.com/security/cve/cve-2021-3827
38
  SNYK-JAVA-ORGKEYCLOAK-1083276:
39
    - "*":
40
        reason: >
41
          Keycloak is no longer vulnerable. The issue was fixed on Keycloak 18.0.0
42
          More details:
43
            - https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf   
44
            - https://access.redhat.com/security/cve/cve-2021-3424              
45
  SNYK-JAVA-ORGKEYCLOAK-2987457:
46
    - "*":
47
        reason: >
48
          Keycloak is no longer vulnerable. The issue was fixed on Keycloak 19.0.2
49
          More details:
50
            - https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v   
51
            - https://access.redhat.com/security/cve/CVE-2022-2668
52

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.