Closed trash-80 closed 1 year ago
Sorry for the delay. We are still working on developing processes to handle issues, and I have been away for a while (catching up now)!
This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.
We are finally cleaning up the issues database. There have been MANY changes since this issue was raised. We have moved from the old OSS Index vulnerability database to a new database that has a much larger research team.
In this particular case, our research team looked deeper into the issue, and determined that keycloak-core was not vulnerable, but keycloak-services was.
https://ossindex.sonatype.org/component/pkg:maven/org.keycloak/keycloak-services
We have moved to an email-based reporting system that is more closely aligned to our commercial issue tracking. Please forward future issues to ossindex@sonatype.org
Great, thanks for the update.
To facilitate future automation, please use the following format
Advisory details
More information Snyk found the issue, but OSSIndex missed this one