You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@mvk37 could you please provide some evidence from security scanners? The report below does not report any vulnerable dependencies:
❯ trivy image --timeout 25m quay.io/keycloak/keycloak:22.0.5
2023-11-06T18:38:34.462-0300 WARN No OS package is detected. Make sure you haven't deleted any files that contain information about the installed packages.
2023-11-06T18:38:34.462-0300 WARN e.g. files under "/lib/apk/db/", "/var/lib/dpkg/" and "/var/lib/rpm"
2023-11-06T18:38:34.462-0300 INFO Detected OS: redhat
2023-11-06T18:38:34.462-0300 WARN This OS version is not on the EOL list: redhat 9
2023-11-06T18:38:34.462-0300 INFO Detecting RHEL/CentOS vulnerabilities...
2023-11-06T18:38:34.462-0300 INFO Number of PL dependency files: 409
2023-11-06T18:38:34.462-0300 INFO Detecting jar vulnerabilities...
2023-11-06T18:38:34.480-0300 WARN This OS version is no longer supported by the distribution: redhat 9.2
2023-11-06T18:38:34.480-0300 WARN The vulnerability detection may be insufficient because security updates are not provided
quay.io/keycloak/keycloak:22.0.5 (redhat 9.2)
=============================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
@mvk37 now I see the problem. The dependency, you mentioned, was updated as part of Keycloak. Although, we also have mysql-connector-java as a transitive dependency coming from Quarkus:
Before reporting an issue
Area
dependencies
Describe the bug
Two previous attempts to upgrade to Connector/J to 8.0.33 wasn't successful.
#21199
#23366
Keycloak 22.0.5 still contains mysql.mysql-connector-java-8.0.30.jar. Could you update it to 8.0.33 in next release?
Version
22.0.5
Expected behavior
Connector/J 8.0.33 or higher
Actual behavior
Connector/J 8.0.30
How to Reproduce?
Check folder lib\lib\main in Keycloak 22.0.5 distribution
Anything else?
No response
The text was updated successfully, but these errors were encountered: