Skip to content

Fix CVE#24

Draft
Pankraz76 wants to merge 4 commits into
mainfrom
fix-CVE
Draft

Fix CVE#24
Pankraz76 wants to merge 4 commits into
mainfrom
fix-CVE

Conversation

@Pankraz76

Copy link
Copy Markdown
Owner

No description provided.

Vincent Potucek added 4 commits November 13, 2025 11:18
Comment thread .trivyignore
@@ -0,0 +1,35 @@
CVE-2015-6420 # commons-collections:commons-collections
CVE-2015-7501 # commons-collections:commons-collections

@Pankraz76 Pankraz76 Nov 13, 2025

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ahus1

Having five critical issues is already significant, but matching your scope to medium still represents quite a lot of security leaks for a security tool. Please consider addressing these, as we don’t want vulnerabilities in our security layer — this seems important.

Failing the build in favor of a simple version bump, instead of allowing leaks into production, would be a better and more responsible approach, especially in a security-sensitive context. Losing reputation could put the entire project at risk. If this information were to reach a malicious group, it would provide strong motivation to patch and take the topic top prior.

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe checkin on every commit is a little to much. The current trivy config checking the image-ref: quay.io/keycloak/${{ matrix.container }}:nightly seems fine.

Never the less I kind of can confirm there are a lot of issues, fixed by a simple patch lvl version bump.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant