31 lines
1.4 KiB
Text
31 lines
1.4 KiB
Text
|
version: v1.22.2
|
||
|
|
ignore:
|
||
|
|
SNYK-JAVA-ORGKEYCLOAK-1062507:
|
||
|
|
- '*':
|
||
|
|
reason: >
|
||
|
|
The Keycloak core module is not affected by Open Redirect
|
||
|
|
Vulnerability (CVE-2020-1723), that relates to Gatekeeper, an old
|
||
|
|
project already decommissioned from our org. More details:
|
||
|
|
- https://issues.redhat.com/browse/KEYCLOAK-11318
|
||
|
|
- https://www.keycloak.org/2020/08/sunsetting-louketo-project.adoc
|
||
|
|
- https://hub.docker.com/r/keycloak/keycloak-gatekeeper
|
||
|
|
SNYK-JAVA-ORGKEYCLOAK-1088339:
|
||
|
|
- '*':
|
||
|
|
reason: >
|
||
|
|
The Keycloak services module is not affected by CVE-2021-3461 anymore,
|
||
|
|
the issue was fixed on Keycloak 14.0.0 last year. More details:
|
||
|
|
- https://issues.redhat.com/browse/KEYCLOAK-17495
|
||
|
|
SNYK-JAVA-IONETTY-1042268:
|
||
|
|
- '*':
|
||
|
|
reason: >
|
||
|
|
There is no fixed version for io.netty:netty-handler. More details:
|
||
|
|
- https://github.com/netty/netty/issues/10806
|
||
|
|
- https://github.com/netty/netty/issues/8537
|
||
|
|
- https://github.com/netty/netty/issues/9930
|
||
|
|
- https://github.com/netty/netty/issues/10362
|
||
|
|
Netty Handler is a transitive dependency coming from Quarkus,
|
||
|
|
according to the Netty team, the fix should be available on Netty 5.
|
||
|
|
The expiry date was set as a reminder for us to upgrade, once they
|
||
|
|
provide the fix.
|
||
|
|
expires: 2022-05-31T00:00:00.000Z
|