No description

Find a file

Bruno Oliveira da Silva 8df561c675 CVE-2023-4586 - Hot Rod client does not enable hostname validation when using TLS that lead to a MITM attack A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. Closes #24328 Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>		2023-10-30 15:57:53 +01:00
.github	Cache Node.js installation and PNPM store	2023-10-30 07:50:06 -04:00
.idea	Add Intellij project icon	2023-09-18 12:39:16 +02:00
.mvn	Update Maven Wrapper to 3.2.0	2023-09-12 08:56:15 +02:00
adapters	Cache Node.js installation and PNPM store	2023-10-30 07:50:06 -04:00
authz	Group scalability upgrades (#22700 )	2023-10-26 16:50:45 +02:00
boms
common	Add TRANSIENT_USERS feature flag	2023-10-25 12:02:35 +02:00
core	Group scalability upgrades (#22700 )	2023-10-26 16:50:45 +02:00
crypto	Fix various bugs and issues in crypto/elytron (#23102 )	2023-10-03 09:42:57 +02:00
dependencies
distribution
docs	Cache Node.js installation and PNPM store	2023-10-30 07:50:06 -04:00
examples	Bump semver in /examples/cordova-native (#23351 )	2023-09-19 14:33:26 -04:00
federation	Group scalability upgrades (#22700 )	2023-10-26 16:50:45 +02:00
integration	Group scalability upgrades (#22700 )	2023-10-26 16:50:45 +02:00
js	Add some type-safety enhancements to `AttributesTab` (#24142 )	2023-10-30 14:57:07 +01:00
misc
model	fix to preload offline sessions faster	2023-10-30 12:58:06 +01:00
operator	fix: moves jgroups.dns.query to a system property (#24057 )	2023-10-20 09:50:29 +02:00
quarkus	Add TRANSIENT_USERS feature flag	2023-10-25 12:02:35 +02:00
rest	Group scalability upgrades (#22700 )	2023-10-26 16:50:45 +02:00
saml-core	Ensure that the EncryptedKey is passed to the DecryptionKeyLocator for SAML	2023-09-20 15:09:18 +02:00
saml-core-api
server-spi	Group scalability upgrades (#22700 )	2023-10-26 16:50:45 +02:00
server-spi-private	Add a property to the User Profile Email Validator for max length of the local part	2023-10-27 15:09:42 +02:00
services	Add userProfileEnabled attribute to realm response if admin can view users	2023-10-30 07:39:03 -07:00
testsuite	Add userProfileEnabled attribute to realm response if admin can view users	2023-10-30 07:39:03 -07:00
themes	Cache Node.js installation and PNPM store	2023-10-30 07:50:06 -04:00
util
.gitattributes
.gitignore	Cache Node.js installation and PNPM store	2023-10-30 07:50:06 -04:00
.gitleaks.toml
ADOPTERS.md
CONTRIBUTING.md	Removed links from relocated repositories (#19703 )	2023-04-13 12:59:43 -04:00
get-version.sh
GOVERNANCE.md	Removed links from relocated repositories (#19703 )	2023-04-13 12:59:43 -04:00
LICENSE.txt
MAINTAINERS.md	Add Alexander Schwartz to the list of maintainers	2023-06-27 06:45:06 -03:00
maven-settings.xml
mvnw	Update Maven Wrapper to 3.2.0	2023-09-12 08:56:15 +02:00
mvnw.cmd	Update Maven Wrapper to 3.2.0	2023-09-12 08:56:15 +02:00
pom.xml	CVE-2023-4586 - Hot Rod client does not enable hostname validation when using TLS that lead to a MITM attack	2023-10-30 15:57:53 +01:00
PR-CHECKLIST.md
README.md
set-version.sh	Fix set-version.sh's handling of NPM versions (#23638 )	2023-10-04 08:00:53 +02:00

README.md

Keycloak

Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services.

This repository contains the source code for the Keycloak Server, Java adapters and the JavaScript adapter.

Help and Documentation

Documentation
User Mailing List - Mailing list for help and general questions about Keycloak

Reporting Security Vulnerabilities

If you have found a security vulnerability, please look at the instructions on how to properly report it.

Reporting an issue

If you believe you have discovered a defect in Keycloak, please open an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.

Getting started

To run Keycloak, download the distribution from our website. Unzip and run:

bin/kc.[sh|bat] start-dev

Alternatively, you can use the Docker image by running:

docker run quay.io/keycloak/keycloak start-dev

For more details refer to the Keycloak Documentation.

Building from Source

To build from source, refer to the building and working with the code base guide.

Testing

To run tests, refer to the running tests guide.

Writing Tests

To write tests, refer to the writing tests guide.

Contributing

Before contributing to Keycloak, please read our contributing guidelines.

Other Keycloak Projects

Keycloak - Keycloak Server and Java adapters
Keycloak QuickStarts - QuickStarts for getting started with Keycloak
Keycloak Node.js Connect - Node.js adapter for Keycloak

License

Apache License, Version 2.0