Skip to content

keycloak/24.0.3 package update #16974

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 17, 2024
Merged

keycloak/24.0.3 package update #16974

merged 1 commit into from
Apr 17, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Apr 16, 2024

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Apr 16, 2024
@github-actions GitHub Actions
Copy link
Contributor

Package keycloak: Click to expand/collapse

Package keycloak:

.PKGINFO metadata:

  (
  	"""
- 	# Generated by melange v0.15.17-14-g4085650
+ 	# Generated by melange v0.6.11-2-g5643b49
  	pkgname = keycloak
- 	pkgver = 24.0.2-r1
+ 	pkgver = 24.0.3-r0
  	arch = x86_64
- 	size = 195075711
+ 	size = 195097841
  	origin = keycloak
  	pkgdesc = Open Source Identity and Access Management For Modern Applications and Services
  	url = 
- 	commit = ab4a925e40e58ffea0ffc6ce113c6e6b6c4be97f
- 	builddate = 1712616391
+ 	commit = f9b8a76f95b2049ef316733ded2205be96e14b98
  	license = Apache-2.0
  	depend = bash
  	depend = openjdk-17-default-jvm
- 	datahash = daaf919eac3e75f0854ed8af3460b5b407a1df4165989c609d17e6b40dc549b3
+ 	datahash = 2de25e08a59905a9e1f0b198ed283e809effc9925e093d723297653aae969c21
  	"""
  )

Added: /usr/share/java/keycloak/bin/client/keycloak-admin-cli-24.0.3.jar
Added: /usr/share/java/keycloak/bin/client/keycloak-client-registration-cli-24.0.3.jar
Added: /usr/share/java/keycloak/bin/client/lib/keycloak-crypto-default-24.0.3.jar
Added: /usr/share/java/keycloak/bin/client/lib/keycloak-crypto-fips1402-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/deployment/org.keycloak.keycloak-quarkus-server-deployment-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-account-ui-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-admin-ui-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-authz-policy-common-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-common-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-config-api-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-core-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-crypto-default-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-crypto-fips1402-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-js-adapter-jar-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-kerberos-federation-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-ldap-federation-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-infinispan-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-jpa-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-legacy-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-private-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-services-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-rest-admin-ui-ext-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-saml-core-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-saml-core-public-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-server-spi-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-server-spi-private-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-services-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-sssd-federation-24.0.3.jar
Added: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-themes-24.0.3.jar
Modified: /usr/share/java/keycloak/bin/kcadm.bat
Modified: /usr/share/java/keycloak/bin/kcadm.sh
Modified: /usr/share/java/keycloak/bin/kcreg.bat
Modified: /usr/share/java/keycloak/bin/kcreg.sh
Modified: /usr/share/java/keycloak/lib/app/keycloak.jar
Modified: /usr/share/java/keycloak/lib/lib/deployment/appmodel.dat
Modified: /usr/share/java/keycloak/lib/lib/deployment/deployment-class-path.dat
Modified: /usr/share/java/keycloak/lib/quarkus/build-system.properties
Modified: /usr/share/java/keycloak/lib/quarkus/generated-bytecode.jar
Modified: /usr/share/java/keycloak/lib/quarkus/quarkus-application.dat
Modified: /usr/share/java/keycloak/lib/quarkus/transformed-bytecode.jar
Modified: /usr/share/java/keycloak/lib/quarkus-run.jar
Modified: /usr/share/java/keycloak/themes/README.md
Modified: /usr/share/java/keycloak/version.txt
Deleted: /usr/share/java/keycloak/bin/client/keycloak-admin-cli-24.0.2.jar
Deleted: /usr/share/java/keycloak/bin/client/keycloak-client-registration-cli-24.0.2.jar
Deleted: /usr/share/java/keycloak/bin/client/lib/keycloak-crypto-default-24.0.2.jar
Deleted: /usr/share/java/keycloak/bin/client/lib/keycloak-crypto-fips1402-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/deployment/org.keycloak.keycloak-quarkus-server-deployment-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-account-ui-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-admin-ui-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-authz-policy-common-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-common-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-config-api-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-core-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-crypto-default-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-crypto-fips1402-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-js-adapter-jar-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-kerberos-federation-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-ldap-federation-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-infinispan-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-jpa-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-legacy-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-private-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-services-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-rest-admin-ui-ext-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-saml-core-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-saml-core-public-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-server-spi-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-server-spi-private-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-services-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-sssd-federation-24.0.2.jar
Deleted: /usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-themes-24.0.2.jar

bincapz found differences: Click to expand/collapse

Deleted: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-services-24.0.2.jar

RISK KEY DESCRIPTION
meta lang c++
-2/MEDIUM net/http/cookies able to access HTTP resources using cookies

Deleted: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-themes-24.0.2.jar

RISK KEY DESCRIPTION
meta lang c++
-2/MEDIUM net/bpf bPF (Berkeley Packet Filter)
-2/MEDIUM net/upload uploads files
-2/MEDIUM ref/path/relative references and possibly executes relative path: "./do"
-2/MEDIUM security_controls/linux/ufw interacts with the ufw firewall
-1/LOW encoding/base64 supports base64 encoded strings
-1/LOW net/oauth2 supports OAuth2
-1/LOW ref/path/hidden possible hidden file path: "/common/resources/node_modules/.pnpm"
-1/LOW ref/words/password references a password: "password"

Deleted: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-account-ui-24.0.2.jar

RISK KEY DESCRIPTION
meta lang c++
-2/MEDIUM ref/path/relative references and possibly executes relative path: "./qv"

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-services-24.0.3.jar (score: 0.904950)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-themes-24.0.3.jar (score: 0.916129)

Previous Risk: ✅ 0/NONE
New Risk: ✅ 2/MEDIUM

RISK KEY DESCRIPTION
+2/MEDIUM net/bpf bPF (Berkeley Packet Filter)
+2/MEDIUM net/upload uploads files
+2/MEDIUM ref/path/relative references and possibly executes relative path: "./do"
+2/MEDIUM security_controls/linux/ufw interacts with the ufw firewall
+1/LOW encoding/base64 supports base64 encoded strings
+1/LOW net/oauth2 supports OAuth2
+1/LOW ref/path/hidden possible hidden file path: "/common/resources/node_modules/.pnpm"
+1/LOW ref/words/password references a password: "password"

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-sssd-federation-24.0.3.jar (score: 0.904255)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-account-ui-24.0.3.jar (score: 0.909677)

Previous Risk: ✅ 0/NONE
New Risk: ✅ 1/LOW

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-admin-ui-24.0.3.jar (score: 0.916129)

Previous Risk: ✅ 0/NONE
New Risk: ✅ 2/MEDIUM

RISK KEY DESCRIPTION
+2/MEDIUM net/bpf bPF (Berkeley Packet Filter)
+2/MEDIUM ref/path/relative references and possibly executes relative path: "./ia"
+2/MEDIUM security_controls/linux/ufw interacts with the ufw firewall
+1/LOW crypto/aes supports AES (Advanced Encryption Standard)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-core-24.0.3.jar (score: 0.916129)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-jpa-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-infinispan-24.0.3.jar (score: 0.943158)

Previous Risk: ✅ 2/MEDIUM
New Risk: ✅ 1/LOW

RISK KEY DESCRIPTION
-2/MEDIUM databases/mysql accesses MySQL databases

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-kerberos-federation-24.0.3.jar (score: 0.902041)

Moved: keycloak/usr/share/java/keycloak/lib/lib/deployment/org.keycloak.keycloak-quarkus-server-deployment-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/deployment/org.keycloak.keycloak-quarkus-server-deployment-24.0.3.jar (score: 0.994545)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-server-spi-24.0.3.jar (score: 0.922581)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-config-api-24.0.3.jar (score: 0.909677)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-legacy-24.0.3.jar (score: 0.916129)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.3.jar (score: 0.993548)

Moved: keycloak/usr/share/java/keycloak/bin/client/keycloak-admin-cli-24.0.2.jar -> keycloak/usr/share/java/keycloak/bin/client/keycloak-admin-cli-24.0.3.jar (score: 0.991781)

Moved: keycloak/usr/share/java/keycloak/bin/client/lib/keycloak-crypto-fips1402-24.0.2.jar -> keycloak/usr/share/java/keycloak/bin/client/lib/keycloak-crypto-fips1402-24.0.3.jar (score: 0.992771)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-services-24.0.3.jar (score: 0.922581)

Previous Risk: ✅ 0/NONE
New Risk: ✅ 2/MEDIUM

RISK KEY DESCRIPTION
+2/MEDIUM net/http/cookies able to access HTTP resources using cookies

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-crypto-default-24.0.3.jar (score: 0.909677)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-ldap-federation-24.0.3.jar (score: 0.910638)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-common-24.0.3.jar (score: 0.903226)

Moved: keycloak/usr/share/java/keycloak/bin/client/lib/keycloak-crypto-fips1402-24.0.2.jar -> keycloak/usr/share/java/keycloak/bin/client/lib/keycloak-crypto-default-24.0.3.jar (score: 0.934940)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-jpa-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-saml-core-public-24.0.3.jar (score: 0.911579)

Previous Risk: ✅ 2/MEDIUM
New Risk: ✅ 0/NONE

RISK KEY DESCRIPTION
-2/MEDIUM databases/mysql accesses MySQL databases

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-server-spi-private-24.0.3.jar (score: 0.907216)

Previous Risk: ✅ 0/NONE
New Risk: ✅ 1/LOW

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-jpa-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-private-24.0.3.jar (score: 0.916000)

Previous Risk: ✅ 2/MEDIUM
New Risk: ✅ 0/NONE

RISK KEY DESCRIPTION
-2/MEDIUM databases/mysql accesses MySQL databases

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-jpa-24.0.3.jar (score: 0.909677)

Previous Risk: ✅ 0/NONE
New Risk: ✅ 2/MEDIUM

RISK KEY DESCRIPTION
+2/MEDIUM databases/mysql accesses MySQL databases

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-jpa-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-crypto-fips1402-24.0.3.jar (score: 0.910638)

Previous Risk: ✅ 2/MEDIUM
New Risk: ✅ 0/NONE

RISK KEY DESCRIPTION
-2/MEDIUM databases/mysql accesses MySQL databases

Moved: keycloak/usr/share/java/keycloak/bin/client/keycloak-client-registration-cli-24.0.2.jar -> keycloak/usr/share/java/keycloak/bin/client/keycloak-client-registration-cli-24.0.3.jar (score: 0.993103)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-js-adapter-jar-24.0.3.jar (score: 0.916129)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-rest-admin-ui-ext-24.0.3.jar (score: 0.900000)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-saml-core-24.0.3.jar (score: 0.929032)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-model-storage-24.0.3.jar (score: 0.916129)

Moved: keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-common-24.0.2.jar -> keycloak/usr/share/java/keycloak/lib/lib/main/org.keycloak.keycloak-authz-policy-common-24.0.3.jar (score: 0.914286)

@debasishbsws debasishbsws self-assigned this Apr 17, 2024
@debasishbsws
Copy link
Member

Trying to fix the CVE

@debasishbsws
Copy link
Member

Getting issues with the CVE fix. Merging this one and will try to fix that on the other PR

@debasishbsws debasishbsws merged commit b3ec0bd into main Apr 17, 2024
@debasishbsws debasishbsws deleted the wolfictl-c6c4bb56-3937-40e3-8e1f-f7b99e55e5dc branch April 17, 2024 07:19
@philroche philroche mentioned this pull request Sep 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@debasishbsws debasishbsws debasishbsws approved these changes

Assignees

@debasishbsws debasishbsws

Labels
automated pr request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@debasishbsws @wolfi-bot