generated from garronej/ts-ci
-
-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can you use the "Security" channel to notify security problems ? #439
Comments
remigauthierdocaposte
changed the title
Can you use the "Security" channel to any notify security problems ?
Can you use the "Security" channel to notify security problems ?
Oct 20, 2023
remigauthierdocaposte
added a commit
to remigauthierdocaposte/keycloakify
that referenced
this issue
Oct 20, 2023
To follow on keycloakify#439
Sure, whatever I can do to improve security and trust in Keycloakify. |
I have enabled private reporting. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
First of all, thanks for the work done on this projet !
This being said, we reported a problem with management of error message when username or password was not OK a few months ago (#217). It has been corrected fast but no security notification has been released to let other users know of this problem.
Second time, we just discovered that we were impacted by #362.
If we want to be able to use this library in a highly exposed context that needs high security level we need to be aware of those security problems to get the fixes/patches that are applied as soon as possible.
Usually for any other Github project we subscribe to the "Security" channel/tab to be aware of any security issue.
Do you think it is possible to follow this process for new security problems in the future ?
Let me know if you need help doing so.
The text was updated successfully, but these errors were encountered: