Can you use the "Security" channel to notify security problems ? #439
Comments
remigauthierdocaposte
changed the title
remigauthierdocaposte
added a commit
to remigauthierdocaposte/keycloakify
that referenced
this issue
Oct 20, 2023
To follow on keycloakify#439
|
Sure, whatever I can do to improve security and trust in Keycloakify. |
|
I have enabled private reporting. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
First of all, thanks for the work done on this projet !
This being said, we reported a problem with management of error message when username or password was not OK a few months ago (#217). It has been corrected fast but no security notification has been released to let other users know of this problem.
Second time, we just discovered that we were impacted by #362.
If we want to be able to use this library in a highly exposed context that needs high security level we need to be aware of those security problems to get the fixes/patches that are applied as soon as possible.
Usually for any other Github project we subscribe to the "Security" channel/tab to be aware of any security issue.
Do you think it is possible to follow this process for new security problems in the future ?
Let me know if you need help doing so.
The text was updated successfully, but these errors were encountered: