Have a look on Red-Hat SSO release information. [0]
Above page outlines commercially supported versions. On this page you
can see which versions of Keycloak are related to product.
If you track vulnerability databases [1] you can find if Keycloak is
affected. You can also look at Red Hat SSO related CVEs. [2]
Be aware that once CVE is published, if its critical, you might have a
very narrow window to patch Keycloak. Also time from reporting to
publishing is known only to RH, it might be that issue remains for
several months before it is announced and open source version is fixed.
Because patches for old versions are not published you will need to back
port fix from latest keycloak release to older one or find solution
yourself. It might not be straight. Some CVEs might be a result of
improper configuration, but its not always the case.
Best,
Łukasz
--
Independent Open Source consultant ;)
http://code-house.org |
http://dywicki.pl
[0]
https://access.redhat.com/articles/2342881
[1]
https://nvd.nist.gov/vuln/search
[2]
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Aredhat%3Asingle_sign-on&status=FINAL%2CDEPRECATED
On 18.05.2022 13:51, Jon Koops wrote:
> We do not provide any support for older Keycloak versions, it is
> recommended to update the latest version or Keycloak at all times. If
> you are looking for extended support we provide Red Hat SSO
> <
https://access.redhat.com/products/red-hat-single-sign-on> as a
> commercial product.
>
> On Wed, May 18, 2022 at 1:50 PM 'Yury Kitkevich' via Keycloak User
> <
keyclo...@googlegroups.com <mailto:
keyclo...@googlegroups.com>>
> <mailto:
keycloak-use...@googlegroups.com>.
> <
https://groups.google.com/d/msgid/keycloak-user/34a67ed8-388e-4684-abe5-eb75577bc76bn%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Keycloak User" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
keycloak-use...@googlegroups.com
> <mailto:
keycloak-use...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/keycloak-user/CAEdmLYHtKiW3Ap%3DQQ7VZoYY-8V2ynzx%2BuYBZ2F5TBu%2BOFPj4Jw%40mail.gmail.com
> <
https://groups.google.com/d/msgid/keycloak-user/CAEdmLYHtKiW3Ap%3DQQ7VZoYY-8V2ynzx%2BuYBZ2F5TBu%2BOFPj4Jw%40mail.gmail.com?utm_medium=email&utm_source=footer>.