CVE-2025-3910 - was the fix made available to 26.1.x?

[Francis Augusto Medeiros-Logeay]

Hi,

I saw this issue (https://github.com/keycloak/keycloak/issues/38841), where the CVE-2025-3910 vulnerability was described. 

I also see that the fix is back ported to release/26.0 and 26.2. I was wondering if 26.1 won’t get a fix as well?

Best,

Francis

[Jon Koops]

There will be no backports for 26.1, fixes are only backported for downstream projects that do LTS releases. There will also be no further releases of 26.0, even if backports are done, these are purely for downstream distributions of Keycloak. Only the latest version of Keycloak will receive official distributions of the fixes, in this case 26.2.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/keycloak-user/FFAEA5C9-6F25-4F0B-A994-5FB398D379BF%40gmail.com.