CVE-2025-1247 : io.quarkus:quarkus-rest (3.15.3)

111 views

Skip to first unread message

Venkat jamadar

unread,

Feb 26, 2025, 4:11:56 AMFeb 26

to Keycloak User

Hi All,

We are currently using Keycloak version 26.1.2, which relies on io.quarkus:quarkus-rest 3.15.3 that is vulnerable. We updated to 3.18.2, but we can not build the package due to the error below.

did someone face the same issue or any suggestions are highly appreciated.

below are the infinite logs when we run the command : mvn clean install

DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource DefaultValuesConfigSource with ordinal -2147483648
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource PropertiesConfigSource[source=CliConfigSource] with ordinal 600
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource KcEnvVarConfigSource with ordinal 500
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource QuarkusProperties jar:file:///Users/venkatjamadar/Documents/Idrica/neom/keycloak/keycloak/quarkus/runtime/target/keycloak-quarkus-server-26.1.2.jar!/META-INF/services/quarkus.properties with ordinal 450
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource SysPropConfigSource with ordinal 400
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource EnvConfigSource with ordinal 300
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource PropertiesConfigSource[source=jar:file:///Users/venkatjamadar/Documents/Idrica/neom/keycloak/keycloak/quarkus/server/target/keycloak.jar!/application.properties] with ordinal 250
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource PropertiesConfigSource[source=jar:file:///Users/venkatjamadar/Documents/Idrica/neom/keycloak/keycloak/quarkus/runtime/target/keycloak-quarkus-server-26.1.2.jar!/application.properties] with ordinal 250
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource PersistedConfigSource with ordinal 200
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource jar:file:///Users/venkatjamadar/Documents/Idrica/neom/keycloak/keycloak/quarkus/runtime/target/keycloak-quarkus-server-26.1.2.jar!/META-INF/keycloak.conf with ordinal 150
[DEBUG] [io.smallrye.config] (main) SRCFG01006: Loaded ConfigSource DefaultValuesConfigSource with ordinal -2147483648

Thanks,

Venkat

Alexander Schwartz

unread,

Mar 1, 2025, 6:47:58 AMMar 1

to Venkat jamadar, Keycloak User

Hi,

there is now Keycloak version 26.1.3 available which upgraded to Quarkus 3.15.3.1 - see https://github.com/keycloak/keycloak/issues/37683

Best,

Alexander

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/keycloak-user/8292fdf6-bfb6-43c9-9171-ca63359a2723n%40googlegroups.com.

Alexander Schwartz, RHCE

He/Him

Principal Software Engineer, Keycloak Maintainer

Red Hat - Germany remote

asch...@redhat.com

Red Hat GmbH, Registered seat: Werner von Siemens Ring 12, D-85630 Grasbrunn, Germany
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross

Reply all

Reply to author

Forward

0 new messages