0

We have passed Apiman-2.0.0.final through security scans and came up with some critical/high vulnerabilities, mostly relevant to keycloak-core-10.0.2. Fixes for this vulnerability are available in higher versions of keycloak.

I would like to know how do you handle these scenarios. Should we repackage the war locally for us to use? We can create a pull request if it works. Should we open a Jira item? I cannot see 2.0.0 being supported on red hat Jira. https://issues.redhat.com/projects/APIMAN/summary

pana
  • 3
  • 2
  • 1
    Stackoverflow is a great community platform for finding answers, however, it is not always the correct choice: In your case there is certainly a github project community with Issues and Pull Requests to discuss and handle exactly such questions. – Ralf Ulrich Jun 02 '21 at 09:44

1 Answers1

1

Please post issues on our GitHub issue tracker, not stack overflow https://github.com/apiman/apiman/issues

We're using a newer version of Keycloak for the upcoming community release. You can indeed use your own separate Keycloak instance (recommended for a real deployment), rather than the one bundled in the quickstart.

msavy
  • 61
  • 3
  • BTW, to anyone reading this thread, please consider upgrading to the newest version of Apiman rather than sticking to 2.0.0.Final - many versions have been released since. – msavy Apr 20 '22 at 08:35