Hello,

It looks like there is/was a security issue in Keycloak < v15.1.1/v16.0. The only available information and notification for users and admins were posted on https://groups.google.com/g/keycloak-user/c/Zzsan5umND4 and https://groups.google.com/g/keycloak-user/c/Hr0awTh5ksA 3 days ago. Till now there is AFAIK no disclosure information or CVE or any further information available. There is also no information available in the changelog. Not even the information that 15.1.1 is a security release is included in the release description ot changelog... What's the severity of the fixed security issue? How big is the impact? Using only Google discussions to inform users that they have to patch their systems "asap" is also a bit questionable from my point of view. Would be nice to get further information.