Skip to content

Improve handling for loopback redirect-uri validation (#195)#33189

Merged
ahus1 merged 1 commit into
keycloak:mainfrom
stianst:cve-to-main
Sep 23, 2024
Merged

Improve handling for loopback redirect-uri validation (#195)#33189
ahus1 merged 1 commit into
keycloak:mainfrom
stianst:cve-to-main

Conversation

@stianst

@stianst stianst commented Sep 23, 2024
edited
Loading

Copy link
Copy Markdown
Contributor

Closes #33115

Signed-off-by: stianst stianst@gmail.com

@stianst stianst requested review from a team as code owners September 23, 2024 09:04
rmartinc
rmartinc approved these changes Sep 23, 2024
View reviewed changes

@rmartinc rmartinc left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Sep 23, 2024
Closed
keycloak-github-bot[bot]
keycloak-github-bot Bot reviewed Sep 23, 2024
View reviewed changes

@keycloak-github-bot keycloak-github-bot Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot

keycloak-github-bot Bot commented Sep 23, 2024

Copy link
Copy Markdown

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.forms.LevelOfAssuranceFlowTest#testWithOTPAndRecoveryCodesAtLevel2

Keycloak CI - Forms IT (chrome)

java.lang.AssertionError: Event expected
	at org.junit.Assert.fail(Assert.java:89)
	at org.junit.Assert.assertTrue(Assert.java:42)
	at org.junit.Assert.assertNotNull(Assert.java:713)
	at org.keycloak.testsuite.AssertEvents.poll(AssertEvents.java:91)
...

Report flaky test

ahus1
ahus1 approved these changes Sep 23, 2024
View reviewed changes

@ahus1 ahus1 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving based on previous reviews.

@ahus1 ahus1 merged commit af5eef5 into keycloak:main Sep 23, 2024
@ebarped ebarped mentioned this pull request Nov 13, 2024
Closed
@stianst stianst deleted the cve-to-main branch November 18, 2024 07:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahus1 ahus1 ahus1 approved these changes

@rmartinc rmartinc rmartinc approved these changes

+2 more reviewers

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

@jonkoops jonkoops jonkoops approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

flaky-test team/cloud-native team/core-clients team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE-2024-8883 Vulnerable Redirect URI Validation Results in Open Redirect

4 participants

@stianst @jonkoops @ahus1 @rmartinc