Bump org.keycloak:keycloak-core from 18.0.11.redhat-00001 to 26.4.12.redhat-00001 by dependabot[bot] · Pull Request #4537 · project-ncl/pnc

dependabot · 2026-06-15T20:42:55Z

Bumps org.keycloak:keycloak-core from 18.0.11.redhat-00001 to 26.4.12.redhat-00001.

Release notes

Sourced from org.keycloak:keycloak-core's releases.

26.4.7

26.4.6

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.keycloak:keycloak-core](https://github.com/keycloak/keycloak) from 18.0.11.redhat-00001 to 26.4.12.redhat-00001. - [Release notes](https://github.com/keycloak/keycloak/releases) - [Commits](https://github.com/keycloak/keycloak/commits) --- updated-dependencies: - dependency-name: org.keycloak:keycloak-core dependency-version: 26.4.12.redhat-00001 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-06-15T20:49:11Z

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output

0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
		|-- opentelemetry-semconv-1.29.0-alpha.jar
			|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-api-3.6.0-SNAPSHOT-java-client-jakarta.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-client-3.6.0-SNAPSHOT-jakarta.jar
	|-- vertx-core-3.9.14.jar [1 MEDIUM]
		|-- netty-codec-http2-4.2.9.Final.jar [2 HIGH, 3 MEDIUM]
			|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
			|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-handler-proxy-4.2.9.Final.jar [1 MEDIUM]
			|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-resolver-dns-4.2.9.Final.jar [2 HIGH, 1 MEDIUM]
			|-- netty-codec-dns-4.2.9.Final.jar [1 HIGH]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
rest-client-3.6.0-SNAPSHOT.jar
|-- vertx-core-3.9.14.jar [1 MEDIUM]
	|-- netty-codec-http2-4.2.9.Final.jar [2 HIGH, 3 MEDIUM]
		|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-handler-proxy-4.2.9.Final.jar [1 MEDIUM]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-resolver-dns-4.2.9.Final.jar [2 HIGH, 1 MEDIUM]
		|-- netty-codec-dns-4.2.9.Final.jar [1 HIGH]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
|-- common-3.6.0-SNAPSHOT.jar
	|-- opentelemetry-instrumentation-annotations-2.24.0.jar
		|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
|-- dto-3.6.0-SNAPSHOT-patch-builders.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-api-3.6.0-SNAPSHOT-java-client.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- dto-3.6.0-SNAPSHOT.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-api-3.5.0.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
spi-3.6.0-SNAPSHOT.jar
|-- opentelemetry-instrumentation-annotations-2.24.0.jar
	|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
|-- dto-3.6.0-SNAPSHOT.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-api-3.5.0.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- model-3.6.0-SNAPSHOT.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-common-3.4.0.jar
		|-- opentelemetry-ext-cli-java-1.5.0.jar
			|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-exporter-otlp-1.58.0.jar
				|-- opentelemetry-exporter-sender-okhttp-1.58.0.jar
					|-- opentelemetry-exporter-common-1.58.0.jar
						|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-metrics-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-sdk-1.58.0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-common-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-logs-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-trace-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-semconv-1.29.0-alpha.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
test-common-3.6.0-SNAPSHOT.jar
|-- shrinkwrap-resolver-api-maven-3.3.4.jar
	|-- maven-model-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
|-- shrinkwrap-resolver-impl-maven-archive-3.3.4.jar
	|-- guice-5.1.0.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
	|-- plexus-compiler-javac-2.15.0.jar
		|-- plexus-compiler-api-2.15.0.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- org.eclipse.sisu.plexus-0.9.0.M3.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
		|-- plexus-xml-3.0.1.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]
|-- shrinkwrap-resolver-impl-maven-3.3.4.jar
	|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
	|-- maven-model-builder-3.9.9.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
		|-- maven-artifact-3.9.9.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-repository-metadata-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-resolver-provider-3.9.9.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-settings-builder-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-settings-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-sec-dispatcher-2.0.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-utils-3.5.1.jar [1 HIGH]


No Policy violations were detected

Project 'pnc' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=0225ec74-4391-4ac9-bfb5-714664caa6bb
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=c9f6fd516a5241de98250adf2d7ea547bc93772d823b4ff28dd89e6f18810351

Mend AI scan succeeded.

Support Token: 24e28b2d09a9a4549b3f0810affb13c821781556501870

SAST scan output

warning: 'error' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (mapper/src/main/java/org/jboss/pnc/mapper/abstracts/AbstractArtifactMapper.java:92)

Full logs and artifacts

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 15, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.keycloak:keycloak-core from 18.0.11.redhat-00001 to 26.4.12.redhat-00001#4537

Bump org.keycloak:keycloak-core from 18.0.11.redhat-00001 to 26.4.12.redhat-00001#4537
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/org.keycloak-keycloak-core-26.4.12.redhat-00001

dependabot Bot commented on behalf of github Jun 15, 2026

Uh oh!

github-actions Bot commented Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 15, 2026

26.4.7

26.4.6

Uh oh!

github-actions Bot commented Jun 15, 2026

Mend Scan Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants