Skip to content

Try to submit the id token hint on logout#4540

Merged
thescouser89 merged 1 commit into
project-ncl:masterfrom
thescouser89:logout-id-hint
Jun 16, 2026
Merged

Try to submit the id token hint on logout#4540
thescouser89 merged 1 commit into
project-ncl:masterfrom
thescouser89:logout-id-hint

Conversation

@thescouser89

@thescouser89 thescouser89 commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Checklist:

  • Have you added unit tests for your change?

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output 
0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
		|-- opentelemetry-semconv-1.29.0-alpha.jar
			|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-api-3.6.0-SNAPSHOT-java-client-jakarta.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-client-3.6.0-SNAPSHOT-jakarta.jar
	|-- vertx-core-3.9.14.jar [1 MEDIUM]
		|-- netty-codec-http2-4.2.9.Final.jar [2 HIGH, 3 MEDIUM]
			|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
			|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-handler-proxy-4.2.9.Final.jar [1 MEDIUM]
			|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-resolver-dns-4.2.9.Final.jar [2 HIGH, 1 MEDIUM]
			|-- netty-codec-dns-4.2.9.Final.jar [1 HIGH]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
rest-client-3.6.0-SNAPSHOT.jar
|-- vertx-core-3.9.14.jar [1 MEDIUM]
	|-- netty-codec-http2-4.2.9.Final.jar [2 HIGH, 3 MEDIUM]
		|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-handler-proxy-4.2.9.Final.jar [1 MEDIUM]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-resolver-dns-4.2.9.Final.jar [2 HIGH, 1 MEDIUM]
		|-- netty-codec-dns-4.2.9.Final.jar [1 HIGH]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
|-- common-3.6.0-SNAPSHOT.jar
	|-- opentelemetry-instrumentation-annotations-2.24.0.jar
		|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
|-- dto-3.6.0-SNAPSHOT-patch-builders.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-api-3.5.0.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-api-3.6.0-SNAPSHOT-java-client.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- dto-3.6.0-SNAPSHOT.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
spi-3.6.0-SNAPSHOT.jar
|-- opentelemetry-instrumentation-annotations-2.24.0.jar
	|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
|-- dto-3.6.0-SNAPSHOT.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-api-3.5.0.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- model-3.6.0-SNAPSHOT.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-common-3.4.0.jar
		|-- opentelemetry-ext-cli-java-1.5.0.jar
			|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-exporter-otlp-1.58.0.jar
				|-- opentelemetry-exporter-sender-okhttp-1.58.0.jar
					|-- opentelemetry-exporter-common-1.58.0.jar
						|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-metrics-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-trace-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-sdk-1.58.0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-common-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-logs-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-semconv-1.29.0-alpha.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
test-common-3.6.0-SNAPSHOT.jar
|-- shrinkwrap-resolver-api-maven-3.3.4.jar
	|-- maven-model-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
|-- shrinkwrap-resolver-impl-maven-archive-3.3.4.jar
	|-- plexus-compiler-javac-2.15.0.jar
		|-- plexus-compiler-api-2.15.0.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-utils-3.5.1.jar [1 HIGH]
|-- shrinkwrap-resolver-impl-maven-3.3.4.jar
	|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
	|-- guice-5.1.0.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
	|-- maven-model-builder-3.9.9.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
		|-- maven-artifact-3.9.9.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-repository-metadata-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-resolver-provider-3.9.9.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-settings-builder-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-settings-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-sec-dispatcher-2.0.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- org.eclipse.sisu.plexus-0.9.0.M3.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
		|-- plexus-xml-3.0.1.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]


No Policy violations were detected

Project 'pnc' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=0225ec74-4391-4ac9-bfb5-714664caa6bb
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=c9f6fd516a5241de98250adf2d7ea547bc93772d823b4ff28dd89e6f18810351

Mend AI scan succeeded.

Support Token: 259ab6d9fc2b0426e94b7b30326a887e81781556766899
SAST scan output 
warning: 'error' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (mapper/src/main/java/org/jboss/pnc/mapper/abstracts/AbstractArtifactMapper.java:92)

Full logs and artifacts

@thescouser89 thescouser89 marked this pull request as ready for review June 16, 2026 17:58
@thescouser89 thescouser89 merged commit 529ce96 into project-ncl:master Jun 16, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thescouser89