Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JBEAP-26098] CVE-2023-6236 wildfly: JBoss EAP: OIDC app attempting to access the second tenant, the user should be prompted to log #2130

Merged
merged 2 commits into from
Apr 22, 2024

Conversation

ivassile
Copy link
Contributor

fjuma added 2 commits April 18, 2024 09:02
…count against the provider-url required for a request to determine if a cached token can be used
a valid token from one tenant cannot be used to access another tenant
@ivassile
Copy link
Contributor Author

@fjuma Do we need a review on backports or 3acks + CI pass is enough to merge?

@fjuma
Copy link
Contributor

fjuma commented Apr 18, 2024

@ivassile For backports, the main things needed are the acks and CI passing. In general, it's good to get at least one approval as a sanity check.

Copy link
Contributor

@fjuma fjuma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ivassile!

@ivassile ivassile merged commit 175dae9 into wildfly-security:1.15.x Apr 22, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants