diff --git a/keycloak-26.4.advisories.yaml b/keycloak-26.4.advisories.yaml index a4505913c9..ff6a9c958e 100644 --- a/keycloak-26.4.advisories.yaml +++ b/keycloak-26.4.advisories.yaml @@ -146,6 +146,11 @@ advisories: componentType: java-archive componentLocation: /opt/iamguarded/keycloak/lib/lib/main/com.microsoft.sqlserver.mssql-jdbc-10.2.4.jre11.jar scanner: grype + - timestamp: 2025-11-07T19:00:55Z + type: false-positive-determination + data: + type: vulnerable-code-not-included-in-package + note: 'The affected component’s suffix is non-standard for Maven parsing. It supports “.” as a delimiter, but treats jre11 as an unknown qualifier that sorts after known ones (alpha, beta, rc, ga, etc.), which breaks version matching. This vulnerability was resolved in the following PR for keycloak 26.4.2-r2: https://github.com/wolfi-dev/os/pull/71234' - id: CGA-rgqm-77gj-629j aliases: