Dominik Guhr

@abstractj 👀 ? Seems the cve is about gatekeeper, not keycloak itself.

@vmuzikar @pedroigor This seems to be an unexpected regression from 18.0.2 (see issue), so another convenient and backwards compatible option would be to have a transformer for relative path in...

@vmuzikar @pedroigor just to confirm, we have a regression: ``` docker run --rm -it -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:18.0.2 start --auto-build --http-relative-path=auth --http-enabled=true --hostname-strict=false --hostname-strict-https=false --health-enabled=true ``` shows...

@pedroigor oh, yes. that's a bit unexpected, running it in isolation worked. will investigate.

@pedroigor I have to admit I can't quite make sense of this error. on my local machine I am not able to reproduce it. I even deleted the test that...

thanks for the fast response! You are right, conditionals may be helpful. I think 2nd approach is not usable as is, because it's more coarse grained for us, its either...

just created a little approvaltest extension to have a KcNamerFactory that has a `WindowsOrUnixOsEnvironmentLabeller` inside that returns either "windows" when os.name (to lower) contains "windows", or "unix" otherwise. Works for...

@josephschorr thanks for the update 👍 just to verify: this is currently implemented for different objects, not different permissions, right? I ask bc I think of a meta-authz case where...

Jfyi, the python SDK also has this ability. It's unofficial, but it works. Basically setting reader to infinity to stop collecting periodically and calling collect yourself. See this PR for...

Giving a bit more use-case/context to this, @vroldanbet and I talked about a specific scenario, where a caveted relationship would be used as a "lock tuple" for enabling [OCC](https://en.wikipedia.org/wiki/Optimistic_concurrency_control). For...