Based on Keycloak Security Policy

This policy applies to only this extension (HadleySo/keycloak-extension-conditional-access). Issues with org.keycloak should be opened with keycloak/keycloak.

Suspected vulnerabilities should be disclosed responsibly and not made public until after analysis and a fix are available. We will acknowledge your report within 7 business days and work with you to confirm the vulnerability's existence and impact.

Open a security advisory, if unable use hadleyso.com.