The Keycloak operator project maintains release branches for the three most recent minor releases. Applicable fixes, including security fixes, may be backported to those three release branches, depending on severity and feasibility. Please refer to CHANGELOG.md for details.
Please report (suspected) security vulnerabilities to SupportEPMD-EDP@epam.com. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity.