Keycloak - Package Updates
-
[0.2.0]
- OIDC setup refactored, tests deps bumped
-
[0.3.0]
- Enable update tests
-
[0.4.0]
- Update keycloak to 26.1.1
- Full Changelog
-
[0.5.0]
- add passkeys feature
-
[0.6.0]
- enable webauthn
-
[0.6.1]
- Update keycloak to 26.1.2
- Full Changelog
-
[1.0.0]
- Update keycloak to 26.1.3
- Full Changelog
- Send Reset Email force login again for federated users after reset credentials
- #32535 Invalid migration export for empty database core
- #36405 Redirect after linking account account/ui
- #36527 Viewing user events requires
view-realm-role admin/ui - #36585 Keycloak user attribute key broken in Keycloak 26.1.0 admin/ui
- #36703 When linking IDP to an organization hide on login sets as off admin/ui
- #36709 SAML2 Client Signing Keys Config does not accept PEM import admin/ui
- #36842 Comboxes do not display selected option after reset admin/ui
- #36927 MeterFilter is configured after a Meter has been registered dist/quarkus
-
[1.0.1]
- Update keycloak to 26.1.4
- Full Changelog
-
[1.1.0]
- Add dynamic builds . Configure options in /app/data/env.sh
-
[1.1.1]
- Update keycloak to 26.1.5
- Full Changelog
-
[1.2.0]
- Update keycloak to 26.2.0
- Full Changelog
- Supported Standard Token Exchange
- Fine-grained admin permissions supported
- Guides for metrics and Grafana dashboards
- Zero-configuration secure cluster communication
- Rolling updates for optimized and customized images
- Additional query parameters in Admin Events API
- Logs support ECS format
- New cache for CRLs loaded for the X.509 authenticator
- Operator creates NetworkPolicies to restrict traffic
- Option to reload trust and key material for the management interface
-
[1.2.1]
- Update keycloak to 26.2.1
- Full Changelog
- #38956 Clarify upgrade instructions
- #39057 Change the title for Grafana dashboards guide to plural
docs - #39059 Document operator
Autoupdate strategy when used withpodTemplate - #38458 [FGAP] [UI] Permission search doesn't execute correct consequent search request
admin/fine-grained-permissions - #38692 Test coverage for count menthods when filtering
admin/fine-grained-permissions - #38767 Make group required when selecting a specific group creating a premission
admin/ui - #38913 [FGAP] AvailableRoleMappings do not consider all-clients permissions
admin/fine-grained-permissions - #38925 Blocking issue with increasing JVM thread count after migrating from 26.0.8 to 26.1.4
infinispan - #38929 Permission details sometimes don't show the name of the client
admin/fine-grained-permissions - #38937 Liquibase checksum mismatch when upgrading from Keycloak 22.0.4 directly to 26.2.x
storage
-
[1.2.2]
- Update keycloak to 26.2.2
- Full Changelog
- #39142 Make distribution startup timeout configurable testsuite
- #39349 CVE-2025-3910 Two factor authentication bypass
- #39350 CVE-2025-3501 Keycloak hostname verification
-
[1.2.3]
- Update keycloak to 26.2.3
- Full Changelog
- #38985 Possibility to log details and representation to the jboss-logging listener
- #39080 Standardize introductory text in Keycloak guides
- #38145 Unknown error on authentication-flow delete action <code>admin/ui</code>
- #38482 SAML client certificate not persisted <code>admin/ui</code>
- #38660 Ldap federation seems to open and keep open a new thread/connection for each ldap request <code>ldap</code>
- #38671 Duplicate Key Violation When Reauthenticating After Account Deletion via Google <code>identity-brokering</code>
- #38703 Password Policy Changes get overwritten in the UI <code>admin/ui</code>
- #38799 Kerberos principal attribute value "comes back" when cleared. <code>admin/ui</code>
- #38873 Client Credentials tab : "Allow regex pattern comparison" toggle is always "On" on page load <code>admin/ui</code>
- #38911 Filtering of user- and admin-events by dateTo always returns empty results <code>admin/api</code>
-
[1.2.4]
- Update keycloak to 26.2.4
- Full Changelog
- #35278 Double click on social provider link causes page has expired error <code>login/ui</code>
- #39021 After migrating to newer Keycloak, token refreshes using inherited offline sessions return access tokens with invalid exp value <code>oidc</code>
- #39023 Keycloak 26.2.0 UI Performance Degradation <code>admin/ui</code>
- #39173 duplicate key value violates unique constraint "constraint_offl_cl_ses_pk3" <code>infinispan</code>
- #39454 JGroups errors when running a containerized Keycloak in Strict FIPS mode and with Istio <code>infinispan</code>
- #39500 Update Job Pod is listed in the keycloak discovery service <code>operator</code>
-
[1.2.5]
- Update keycloak to 26.2.5
- Full Changelog
- Fix Securing Apps links to adapters docs
- Email server credentials can be harvested through host/port manipulation admin/api
- Fix doc link to FGAP v1 docs
- Apply edits to Operators Guide docs
- Edit Observability Guide docs
- Fix callouts in Operator guide docs
- Sessions from Infinispan should be mapped lazily for the Admin UI
- Speed up Infinispan list of all sessions be more eagerly remove old client sessions
- When logging in, all client sessions are loaded which is slow oidc
- Authorization Code Flow Fails Scope Validation After Credential Definition Migration to Realm Level oid4vc
-
[1.3.0]
- Update keycloak to 26.3.0
- Full Changelog
- Account recovery with 2FA recovery codes, protecting users from lockout.
- Simplified experiences for application developers with streamlined WebAuthn/Passkey registration and simplified account linking to identity providers via application initiated actions.
- Broader connectivity with the ability to broker with any OAuth 2.0 compliant authorization server, and enhanced trusted email verification for OpenID Connect providers.
- Asynchronous logging for higher throughput and lower latency, ensuring more efficient deployments.
- For administrators, experimental rolling updates for patch releases mean minimized downtime and smoother upgrades.
- The custom protocol, which was previously used for client-initiated account linking, is now deprecated.
- #21995 Configurable probes in the Operator operator
- #29116 Add supported config options for additional datasources dist/quarkus
- #29596 Passkeys conditional UI: integration with username/password form authentication/webauthn
- #38465 Name for OTP device should be unique account/api
- #38985 Possibility to log details and representation to the jboss-logging listener
-
[1.3.1]
- Update keycloak to 26.3.1
- Full Changelog
-
[1.3.2]
- Update keycloak to 26.3.2
- Full Changelog
- #40237 Add option "Requires short state parameter" to OIDC IDP authentication
- #40970 Run clustering compatibility tests on release/x.y branches
- #41034 Improve logging for client sessions load
- #41257 Upgrade to Infinispan 15.0.18.Final infinispan
- #39634 Update MariaDB connector to 3.5.3 dist/quarkus
- #40553 Upgrade org.postgresql:postgresql to version 42.7.7 to address CVE-2025-49146 dependencies
- #40736 CVE-2025-49574 - Exposure of Resource to Wrong Sphere vulnerability in io.vertx:vertx-core dependencies
- #40784 Default jdbc-ping cluster setup for distributed caches fails in Oracle infinispan
- #40980 Can't update security-admin-console via admin UI with volatile sessions infinispan
- #40995 LDAP / ModelException: At least one condition should be provided to OR query core
-
[1.3.3]
- Update keycloak to 26.3.3
- Full Changelog
- #39562 Breaking template change: Unknown
localeinput field added to user-profile registration page <code>user-profile</code> - #40984 Backchannel logout token with an unexpected signature algorithm key <code>oidc</code>
- #41023 Can't send e-mails to international e-mail addresses: bad UTF-8 syntax <code>core</code>
- #41098 Locked out after upgrade to 26.3.1 due to missing sub in lightweight access token <code>core</code>
- #41268
--optimizedflag and providers jar are incompatible when used with tools changinglast-modify-date<code>dist/quarkus</code> - #41290 Concurrent starts with JDBC_PING lead to a split cluster <code>infinispan</code>
- #41390 JDBC_PING2 doesn't merge split clusters after a while <code>infinispan</code>
- #41421 Broken link securing-cache-communication in caching docs <code>docs</code>
- #41423 Duplicate IDs in generated all configuration docs <code>docs</code>
- #41469 Uncaught exception cases unclosed spans in tracing <code>dist/quarkus</code>
