Keycloak - Package Updates
-
You can use this thread to track updates to the Keycloak package.
Please open issues in a separate topic instead of replying here.
-
G girish pinned this topic on
-
[0.2.0]
- OIDC setup refactored, tests deps bumped
-
[0.3.0]
- Enable update tests
-
[0.4.0]
- Update keycloak to 26.1.1
- Full Changelog
-
[0.5.0]
- add passkeys feature
-
[0.6.0]
- enable webauthn
-
[0.6.1]
- Update keycloak to 26.1.2
- Full Changelog
-
[1.0.0]
- Update keycloak to 26.1.3
- Full Changelog
- Send Reset Email force login again for federated users after reset credentials
- #32535 Invalid migration export for empty database core
- #36405 Redirect after linking account account/ui
- #36527 Viewing user events requires
view-realm-role admin/ui - #36585 Keycloak user attribute key broken in Keycloak 26.1.0 admin/ui
- #36703 When linking IDP to an organization hide on login sets as off admin/ui
- #36709 SAML2 Client Signing Keys Config does not accept PEM import admin/ui
- #36842 Comboxes do not display selected option after reset admin/ui
- #36927 MeterFilter is configured after a Meter has been registered dist/quarkus
-
[1.0.1]
- Update keycloak to 26.1.4
- Full Changelog
-
[1.1.0]
- Add dynamic builds . Configure options in /app/data/env.sh
-
[1.1.1]
- Update keycloak to 26.1.5
- Full Changelog
-
[1.2.0]
- Update keycloak to 26.2.0
- Full Changelog
- Supported Standard Token Exchange
- Fine-grained admin permissions supported
- Guides for metrics and Grafana dashboards
- Zero-configuration secure cluster communication
- Rolling updates for optimized and customized images
- Additional query parameters in Admin Events API
- Logs support ECS format
- New cache for CRLs loaded for the X.509 authenticator
- Operator creates NetworkPolicies to restrict traffic
- Option to reload trust and key material for the management interface
-
[1.2.1]
- Update keycloak to 26.2.1
- Full Changelog
- #​38956 Clarify upgrade instructions
- #​39057 Change the title for Grafana dashboards guide to plural
docs - #​39059 Document operator
Autoupdate strategy when used withpodTemplate - #​38458 [FGAP] [UI] Permission search doesn't execute correct consequent search request
admin/fine-grained-permissions - #​38692 Test coverage for count menthods when filtering
admin/fine-grained-permissions - #​38767 Make group required when selecting a specific group creating a premission
admin/ui - #​38913 [FGAP] AvailableRoleMappings do not consider all-clients permissions
admin/fine-grained-permissions - #​38925 Blocking issue with increasing JVM thread count after migrating from 26.0.8 to 26.1.4
infinispan - #​38929 Permission details sometimes don't show the name of the client
admin/fine-grained-permissions - #​38937 Liquibase checksum mismatch when upgrading from Keycloak 22.0.4 directly to 26.2.x
storage
-
[1.2.2]
- Update keycloak to 26.2.2
- Full Changelog
- #39142 Make distribution startup timeout configurable testsuite
- #39349 CVE-2025-3910 Two factor authentication bypass
- #39350 CVE-2025-3501 Keycloak hostname verification
-
[1.2.3]
- Update keycloak to 26.2.3
- Full Changelog
- #38985 Possibility to log details and representation to the jboss-logging listener
- #39080 Standardize introductory text in Keycloak guides
- #38145 Unknown error on authentication-flow delete action <code>admin/ui</code>
- #38482 SAML client certificate not persisted <code>admin/ui</code>
- #38660 Ldap federation seems to open and keep open a new thread/connection for each ldap request <code>ldap</code>
- #38671 Duplicate Key Violation When Reauthenticating After Account Deletion via Google <code>identity-brokering</code>
- #38703 Password Policy Changes get overwritten in the UI <code>admin/ui</code>
- #38799 Kerberos principal attribute value "comes back" when cleared. <code>admin/ui</code>
- #38873 Client Credentials tab : "Allow regex pattern comparison" toggle is always "On" on page load <code>admin/ui</code>
- #38911 Filtering of user- and admin-events by dateTo always returns empty results <code>admin/api</code>
-
[1.2.4]
- Update keycloak to 26.2.4
- Full Changelog
- #35278 Double click on social provider link causes page has expired error <code>login/ui</code>
- #39021 After migrating to newer Keycloak, token refreshes using inherited offline sessions return access tokens with invalid exp value <code>oidc</code>
- #39023 Keycloak 26.2.0 UI Performance Degradation <code>admin/ui</code>
- #39173 duplicate key value violates unique constraint "constraint_offl_cl_ses_pk3" <code>infinispan</code>
- #39454 JGroups errors when running a containerized Keycloak in Strict FIPS mode and with Istio <code>infinispan</code>
- #39500 Update Job Pod is listed in the keycloak discovery service <code>operator</code>
-
[1.2.5]
- Update keycloak to 26.2.5
- Full Changelog
- Fix Securing Apps links to adapters docs
- Email server credentials can be harvested through host/port manipulation admin/api
- Fix doc link to FGAP v1 docs
- Apply edits to Operators Guide docs
- Edit Observability Guide docs
- Fix callouts in Operator guide docs
- Sessions from Infinispan should be mapped lazily for the Admin UI
- Speed up Infinispan list of all sessions be more eagerly remove old client sessions
- When logging in, all client sessions are loaded which is slow oidc
- Authorization Code Flow Fails Scope Validation After Credential Definition Migration to Realm Level oid4vc
-
[1.3.0]
- Update keycloak to 26.3.0
- Full Changelog
- Account recovery with 2FA recovery codes, protecting users from lockout.
- Simplified experiences for application developers with streamlined WebAuthn/Passkey registration and simplified account linking to identity providers via application initiated actions.
- Broader connectivity with the ability to broker with any OAuth 2.0 compliant authorization server, and enhanced trusted email verification for OpenID Connect providers.
- Asynchronous logging for higher throughput and lower latency, ensuring more efficient deployments.
- For administrators, experimental rolling updates for patch releases mean minimized downtime and smoother upgrades.
- The custom protocol, which was previously used for client-initiated account linking, is now deprecated.
- #21995 Configurable probes in the Operator operator
- #29116 Add supported config options for additional datasources dist/quarkus
- #29596 Passkeys conditional UI: integration with username/password form authentication/webauthn
- #38465 Name for OTP device should be unique account/api
- #38985 Possibility to log details and representation to the jboss-logging listener
-
[1.3.1]
- Update keycloak to 26.3.1
- Full Changelog
-
[1.3.2]
- Update keycloak to 26.3.2
- Full Changelog
- #40237 Add option "Requires short state parameter" to OIDC IDP authentication
- #40970 Run clustering compatibility tests on release/x.y branches
- #41034 Improve logging for client sessions load
- #41257 Upgrade to Infinispan 15.0.18.Final infinispan
- #39634 Update MariaDB connector to 3.5.3 dist/quarkus
- #40553 Upgrade org.postgresql:postgresql to version 42.7.7 to address CVE-2025-49146 dependencies
- #40736 CVE-2025-49574 - Exposure of Resource to Wrong Sphere vulnerability in io.vertx:vertx-core dependencies
- #40784 Default jdbc-ping cluster setup for distributed caches fails in Oracle infinispan
- #40980 Can't update security-admin-console via admin UI with volatile sessions infinispan
- #40995 LDAP / ModelException: At least one condition should be provided to OR query core
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login