Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. Keycloak
  3. Keycloak - Package Updates

Keycloak - Package Updates

Scheduled Pinned Locked Moved Keycloak
43 Posts 1 Posters 11.7k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Package UpdatesP Online
    Package UpdatesP Online
    Package Updates
    wrote on last edited by
    #41

    [1.6.2]

    • Update keycloak to 26.6.2
    • Full Changelog
    • #47485 CVE-2026-33871 HTTP/2 CONTINUATION Frame Flood Denial of Service
    • #47486 CVE-2026-33870 RFC violation: HTTP Request Smuggling primitive via Chunked Extension Quoted-String Parsing
    • #47932 [CVE-2026-4628] Improper Access Control on Keycloak Server through UMA resource management endpoints via PUT parameters authorization-services
    • #48049 [CVE-2026-37980] Stored XSS in select-organization.ftl - FreeMarker HTML-escape insufficient in inline JS handler organizations
    • #48329 JDBC_PING in 26.6 should not fail with 26.7 schema changes
    • #48348 Escape expressions in JS blocks in FTL pages
    • #38526 Duplicate user attribute values cannot be removed core
    • #47901 Realm import with --import-realm fails with ModelValidationException when Admin Permissions is enabled admin/fine-grained-permissions
    • #48040 User session limit generates fatal error authentication
    • #48185 Deleted workflow still attempting to run workflows
    1 Reply Last reply
    0
    • Package UpdatesP Online
      Package UpdatesP Online
      Package Updates
      wrote on last edited by
      #42

      [1.6.3]

      • Update keycloak to 26.6.3
      • Full Changelog
      • #47707 CVE-2026-4800 lodash vulnerable to Code Injection via _.template imports key names account/ui
      • #47935 [CVE-2026-4874] Server-Side Request Forgery via OIDC token endpoint manipulation oidc
      • #48036 [CVE-2026-37977] CORS Access-Control-Allow-Origin reflected from unverified JWT azp claim on UMA token endpoint authorization-services
      • #48709 [CVE-2026-7500] Improper Access Control on Keycloak Server when the account Account API feature is disabled account/api
      • #48695 Add startup check for missing database indexes
      • #45957 Handling of CORS requests in the Admin UI ineffective / open for CSRF admin/ui
      • #48430 Wildcard redirect URI matching does not enforce host boundary when * is placed directly after hostname oidc
      • #48438 Keycloak 26.6.0/26.6.1 exits (code 1) ~100ms after async realm migration completes; migrations not persisted core
      • #48584 Updating Keycloak to 26.6.x fails on SQL Server with case sensitive collation core
      • #48877 Keycloak 26.6.1 does not persist UPDATE_PASSWORD for LDAP/AD federated users after temporary password reset ldap
      1 Reply Last reply
      0
      • Package UpdatesP Online
        Package UpdatesP Online
        Package Updates
        wrote last edited by
        #43

        [1.6.4]

        • Update keycloak to 26.6.4
        • Full Changelog
        • #50344 CVE-2026-9099 Keycloak: group-admin escalation to realm-admin
        • #50345 CVE-2026-9083 Keycloak: keycloak: information disclosure through arbitrary filesystem path probing
        • #50347 CVE-2026-9086 Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass
        • #50349 CVE-2026-9705 Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token
        • #50350 CVE-2026-9795 Keycloak: keycloak: privilege escalation via improper scope mapping enforcement
        • #50351 CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass
        • #50352 CVE-2026-9800 Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison
        • #50357 CVE-2026-11800 Keycloak: Authentication bypass via JWT algorithm confusion
        • #50100 Upgrade to Quarkus 3.33.2.1
        • #49700 Incorrect migration guide reference docs
        1 Reply Last reply
        0

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        Reply
        • Reply as topic
        Log in to reply
        • Oldest to Newest
        • Newest to Oldest
        • Most Votes


        • Login

        • Don't have an account? Register

        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search