Skip to content

Test

Latest
Latest
Compare
Choose a tag to compare
@stianst stianst released this 29 Aug 06:43
· 10632 commits to main since this release
test
07f3b82

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

New features

  • #23155 [WebAuthn] origin validation not support for non-Web platforms core

Enhancements

  • #505 Quickstarts - Wildfly upgrade and README cleanup quickstarts
  • #9318 User profile configuration API is incorrectly typed docs
  • #10128 Improve failed test behaviour operator
  • #10620 Internationalized Domain Names in email address user-profile
  • #10713 Update the server to use RESTEasy Reactive
  • #11668 Declarative User Profile: weird behaviour in Account Management Console user-profile
  • #12406 Remove "You are already logged-in" during authentication authentication
  • #14009 CreatedTimestamp on REST import not used
  • #14165 Cannot refresh RPT tokens authorization-services
  • #14400 Add proxy options to Keycloak CR operator
  • #15018 Enhancements around proxy and hostname configuration
  • #15072 Allow setting a help text to an attribute user-profile
  • #15109 Refactor patch-sources.sh used by the Operator operator
  • #17258 Data too long for column 'DETAILS_JSON' storage
  • #20343 message bundles are not included in the realm export import-export
  • #20584 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
  • #20695 Add support for single-tenant in Microsoft Identity Provider
  • #20794 Can we simplify TokenManager.getRefreshExpiration() and TokenManager.getOfflineExpiration()? oidc
  • #20884 [Admin Console v2] Policy creation at Permissions screen missing admin/ui
  • #21073 Identity providers: pagination in admin REST API
  • #21154 Allow existing mappers for Custom Identity Providers identity-brokering
  • #21181 Add FAPI 2.0 security profile as default profile of client policies
  • #21182 Enhancing Pluggable Features of Token Manager
  • #21183 More flexibility for Introspection endpoint oidc
  • #21200 DPoP support 1st phase
  • #21444 Set `client_id` when using `private_key_jwt` with OIDC IdP identity-brokering
  • #21945 Release notes for FAPI 2
  • #22034 Keycloak, javascript lib to not use the escape() function adapter/javascript
  • #22215 DPoP verification in UserInfo endpoint oidc
  • #22318 Allow overriding Account Console resources for full control and backwards compatibility
  • #22372 Expand Group providers to allow for paginated lookup of subgroups storage
  • #22725 Do not initialize barrier build items for deployment dist/quarkus
  • #22868 Clarification on the tooltip of option "Validate Password Policy" of LDAP provider admin/ui
  • #23194 Add regex support in 'Condition - User attribute' execution authentication
  • #23527 Better usability when disabling user profile and loosing the previous cofiguration user-profile
  • #23891 Add feature flag for OAuth 2.0 device authorization grant flow oidc
  • #24024 User profile tweaks in registration forms user-profile
  • #24072 Lots of parameters related to identity brokering uses `providerId` when they expect `providerAlias` identity-brokering
  • #24273 Add a property to the User Profile Email Validator for max length of the local part user-profile
  • #24278 Transient users: documentation core
  • #24387 Move some UserProfile and Validation classes into keycloak-server-spi user-profile
  • #24494 Transient users: Consents core
  • #24535 Moving UPConfig and related classes from keycloak-services user-profile

Bugs

  • #468 Cant build it quickstarts
  • #8939 PAR fails to authenticate for public client oidc
  • #9004 Access Token claims not imported using OpenID Connect v1.0 Identity Provider Attribute Importer Mappers oidc
  • #10710 Rollup.js complains about the use of eval in one of keycloak.js's dependencies adapter/javascript
  • #11699 Under heavy load, DefaultBruteForceProtector blocks the whole system authentication
  • #12062 Declarative User Profile export user-profile
  • #12171 Inconsistent authorization behavior when exporting data from a realm authorization-services
  • #14134 [keycloak 18] cannot import users with correct ID in partial import admin/api
  • #16379 Inconsistent handling of parenthesis in auth flow name admin/api
  • #16526 Token introspection response does not follow RFC6479 "scope" parameter format oidc
  • #19093 The create new user page requires the admin user to be given the "Manage-Realm" role in order to see the user profile attributes in the create new user page admin/api
  • #19125 kcadm do not update defaultGroups docs
  • #19154 Non working API docs link docs
  • #19555 When update-email feature is enabled, changing emails two times in a row causes unintuitive behaviour authentication
  • #20135 Searching for multiple types in the Events section gives an error admin/client-js
  • #20218 Role mappers must return a single value when they are not multivalued oidc
  • #20316 Email pattern is not compliant account/api
  • #20453 Admin UI incredibly slow with 300 realms admin/api
  • #20537 [Declarative User Profile] OIDCAttributeMapperHelper throws NumberFormatException for optional user attributes user-profile
  • #20763 Flaky test: org.keycloak.testsuite.admin.authentication.FlowTest#testAddRemoveFlow ci
  • #20830 Token-exchange is not working for OpenID Connect v1.0 provider in KC 21.1.1 token-exchange
  • #20852 [Declarative User Profile] Attributes are created as required by default but switch is set to "not required" user-profile
  • #20885 Key length is limited to 4000 characters storage
  • #21010 Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients storage
  • #21123 NPE in getDefaultRequiredActionCaseInsensitively admin/api
  • #21236 Keycloak Event clientId is null when ever a logout event is fired. core
  • #21555 Listing realms due to realm drop-down admin/ui
  • #21660 Wrong convert timestamp to date account/ui
  • #21779 Flaky test: org.keycloak.testsuite.script.DeployedScriptAuthenticatorTest#loginShouldWorkWithScriptAuthenticator authentication
  • #21780 Flaky test: org.keycloak.testsuite.script.DeployedScriptAuthenticatorTest#loginShouldFailWithScriptAuthenticator authentication
  • #21797 DN with RDN that contains trailing backslash is imported incorrectly into Keycloak ldap
  • #21805 Missing labels account console account/ui
  • #21818 DN with RDN that contains trailing space is imported incorrectly into Keycloak ldap
  • #21830 Operator doesn't pass on system property 'jgroups.dns.query' to Keycloak but an env variable, leading to a warning in the log operator
  • #22143 WatchedSecretsTest.testSecretChangesArePropagated error in OCP ci
  • #22177 Missing client_id validation match when authenticating client with JWT
  • #22191 Verification of iss at refresh token request oidc
  • #22332 Selecting resource on resource based permission gives error admin/ui
  • #22337 kc.sh errors if using characters like semicolon inside the arguments docs
  • #22375 Possible NullPointerException core
  • #22395 Email sending fails when SPI truststore is configured and hostnameVerification set to 'ANY' core
  • #22432 inputOptionLabels is not used by Admin UI admin/ui
  • #22583 Fine grained permissions not rendering account/ui
  • #22638 SAML AdvancedAttributeToRoleMapper does not allow predicate evaluation on same Array Attribute saml
  • #22814 user search with "q" parameter ignores keys of length 1 and returns all users admin/api
  • #22818 inputOptionLabels is not used by Account UI v3 account/ui
  • #22890 Keycloak 22.0.1: NPE in Edit Identity Provider Mapper on second Save admin/api
  • #22937 ProviderConfigProperty.MULTIVALUED_LIST_TYPE not working in FormAction admin/ui
  • #22988 Cache stampede after realm cache invalidation infinispan
  • #23044 Docs: server_admin/topics/sessions/transient.adoc authentication
  • #23128 Regex defect in federation script federation-sssd-setup.sh dist/quarkus
  • #23173 crypto/elytron package has several bugs core
  • #23180 TypeError in user profile admin-ui admin/ui
  • #23253 CLI args not recognized when running Quarkus dev mode dist/quarkus
  • #23255 Several help text messages missing in saml identity provider admin/ui
  • #23444 After the recent switch to resteasy-reactive we are unable to use resteasy-classic or jersey jax-rs clients. dependencies
  • #23582 Join group screen does not show child groups without filters admin/ui
  • #23616 invalid tag in .ftl file user-profile
  • #23692 Genetated access token exception then $ sign in client name core
  • #23733 OpenAPI spec doesn't match the admin API admin/api
  • #23753 Insufficient guard against path traversal GzipResourceEncodingProvider core
  • #23789 Can not create attribute group before setting/removing an annotation user-profile
  • #23795 Spelling errors in TokenManager.java oidc
  • #23970 Keycloak does not export/import userprofile data when exporting the realm user-profile
  • #24032 Group attributes are not saved if there are two attributes with the same key admin/ui
  • #24035 Admin UI: Group details page is not updated by group list dropdown actions admin/ui
  • #24067 Duplicate attribute groups show in list in UserProfile in admin ui admin/ui
  • #24077 Internal server error when no firstName and lastName added on the user with User Profile Disabled and Verify Profile Enabled user-profile
  • #24096 Document or avoid breaking change in UserSessionModel core
  • #24183 Username now shown when creating a user and edit username is not allowed user-profile
  • #24187 Admin UI group view shows attributes of previously viewed group admin/ui
  • #24293 b.map is not a function error when LDAP server is offline core
  • #24420 User profile behaves different in keycloak 22.0.5 user-profile
  • #24453 Email-verified checkbox not visible anymore when user profile is enabled admin/ui
  • #24455 NPE when logging in with TransientUser storage
  • #24458 Unfriendly error message when user-storage provider not available admin/ui
  • #24487 show/hide password in clear text button visible for hiden field in "forgot password" flow login/ui
  • #24547 DPoP advertised on OIDC Well Known Endpoint even though DPoP feature is not enabled (preview feature) oidc
  • #24697 User cannot update profile when some invalid attribute invisible to him is present on his profile user-profile
Assets 2