Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update keycloak-updates (major) #4

Open
wants to merge 16 commits into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jul 16, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.bouncycastle:bcpg-fips 1.0.7.1 -> 2.0.9 age adoption passing confidence
org.keycloak:keycloak-crypto-default (source) 24.0.5 -> 25.0.4 age adoption passing confidence
org.keycloak:keycloak-services (source) 24.0.5 -> 25.0.4 age adoption passing confidence
org.keycloak:keycloak-server-spi-private (source) 24.0.5 -> 25.0.4 age adoption passing confidence
org.keycloak:keycloak-server-spi (source) 24.0.5 -> 25.0.4 age adoption passing confidence
org.keycloak:keycloak-core (source) 24.0.5 -> 25.0.4 age adoption passing confidence

Release Notes

keycloak/keycloak (org.keycloak:keycloak-crypto-default)

v25.0.4

Compare Source

v25.0.3

Compare Source

v25.0.2

Compare Source

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #​30094 Do not inherit 'https-client-auth' property for the management interface
  • #​30537 Document how Admin REST API endpoints work with Hostname config docs
  • #​30856 Remove inclusive language foreword docs

Bugs

  • #​19070 authBaseUrl error on different hostname-admin-url, hostname-url admin/ui
  • #​26042 Issue when start-dev in 23.0.1 dist/quarkus
  • #​28489 Missing help text on tokens tab admin/ui
  • #​29407 Need refresh attributes group translations on Users > Details tab admin/ui
  • #​29566 User Profile attributes/groups in Admin UI are not translated using Localization for non-master realm when signed in the master realm account/ui
  • #​29761 bug: disabling all default features no longer works core
  • #​29784 Exception while trying to run a LDAP sync with a group importer and a batch size less then the actual number of groups ldap
  • #​30329 Client secret rotation UI shows wrong rotated secret admin/ui
  • #​30355 New operator failing on health checks operator
  • #​30383 Account Console (v3) no longer highlights the current page in the nav bar account/ui
  • #​30436 Client Roles are not shown when clientId property is set admin/ui
  • #​30440 UI theme bug in KC 25.0.0 admin/ui
  • #​30444 Failed to evaluate permissions when fetchRoles is enabled on role policies authorization-services
  • #​30449 Migration stuck if versions incompatible operator
  • #​30521 "Client Offline Session Max" no longer available admin/ui
  • #​30541 Account UI resources try to load from admin path instead of frontend path account/ui
  • #​30552 After migrating from 24 to 25, the signature algorithms names do not display in drop down menu admin/ui
  • #​30591 Invalid character in spanish translation file for Identity Provider Link Template translations
  • #​30652 Default server port is used instead of the management interface port in the guide about running Keycloak in a container
  • #​30662 User policy -> select user shows user id instead of user name. admin/ui
  • #​30712 Remove of Multivalued Attribute due to - Adding translations when a new attribute is created admin/ui
  • #​30717 Broken external links docs
  • #​30821 Testing connection to ldap on the settings page does not work in 25.0.1 ldap
  • #​30837 Cannot find requested client with clientId ldap
  • #​30866 admin-cli invalid credentials admin/cli
  • #​30917 reCAPTCHA Enterprise v3 - Unrecognized field "accountDefenderAssessment" core
  • #​30947 Error when trying to edit authentication sub-flow name / description admin/ui
  • #​30992 Realm cannot be deleted if there are tons of consents storage
  • #​31014 "Verify Email" may cause other Required Actions to be ignored authentication
  • #​31050 Caching docs should name parameter runtime parameters, not build parameters docs
  • #​31146 IDP SAML Certificate should be text-area not text admin/ui
  • #​31167 After creating a new authentication flow and returning to the list, the "Used by" column displays "flow.undefined" admin/ui
  • #​31171 Single use tokens, like action tokens, has a claim `expiration` core
  • #​31187 Recaptcha links changed in the Google Docs docs
  • #​31196 The check for userdn in test ldap should consider that AD proxy user can be in non DN format ldap
  • #​31218 Clarify if JGroups thread metrics can be shown with embedded Infinispan
  • #​31219 [Docs] Broken link in Server Admin guide for JWT_Auth wiki docs
  • #​31224 Offline tokens created in Keycloak 9 will not work on Keycloak 25 oidc
  • #​31244 IdP redirect URL shows hostname_admin admin/ui
  • #​31267 multiple ldap url's not working on one realm ldap

v25.0.1

Compare Source

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #​19750 Use a proper FreeMarker template for the new consoles account/ui
  • #​30346 Enhance masking around config-keystore dist/quarkus

Bugs

  • #​25234 front channel logout to clients are not called at Identity Proxy when using front channel logout to Identity Provider( oidc
  • #​28643 Encountering `NullPointerException` - `KeycloakIdentity.getUserFromToken()` when running `admin-ui` locally admin/ui
  • #​30115 Admin v2 theme - theme.properties Custom theme scripts not loading admin/ui
  • #​30201 Keycloak CI - failure in Store IT (aurora-postgres) ci
  • #​30240 Custom attributes are removed during UPDATE PROFILE event core
  • #​30300 Upgrade to Keycloak 25 - Table 'USER_CONSENT' is specified twice on MySQL/MariaDB database core
  • #​30302 Methods of SimpleHttp are after change now too much protected core
  • #​30306 Upgrade to Keycloak 25 - Events bug in UI admin/ui
  • #​30332 Operator fails to patch ingress after update to 25.0.0 operator
  • #​30334 RESTART_AUTHENTICATION_ERROR when login in in private browser window after 25.0.0 update core
  • #​30351 Migration of sessions in KC25 should run only on migration, not on imports
  • #​30368 Documentation : label error for persistent-user-sessions feature flag docs
  • #​30417 Keycloak 25 db guide shows unevaluated "ifeval docs
  • #​30432 keycloak hostname:v2 /admin used on "hostname" instead of "hostname-admin" admin/ui
  • #​30434 Improvements for ldap test authentication ldap
  • #​30492 partial_import_test fails randomly admin/ui

v25.0.0

Compare Source

Highlights

Account Console v2 theme removed

The Account Console v2 theme has been removed from Keycloak. This theme was deprecated in Keycloak 24 and replaced by the Account Console v3 theme. If you are still using this theme, you should migrate to the Account Console v3 theme.

Java 21 support

Keycloak now supports OpenJDK 21, as we want to stick to the latest LTS OpenJDK versions.

Java 17 support is deprecated

OpenJDK 17 support is deprecated in Keycloak, and will be removed in a following release in favor of OpenJDK 21.

Most of Java adapters removed

As stated in the release notes of previous Keycloak version, the most of Java adapters are now removed from the Keycloak codebase and downloads pages.

For OAuth 2.0/OIDC, this includes removal of the Tomcat adapter, WildFly/EAP adapter, Servlet Filter adapter, KeycloakInstalled desktop adapter, the jaxrs-oauth-client adapter, JAAS login modules, Spring adapter and SpringBoot adapters. You can check our older post for the list of some alternatives.

For SAML, this includes removal of the Tomcat adapter and Servlet filter adapter. SAML adapters are still supported with WildFly and JBoss EAP.

The generic Authorization Client library is still supported, and we still plan to support it. It aims to be used in combination with any other OAuth 2.0 or OpenID Connect libraries. You can check the quickstarts for some examples where this authorization client library is used together with the 3rd party Java adapters like Elytron OIDC or SpringBoot. You can check the quickstarts also for the example of SAML adapter used with WildFly.

Upgrade to PatternFly 5

In Keycloak 24, the Welcome page is updated to use PatternFly 5, the latest version of the design system that underpins the user interface of Keycloak. In this release, the Admin Console and Account Console are also updated to use PatternFly 5. If you want to extend and customize the Admin Console and Account Console, review the changes in PatternFly 5 and update your customizations accordingly.

Argon2 password hashing

Argon2 is now the default password hashing algorithm used by Keycloak in a non-FIPS environment.

Argon2 was the winner of the 2015 password hashing competition and is the recommended hashing algorithm by OWASP.

In Keycloak 24 the default hashing iterations for PBKDF2 were increased from 27.5K to 210K, resulting in a more than 10 times increase in the amount of CPU time required to generate a password hash. With Argon2 it is possible to achieve better security, with almost the same CPU time as previous releases of Keycloak. One downside is Argon2 requires more memory, which is a requirement to be resistant against GPU attacks. The defaults for Argon2 in Keycloak requires 7MB per-hashing request. To prevent excessive memory and CPU usage, the parallel computation of hashes by Argon2 is by default limited to the number of cores available to the JVM. To support the memory intensive nature of Argon2, we have updated the default GC from ParallelGC to G1GC for a better heap utilization.

New Hostname options

In response to the complexity and lack of intuitiveness experienced with previous hostname configuration settings, we are proud to introduce Hostname v2 options.

We have listened to your feedback, tackled the tricky issues, and created a smoother experience for managing hostname configuration. Be aware that even the behavior behind these options has changed and requires your attention - if you are dealing with custom hostname settings.

Hostname v2 options are supported by default, as the old hostname options are deprecated and will be removed in the following releases. You should migrate to them as soon as possible.

New options are activated by default, so Keycloak will not recognize the old ones.

For information on how to migrate, see the Upgrading Guide.

Persistent user sessions

Previous versions of Keycloak stored only offline user and offline client sessions in the databases. The new feature persistent-user-session stores online user sessions and online client sessions not only in memory, but also in the database. This will allow a user to stay logged in even if all instances of Keycloak are restarted or upgraded.

The feature is a preview feature and disabled by default. To use it, add the following to your build command:

bin/kc.sh build --features=persistent-user-session ...

For more details see the Enabling and disabling features guide. The sizing guide contains a new paragraph describing the updated resource requirements when this feature is enabled.

For information on how to upgrade, see the Upgrading Guide.

Cookies updates

SameSite attribute set for all cookies

The following cookies did not use to set the SameSite attribute, which in recent browser versions results in them defaulting to SameSite=Lax:

  • KC_STATE_CHECKER now sets SameSite=Strict

  • KC_RESTART now sets SameSite=None

  • KEYCLOAK_LOCALE now sets SameSite=None

  • KEYCLOAK_REMEMBER_ME now sets SameSite=None

The default value SameSite=Lax causes issues with POST based bindings, mostly applicable to SAML, but also used in some OpenID Connect / OAuth 2.0 flows.

The cookie KC_AUTH_STATE is removed and it is no longer set by the Keycloak server as this server no longer needs this cookie.

The following APIs for setting custom cookies have been removed:

  • ServerCookie - replaced by NewCookie.Builder

  • LocaleSelectorProvider.KEYCLOAK_LOCALE - replaced by CookieType.LOCALE

  • HttpCookie - replaced by NewCookie.Builder

  • HttpResponse.setCookieIfAbsent(HttpCookie cookie) - replaced by HttpResponse.setCookieIfAbsent(NewCookie cookie)

Addressed 'You are already logged in' for expired authentication sessions

The Keycloak 23 release provided improvements for when a user is authenticated in parallel in multiple browser tabs. However, this improvement did not address the case when an authentication session expired. Now for the case when user is already logged-in in one browser tab and an authentication session expired in other browser tabs, Keycloak is able to redirect back to the client application with an OIDC/SAML error, so the client application can immediately retry authentication, which should usually automatically log in the application because of the SSO session. For more details, see Server Administration Guide authentication sessions.

Lightweight access token to be even more lightweight

In previous releases, the support for lightweight access token was added. In this release, we managed to remove even more built-in claims from the lightweight access token. The claims are added by protocol mappers. Some of them affect even the regular access tokens or ID tokens as they were not strictly required by the OIDC specification.

  • Claims sub and auth_time are added by protocol mappers now, which are configured by default on the new client scope basic, which is added automatically to all the clients. The claims are still added to the ID token and access token as before, but not to lightweight access token.

  • Claim nonce is added only to the ID token now. It is not added to a regular access token or lightweight access token. For backwards compatibility, you can add this claim to an access token by protocol mapper, which needs to be explicitly configured.

  • Claim session_state is not added to any token now. It is still possible to add it by protocol mapper if needed. There is still the other dedicated claim sid supported by the specification, which was available in previous versions as well and which has exactly the same value.

For more details, see the Upgrading Guide..

Support for application/jwt media-type in token introspection endpoint

You can use the HTTP Header Accept: application/jwt when invoking a token introspection endpoint. When enabled for a particular client, it returns a claim jwt from the token introspection endpoint with the full JWT access token, which can be useful especially for the use-cases when the client calling introspection endpoint used lightweight access token. Thanks to Thomas Darimont for the contribution.

Password policy for check if password contains Username

Keycloak supports a new password policy that allows you to deny user passwords which contains the user username.

Required actions improvements

In the Admin Console, you can now configure some required actions in the Required actions tab of a particular realm. Currently, the Update password is the only built-in configurable required action. It supports setting Maximum Age of Authentication, which is the maximum time users can update their password by the kc_action parameter (used for instance when updating password in the Account Console) without re-authentication. The sorting of required actions is also improved. When there are multiple required actions during authentication, all actions are sorted together regardless of whether those are actions set during authentication (for instance by the kc_action parameter) or actions added to the user account manually by an administrator. Thanks to Thomas Darimont and Daniel Fesenmeyer for the contributions.

Passkeys improvements

The support for Passkeys conditional UI was added. When the Passkeys preview feature is enabled, there is a dedicated authenticator available, which means you can select from a list of available passkeys accounts and authenticate a user based on that. Thanks to Takashi Norimatsu for the contribution.

Default client profile for SAML

The default client profile to have secured SAML clients was added. When browsing through client policies of a realm in the Admin Console, you see a new client profile saml-security-profile. When it is used, there are security best practices applied for SAML clients such as signatures are enforced, SAML Redirect binding is disabled, and wildcard redirect URLs are prohibited.

There was new authenticator Confirm override existing link added. This authenticator allows to override linked IDP username for the Keycloak user, which was already linked to different IDP identity before. More details in the Server Administration Guide. Thanks to Lex Cao for the contribution.

OpenID for Verifiable Credential Issuance - experimental support

There is work in progress on the support of OpenID for Verifiable Credential Issuance (OID4VCI). Right now, this is still work in progress, but things are being gradually added. Keycloak can act as an OID4VC Issuer with support of Pre-Authorized code flow. There is support for verifiable credentials in the JWT-VC, SD-JWT-VC and VCDM formats. Thanks to the members of the OAuth SIG groups for the contributions and feedback and especially thanks to Stefan Wiedemann, Francis Pouatcha, Takashi Norimatsu and Yutaka Obuchi.

Searching by user attribute no longer case insensitive

When searching for users by user attribute, Keycloak no longer searches for user attribute names forcing lower case comparisons. The goal of this change was to speed up searches by using Keycloak&#​8217;s native index on the user attribute table. If your database collation is case-insensitive, your search results will stay the same. If your database collation is case-sensitive, you might see less search results than before.

Breaking fix in authorization client library

For users of the keycloak-authz-client library, calling AuthorizationResource.getPermissions(&#​8230;&#​8203;) now correctly returns a List<Permission>.

Previously, it would return a List<Map> at runtime, even though the method declaration advertised List<Permission>.

This fix will break code that relied on casting the List or its contents to List<Map>. If you have used this method in any capacity, you are likely to have done this and be affected.

IDs are no longer set when exporting authorization settings for a client

When exporting the authorization settings for a client, the IDs for resources, scopes, and policies are no longer set. As a result, you can now import the settings from a client to another client.

Management port for metrics and health endpoints

Metrics and health checks endpoints are no longer accessible through the standard Keycloak server port. As these endpoints should be hidden from the outside world, they can be accessed on a separate default management port 9000.

It allows to not expose it to the users as standard Keycloak endpoints in Kubernetes environments. The new management interface provides a new set of options and is fully configurable.

Keycloak Operator assumes the management interface is turned on by default. For more details, see Configuring the Management Interface.

Syslog for remote logging

Keycloak now supports Syslog protocol for remote logging. It utilizes the protocol defined in RFC 5424. By default, the syslog handler is disabled, but when enabled, it sends all log events to a remote syslog server.

For more information, see the Configuring logging guide.

Change to class EnvironmentDependentProviderFactory

The method EnvironmentDependentProviderFactory.isSupported() was deprecated for several releases and has now been removed.

For more details, see the Upgrading Guide.

All cache options are runtime

It is now possible to specify the cache, cache-stack, and cache-config-file options during runtime. This eliminates the need to execute the build phase and rebuild your image due to them.

For more details, see the Upgrading Guide.

High availability guide enhanced

The high availability guide now contains a guide on how to configure an AWS Lambda to prevent an intended automatic failback from the Backup site to the Primary site.

Removing deprecated methods from AccessToken, IDToken, and JsonWebToken classes

In this release, we are finally removing deprecated methods from the following classes:

  • AccessToken

  • IDToken

  • JsonWebToken

For more details, see the Upgrading Guide.

Method getExp added to SingleUseObjectKeyModel

As a consequence of the removal of deprecated methods from AccessToken, IDToken, and JsonWebToken, the SingleUseObjectKeyModel also changed to keep consistency with the method names related to expiration values.

For more details, see the Upgrading Guide.

Support for PostgreSQL 16

The supported and tested databases now include PostgreSQL 16.

Introducing support for Customer Identity and Access Management (CIAM) and Multi-tenancy

In this release, we are delivering Keycloak Organizations as a technology preview feature.

This feature provides a realm with some core CIAM capabilities, which will serve as the baseline for more capabilities in the future to address Business-to-Business (B2B) and Business-to-Business-to-Customers (B2B2C) use cases.

In terms of functionality, the feature is completed. However, we still have work to do to make it fully supported in the next major release. This remaining work is mainly about preparing the feature for production deployments with a focus on scalability. Also, depending on the feedback we get until the next major release, we might eventually accept additional capabilities and add more value to the feature, without compromising its roadmap.

For more details, see Server Administration Guide.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

New features

  • #​25940 Support Credentials Issuance through the OID4VCI Protocol oid4vc
  • #​25942 Issue Verifiable Credentials in the SD-JWT-VC format oid4vc
  • #​25943 Issue Verifiable Credentials in the VCDM format oid4vc
  • #​25945 Extend Account Console to support Credentials Issuance Self-Service account/ui
  • #​26201 Introduce a new Authenticator to handle duplicate IdP broker links authentication
  • #​27673 Hardcoded SAML metadata URL in admin-v2 admin/ui
  • #​27728 Reflect new hostname v2 options in Keycloak CR operator
  • #​27729 Add documentation for Hostname v2 docs
  • #​27730 Release notes and Migration guide for Hostname v2 docs
  • #​28030 Create Argon2 password hashing provider
  • #​28400 Make RequiredActions configurable
  • #​28608 Allow onboarding organization members through a registration invitation link
  • #​28750 CLI options to disable encryption and authentication to external Infinispan dist/quarkus
  • #​28938 Need inline translation assistance for user profile attribute groups.
  • #​29491 Remove Oracle JDBC driver out of the box docs
  • #​29539 Add CRUD for organizations to admin client
  • #​29627 Expose Authorization Server Metadata Endpoint under /.well-known/oauth-authorization-server to comply with rfc8414 oid4vc
  • #​29634 Expose JWT VC Issuer Metadata /.well-known/jwt-vc-issuer to comply with SD-JWT VC Specification oid4vc

Enhancements

  • #​11757 Declarative User Profile: local-date validation and html5-date clash user-profile
  • #​13113 Conditionally enable and disable CLI options dist/quarkus
  • #​16295 JsonSerialization does not load all available modules from the classpath
  • #​17530 Add Portuguese translations
  • #​19334 Support management port for health and metrics in Quarkus 3 dist/quarkus
  • #​20736 uma-ticket returns 403 even though user has access, when User Realm Role isn't present in access Token authorization-services
  • #​20792 Make it clear that `Client Offline Token Max` should not be set when `Offline Session Max Limited` is disabled for realm admin/ui
  • #​20916 DefaultHttpClientFactory should handle the encoding of the response core
  • #​21185 Protocol mapper and client scope for sub claim
  • #​21344 Upgrade account theme to PatternFly 5 account/ui
  • #​21345 Upgrade admin theme to PatternFly 5 admin/ui
  • #​21439 Allow options to support any value in addition to a list of pre-defined values. dist/quarkus
  • #​21562 Make sure admin events are not referencing sensitive data from their representation admin/api
  • #​21961 Allow to provider password to kcadm (keycloak-admin-cli) via environment variable admin/cli
  • #​22436 Query users by 'LDAP_ID' is not working ldap
  • #​22711 Enable theme caches by default in start-dev dist/quarkus
  • #​24192 Refine how ConfigSource names are being used dist/quarkus
  • #​24264 Passkeys: Supporting WebAuthn Conditional UI authentication/webauthn
  • #​24466 Look if checks in IntrospectionEndpoint can be simplified oidc
  • #​25057 Inconsistent behaviour on getting user permissions using authorization authorization-services
  • #​25114 User Profile "Input placeholder" and other annotations - Use Localization keys user-profile
  • #​26162 Optimize query batching and result fetching by tuning Hibernate parameters
  • #​26443 Show an error message when file does not exist for the `config-file` parameter dist/quarkus
  • #​26504 Localization Proposal 2 admin/ui
  • #​26654 Initial client policies integration for SAML saml
  • #​26657 Map Storage Removal: Remove deprecated model/legacy module storage
  • #​26695 Keycloak and MSAD: enabling account in MSAD does not propagate to Keycloak ldap
  • #​26713 Refactoring JavaScript code of WebAuthn's authenticators to follow the current Keycloak's JavaScript coding convention authentication/webauthn
  • #​27264 Trivy Analysis warnings should be fixed
  • #​27433 Clarify format of keys in `additionalOptions` field in the Keycloak CR docs
  • #​27442 Use browser router for Account Console account/ui
  • #​27481 Edit High Availability guide
  • #​27484 Edit 23.0 changes part of Upgrading Guide
  • #​27494 Use JDK17 functionality in the KC Operator operator
  • #​27508 Use new remote-store options in HA guides
  • #​27509 Upgrade to Aurora Postgres 15.5
  • #​27515 `ClusterProvider` should no longer be deprecated now that "legacy" is the default
  • #​27527 CS and SK localized messages need an update
  • #​27544 Expose quarkus syslog logging now GELF is being deprecated from Keycloak dist/quarkus
  • #​27545 Simplify handling of profile features in test cases
  • #​27549 Make general `cache` options runtime dist/quarkus
  • #​27574 Support for script providers when running in embedded mode testsuite
  • #​27602 Remove offline session preloading
  • #​27614 Remove additional handlers for health and metrics endpoints dist/quarkus
  • #​27632 Integrate downstream Upgrading Guide changes into upstream
  • #​27696 Upgrade to Quarkus 3.8.2 dist/quarkus
  • #​27724 Enable Infinispan metrics by default
  • #​27787 Missing API documentation for /admin/realms/{realm}/groups/{group-id}
  • #​27871 Upgrade to Infinispan 14.0.26 core
  • #​27924 Enable http metrics once Quarkus 3.8.3 is available
  • #​27953 Address feedback to Keycloak Server guide docs
  • #​27976 Persist online sessions to the database
  • #​27997 Make the Language Selector sorted and searchable
  • #​28009 Address edits to the Operator Guide
  • #​28033 Upgrade Infinispan to 14.0.27.Final
  • #​28035 update for messages_de.properties required translations
  • #​28084 Upgrade to Quarkus 3.8.3 dist/quarkus
  • #​28120 Default password hashing algorithm should be set to default password hash provider
  • #​28142 Update HA Guide now that non-XA mode is the default
  • #​28145 Align help output for Quarkus distribution across Windows and Linux dist/quarkus
  • #​28161 Use Argon2 password hashing by default
  • #​28178 Provide histograms for http server metrics
  • #​28256 Prevent duplicate form submission in Create realm dialog in admin ui admin/ui
  • #​28318 Use the same new code for persistent sessions for offline sessions core
  • #​28336 Provide a dedicated way of updating Quarkus classloading indices
  • #​28388 Handle concurrent writes to sessions more gracefullly
  • #​28429 Add details to error messages, especially around refresh tokens
  • #​28436 When LDAP groups synchronization fails, show root cause in admin UI admin/api
  • #​28448 Avoid deprecated `jboss-modules` method usage
  • #​28453 More conventional looking conditional element in authentication diagram admin/ui
  • #​28460 Polishing docs for lightweight tokens oidc
  • #​28477 The concurrency of hashing leads to increased memory usage and CPU throttling
  • #​28501 Batch updates to the database to avoid using too many IOPS
  • #​28517 Java 21 support
  • #​28567 Change user_id value for REFRESH_TOKEN and REFRESH_TOKEN_ERROR events oidc
  • #​28616 Add ui-tab context information into the onCreate
  • #​28650 Improve german translations for admin ui
  • #​28654 Refine the warning produced when a non-cli build-time property is used at runtime dist/quarkus
  • #​28672 For client-credential-grants, there shouldn't be an interaction with the authentication cache
  • #​28729 Emphasize the need for setting container limit docs
  • #​28814 Add missing german translations for user federation in admin UI
  • #​28848 Automatically fill username when authenticating to through a broker
  • #​28861 Improve the performance of the PermissionTicketStore.findGrantedResources method authorization-services
  • #​28862 Improve persistent sessions DB throughput for logins/logouts by batching
  • #​28879 Indicate whether a user is transient or not in user sessions list
  • #​28880 Upgrade to Quarkus 3.8.4 dist/quarkus
  • #​28906 ID fields in SessionWrapper should be immutable
  • #​28926 Store extended error message in events for client credential grants
  • #​28935 Ensure GroupResource.getSubGroups doesn't rely on no-arg version of GroupModel.getSubGroupsStream to avoid prematurely loading all subgroups storage
  • #​28939 OIDC: Backchannel logout token should use "typ":"logout+jwt" oidc
  • #​28974 Replace tooltip for adding a translation to an attribute with a text underneath `Display name`
  • #​29023 Support adding existing users to an organization
  • #​29068 Infinispan 15.0.3.Final
  • #​29073 Use cache.compute() method to improve the replace retry loop
  • #​29118 Conditionally run Quarkus IT in

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/major-keycloak-updates branch from 73ca6f3 to 2902377 Compare July 19, 2024 02:42
@renovate renovate bot force-pushed the renovate/major-keycloak-updates branch from 2902377 to 01b50cf Compare July 31, 2024 05:47
@renovate renovate bot changed the title fix(deps): update keycloak-updates to v25 (major) fix(deps): update keycloak-updates (major) Jul 31, 2024
@renovate renovate bot force-pushed the renovate/major-keycloak-updates branch from 01b50cf to 4d15c5a Compare August 17, 2024 11:34
| datasource | package                                  | from    | to     |
| ---------- | ---------------------------------------- | ------- | ------ |
| maven      | org.bouncycastle:bcpg-fips               | 1.0.7.1 | 2.0.9  |
| maven      | org.keycloak:keycloak-crypto-default     | 24.0.5  | 25.0.4 |
| maven      | org.keycloak:keycloak-services           | 24.0.5  | 25.0.4 |
| maven      | org.keycloak:keycloak-server-spi-private | 24.0.5  | 25.0.4 |
| maven      | org.keycloak:keycloak-server-spi         | 24.0.5  | 25.0.4 |
| maven      | org.keycloak:keycloak-core               | 24.0.5  | 25.0.4 |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant