Keycloak 26.0.6 release

keycloak · Nov 22, 2024 · 4296ee5 · 4296ee5
1 parent e1b68ed
commit 4296ee5
Show file tree

Hide file tree

Showing 5 changed files with 368 additions and 1 deletion.
diff --git a/cache/releases/26.0.6/changelog.json b/cache/releases/26.0.6/changelog.json
@@ -0,0 +1,274 @@
+[ {
+  "number" : 609,
+  "repository" : "keycloak-quickstarts",
+  "title" : "Workflow failure - Jakarta - SAMLServiceProviderTest.testAccessAccountManagement",
+  "kind" : "bug",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak-quickstarts/issues/609"
+}, {
+  "number" : 11008,
+  "repository" : "keycloak",
+  "title" : "Incorrect get the members of a group imported from LDAP",
+  "kind" : "bug",
+  "area" : "ldap",
+  "url" : "https://github.com/keycloak/keycloak/issues/11008"
+}, {
+  "number" : 17593,
+  "repository" : "keycloak",
+  "title" : "Incorrect ldap-group-mapper chosen to sync changes to ActiveDirectory when several mappers with varying group paths used ",
+  "kind" : "bug",
+  "area" : "ldap",
+  "url" : "https://github.com/keycloak/keycloak/issues/17593"
+}, {
+  "number" : 19652,
+  "repository" : "keycloak",
+  "title" : "Members are inhereted from LDAP group with the same name",
+  "kind" : "bug",
+  "area" : "ldap",
+  "url" : "https://github.com/keycloak/keycloak/issues/19652"
+}, {
+  "number" : 23732,
+  "repository" : "keycloak",
+  "title" : "JavascriptAdapterTest errors when running with strict cookies on Firefox",
+  "kind" : "bug",
+  "area" : "ci",
+  "url" : "https://github.com/keycloak/keycloak/issues/23732"
+}, {
+  "number" : 27856,
+  "repository" : "keycloak",
+  "title" : "Social login - Stack Overflow test fails",
+  "kind" : "bug",
+  "area" : "ci",
+  "url" : "https://github.com/keycloak/keycloak/issues/27856"
+}, {
+  "number" : 31456,
+  "repository" : "keycloak",
+  "title" : "Enabling/Disabling user does not work with Microsoft AD LDAP via Admin API/UI",
+  "kind" : "bug",
+  "area" : "ldap",
+  "url" : "https://github.com/keycloak/keycloak/issues/31456"
+}, {
+  "number" : 32651,
+  "repository" : "keycloak",
+  "title" : "Mark slf4j-api as not optional for the 24 release",
+  "kind" : "task",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/32651"
+}, {
+  "number" : 32786,
+  "repository" : "keycloak",
+  "title" : "Organization Domain not marked as a required field in the Admin UI",
+  "kind" : "bug",
+  "area" : "admin/ui",
+  "url" : "https://github.com/keycloak/keycloak/issues/32786"
+}, {
+  "number" : 33531,
+  "repository" : "keycloak",
+  "title" : "Previously entered translations should persist in the translation dialog for the attribute groups",
+  "kind" : "bug",
+  "area" : "admin/ui",
+  "url" : "https://github.com/keycloak/keycloak/issues/33531"
+}, {
+  "number" : 34013,
+  "repository" : "keycloak",
+  "title" : "Add More Info to Organization Events",
+  "kind" : "bug",
+  "area" : "organizations",
+  "url" : "https://github.com/keycloak/keycloak/issues/34013"
+}, {
+  "number" : 34065,
+  "repository" : "keycloak",
+  "title" : "Users without `view-realm` can't see user lockout state in Admin UI ",
+  "kind" : "bug",
+  "area" : "admin/ui",
+  "url" : "https://github.com/keycloak/keycloak/issues/34065"
+}, {
+  "number" : 34201,
+  "repository" : "keycloak",
+  "title" : "OIDC IdP Unable to validate signatures using validatingPublicKey certificate",
+  "kind" : "bug",
+  "area" : "admin/ui",
+  "url" : "https://github.com/keycloak/keycloak/issues/34201"
+}, {
+  "number" : 34315,
+  "repository" : "keycloak",
+  "title" : "Update the Keycloak CPU and Memory sizing guide to reflect the new ec2 workder nodes",
+  "kind" : "enhancement",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/34315"
+}, {
+  "number" : 34335,
+  "repository" : "keycloak",
+  "title" : "NPE in Organization(s)Resource when using Quarkus Rest Client",
+  "kind" : "bug",
+  "area" : "admin/api",
+  "url" : "https://github.com/keycloak/keycloak/issues/34335"
+}, {
+  "number" : 34386,
+  "repository" : "keycloak",
+  "title" : "Some dynamic imported functions are also statically imported making bundling them in-efficient",
+  "kind" : "enhancement",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/34386"
+}, {
+  "number" : 34401,
+  "repository" : "keycloak",
+  "title" : "Incorrect Content-Type Expectation for POST /admin/realms/{realm}/organizations/{id}/members in Keycloak API",
+  "kind" : "bug",
+  "area" : "admin/api",
+  "url" : "https://github.com/keycloak/keycloak/issues/34401"
+}, {
+  "number" : 34465,
+  "repository" : "keycloak",
+  "title" : "Missing help icons in Webauthn Policy and Webauthn Passwordless Policy missing in admin ui",
+  "kind" : "bug",
+  "area" : "admin/ui",
+  "url" : "https://github.com/keycloak/keycloak/issues/34465"
+}, {
+  "number" : 34519,
+  "repository" : "keycloak",
+  "title" : "Clicking on link to Keycloak documentation from Keycloak admin UI does nothing instead of opening documentation",
+  "kind" : "bug",
+  "area" : "admin/ui",
+  "url" : "https://github.com/keycloak/keycloak/issues/34519"
+}, {
+  "number" : 34549,
+  "repository" : "keycloak",
+  "title" : "Quarkus dev mode does not work",
+  "kind" : "bug",
+  "area" : "dist/quarkus",
+  "url" : "https://github.com/keycloak/keycloak/issues/34549"
+}, {
+  "number" : 34570,
+  "repository" : "keycloak",
+  "title" : "Make documentation more clear that keycloak javascript adapter and node.js adapter are OIDC",
+  "kind" : "enhancement",
+  "area" : "docs",
+  "url" : "https://github.com/keycloak/keycloak/issues/34570"
+}, {
+  "number" : 34572,
+  "repository" : "keycloak",
+  "title" : "Text in \"Choose a policy type\" is not wrapping",
+  "kind" : "bug",
+  "area" : "admin/ui",
+  "url" : "https://github.com/keycloak/keycloak/issues/34572"
+}, {
+  "number" : 34603,
+  "repository" : "keycloak",
+  "title" : "NPE in InfinispanOrganizationProvider if userCache is disabled",
+  "kind" : "bug",
+  "area" : "infinispan",
+  "url" : "https://github.com/keycloak/keycloak/issues/34603"
+}, {
+  "number" : 34624,
+  "repository" : "keycloak",
+  "title" : "Securing apps guide breaks downstream",
+  "kind" : "bug",
+  "area" : "docs",
+  "url" : "https://github.com/keycloak/keycloak/issues/34624"
+}, {
+  "number" : 34634,
+  "repository" : "keycloak",
+  "title" : "Missing downstream explicit name for anchors",
+  "kind" : "bug",
+  "area" : "docs",
+  "url" : "https://github.com/keycloak/keycloak/issues/34634"
+}, {
+  "number" : 34644,
+  "repository" : "keycloak",
+  "title" : "KC_CACHE_EMBEDDED_MTLS_ENABLED is ignored",
+  "kind" : "bug",
+  "area" : "infinispan",
+  "url" : "https://github.com/keycloak/keycloak/issues/34644"
+}, {
+  "number" : 34655,
+  "repository" : "keycloak",
+  "title" : "Use weekly cache for PNPM store",
+  "kind" : "task",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/34655"
+}, {
+  "number" : 34671,
+  "repository" : "keycloak",
+  "title" : "`ClientConnection.getRemoteAddr` can return a hostname when behind a reverse proxy",
+  "kind" : "bug",
+  "area" : "core",
+  "url" : "https://github.com/keycloak/keycloak/issues/34671"
+}, {
+  "number" : 34681,
+  "repository" : "keycloak",
+  "title" : "[Testsuite CI] Surefire Reports - support release 26.0",
+  "kind" : "task",
+  "area" : "testsuite",
+  "url" : "https://github.com/keycloak/keycloak/issues/34681"
+}, {
+  "number" : 34687,
+  "repository" : "keycloak",
+  "title" : "New credential templates broken in KC26",
+  "kind" : "bug",
+  "area" : "login/ui",
+  "url" : "https://github.com/keycloak/keycloak/issues/34687"
+}, {
+  "number" : 34855,
+  "repository" : "keycloak",
+  "title" : "Add conditional text to Installation Locations",
+  "kind" : "enhancement",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/34855"
+}, {
+  "number" : 34873,
+  "repository" : "keycloak",
+  "title" : "Update Leveraging JaKarta EE in Server Development guide",
+  "kind" : "enhancement",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/34873"
+}, {
+  "number" : 34887,
+  "repository" : "keycloak",
+  "title" : "Apply QE edits to High Availability guide",
+  "kind" : "enhancement",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/34887"
+}, {
+  "number" : 34905,
+  "repository" : "keycloak",
+  "title" : "[Keycloak CI] Outdated surefire artifacts names - Quarkus IT and UT",
+  "kind" : "bug",
+  "area" : "ci",
+  "url" : "https://github.com/keycloak/keycloak/issues/34905"
+}, {
+  "number" : 35213,
+  "repository" : "keycloak",
+  "title" : "CVE-2024-10451 Sensitive Data Exposure in Keycloak Build Process",
+  "kind" : "bug",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/35213"
+}, {
+  "number" : 35214,
+  "repository" : "keycloak",
+  "title" : "CVE-2024-10270 Potential Denial of Service",
+  "kind" : "bug",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/35214"
+}, {
+  "number" : 35215,
+  "repository" : "keycloak",
+  "title" : "CVE-2024-10492 Keycloak path trasversal",
+  "kind" : "bug",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/35215"
+}, {
+  "number" : 35216,
+  "repository" : "keycloak",
+  "title" : "CVE-2024-9666 Keycloak proxy header handling Denial-of-Service (DoS) vulnerability",
+  "kind" : "bug",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/35216"
+}, {
+  "number" : 35217,
+  "repository" : "keycloak",
+  "title" : "CVE-2024-10039 Bypassing mTLS validation",
+  "kind" : "bug",
+  "area" : null,
+  "url" : "https://github.com/keycloak/keycloak/issues/35217"
+} ]
diff --git a/cache/releases/26.0.6/gh-release-notes.html b/cache/releases/26.0.6/gh-release-notes.html
@@ -0,0 +1,70 @@
+<div>
+    <h2>Highlights</h2>
+<div class="sect2">
+<h3 id="_admin_events_might_include_now_additional_details_about_the_context_when_the_event_is_fired">Admin events might include now additional details about the context when the event is fired</h3>
+<div class="paragraph">
+<p>In this release, admin events might hold additional details about the context when the event is fired. When upgrading you should
+expect the database schema being updated to add a new column <code>DETAILS_JSON</code> to the <code>ADMIN_EVENT_ENTITY</code> table.</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_updates_to_documentation_of_x_509_client_certificate_lookup_via_proxy">Updates to documentation of X.509 client certificate lookup via proxy</h3>
+<div class="paragraph">
+<p>Potential vulnerable configurations have been identified in the X.509 client certificate lookup when using a reverse proxy.
+Additional configuration steps might be required depending on your current configuration. Make sure to review the updated
+<a href="https://www.keycloak.org/server/reverseproxy#_enabling_client_certificate_lookup">reverse proxy guide</a> if you have configured
+the client certificate lookup via a proxy header.</p>
+</div>
+</div>
+<h2>Upgrading</h2>
+<p>Before upgrading refer to <a href="file:/home/runner/work/keycloak-rel/keycloak-rel/target/web/docs/latest/upgrading/index.html#migration-changes">the migration guide</a> for a complete list of changes.</p>
+
+<h2>All resolved issues</h2>
+
+
+
+<h3>Enhancements</h3>
+<ul>
+<li><a href="https://github.com/keycloak/keycloak/issues/34315">#34315</a> Update the Keycloak CPU and Memory sizing guide to reflect the new ec2 workder nodes </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34386">#34386</a> Some dynamic imported functions are also statically imported making bundling them in-efficient </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34570">#34570</a> Make documentation more clear that keycloak javascript adapter and node.js adapter are OIDC <code>docs</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34855">#34855</a> Add conditional text to Installation Locations </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34873">#34873</a> Update Leveraging JaKarta EE in Server Development guide </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34887">#34887</a> Apply QE edits to High Availability guide </li>
+</ul>
+
+<h3>Bugs</h3>
+<ul>
+<li><a href="https://github.com/keycloak/keycloak-quickstarts/issues/609">#609</a> Workflow failure - Jakarta - SAMLServiceProviderTest.testAccessAccountManagement </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/11008">#11008</a> Incorrect get the members of a group imported from LDAP <code>ldap</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/17593">#17593</a> Incorrect ldap-group-mapper chosen to sync changes to ActiveDirectory when several mappers with varying group paths used  <code>ldap</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/19652">#19652</a> Members are inhereted from LDAP group with the same name <code>ldap</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/23732">#23732</a> JavascriptAdapterTest errors when running with strict cookies on Firefox <code>ci</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/27856">#27856</a> Social login - Stack Overflow test fails <code>ci</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/31456">#31456</a> Enabling/Disabling user does not work with Microsoft AD LDAP via Admin API/UI <code>ldap</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/32786">#32786</a> Organization Domain not marked as a required field in the Admin UI <code>admin/ui</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/33531">#33531</a> Previously entered translations should persist in the translation dialog for the attribute groups <code>admin/ui</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34013">#34013</a> Add More Info to Organization Events <code>organizations</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34065">#34065</a> Users without `view-realm` can't see user lockout state in Admin UI  <code>admin/ui</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34201">#34201</a> OIDC IdP Unable to validate signatures using validatingPublicKey certificate <code>admin/ui</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34335">#34335</a> NPE in Organization(s)Resource when using Quarkus Rest Client <code>admin/api</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34401">#34401</a> Incorrect Content-Type Expectation for POST /admin/realms/{realm}/organizations/{id}/members in Keycloak API <code>admin/api</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34465">#34465</a> Missing help icons in Webauthn Policy and Webauthn Passwordless Policy missing in admin ui <code>admin/ui</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34519">#34519</a> Clicking on link to Keycloak documentation from Keycloak admin UI does nothing instead of opening documentation <code>admin/ui</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34549">#34549</a> Quarkus dev mode does not work <code>dist/quarkus</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34572">#34572</a> Text in "Choose a policy type" is not wrapping <code>admin/ui</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34603">#34603</a> NPE in InfinispanOrganizationProvider if userCache is disabled <code>infinispan</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34624">#34624</a> Securing apps guide breaks downstream <code>docs</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34634">#34634</a> Missing downstream explicit name for anchors <code>docs</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34644">#34644</a> KC_CACHE_EMBEDDED_MTLS_ENABLED is ignored <code>infinispan</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34671">#34671</a> `ClientConnection.getRemoteAddr` can return a hostname when behind a reverse proxy <code>core</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34687">#34687</a> New credential templates broken in KC26 <code>login/ui</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/34905">#34905</a> [Keycloak CI] Outdated surefire artifacts names - Quarkus IT and UT <code>ci</code></li>
+<li><a href="https://github.com/keycloak/keycloak/issues/35213">#35213</a> CVE-2024-10451 Sensitive Data Exposure in Keycloak Build Process </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/35214">#35214</a> CVE-2024-10270 Potential Denial of Service </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/35215">#35215</a> CVE-2024-10492 Keycloak path trasversal </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/35216">#35216</a> CVE-2024-9666 Keycloak proxy header handling Denial-of-Service (DoS) vulnerability </li>
+<li><a href="https://github.com/keycloak/keycloak/issues/35217">#35217</a> CVE-2024-10039 Bypassing mTLS validation </li>
+</ul>
+
+</div>
diff --git a/cache/releases/26.0.6/release-notes.html b/cache/releases/26.0.6/release-notes.html
@@ -0,0 +1,16 @@
+<div class="sect2">
+<h3 id="_admin_events_might_include_now_additional_details_about_the_context_when_the_event_is_fired">Admin events might include now additional details about the context when the event is fired</h3>
+<div class="paragraph">
+<p>In this release, admin events might hold additional details about the context when the event is fired. When upgrading you should
+expect the database schema being updated to add a new column <code>DETAILS_JSON</code> to the <code>ADMIN_EVENT_ENTITY</code> table.</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_updates_to_documentation_of_x_509_client_certificate_lookup_via_proxy">Updates to documentation of X.509 client certificate lookup via proxy</h3>
+<div class="paragraph">
+<p>Potential vulnerable configurations have been identified in the X.509 client certificate lookup when using a reverse proxy.
+Additional configuration steps might be required depending on your current configuration. Make sure to review the updated
+<a href="https://www.keycloak.org/server/reverseproxy#_enabling_client_certificate_lookup">reverse proxy guide</a> if you have configured
+the client certificate lookup via a proxy header.</p>
+</div>
+</div>
diff --git a/pom.xml b/pom.xml
@@ -20,7 +20,7 @@
         <version.commons-io>2.14.0</version.commons-io>
         <version.commons-compress>1.26.0</version.commons-compress>
 
-        <version.keycloak>26.0.5</version.keycloak>
+        <version.keycloak>26.0.6</version.keycloak>
         <version.keycloak.client>26.0.3</version.keycloak.client>
 
         <version.frontend-maven-plugin>1.12.1</version.frontend-maven-plugin>

diff --git a/versions/26.0.6.json b/versions/26.0.6.json
@@ -0,0 +1,7 @@
+{
+  "date": "2024-11-22",
+  "version": "26.0.6",
+  "blogTemplate": 3,
+  "documentationTemplate": 12,
+  "downloadTemplate": 24
+}