Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency keycloak-js to v26 #4005

Closed
wants to merge 1 commit into from

Conversation

bcgov-wps
Copy link
Collaborator

@bcgov-wps bcgov-wps commented Oct 12, 2024

This PR contains the following updates:

Package Type Update Change
keycloak-js (source) dependencies major ^25.0.0 -> ^26.0.0

Release Notes

keycloak/keycloak (keycloak-js)

v26.0.0

Compare Source

Highlights

Organizations supported

Starting with Keycloak 26, the Organizations feature is fully supported.

Client libraries updates

Dedicated release cycle for the client libraries

From this release, some of the Keycloak client libraries will have release cycle independent of the Keycloak server release cycle. The 26.0.0 release may be the last one when the client libraries are released together with the Keycloak server. But from now on, the client libraries may be released at a different time than the Keycloak server.

The client libraries are these artifacts:

  • Java admin client - Maven artifact org.keycloak:keycloak-admin-client

  • Java authorization client - Maven artifact org.keycloak:keycloak-authz-client

  • Java policy enforcer - Maven artifact org.keycloak:keycloak-policy-enforcer

It is possible that in the future, some more libraries will be included.

The client libraries are supported with Java 8, so it is possible to use them with the client applications deployed on the older application servers.

Compatibility of the client libraries with the server

Beginning with this release, we are testing and supporting client libraries with the same server version and a few previous major server versions.

For details about supported versions of client libraries with server versions, see the Upgrading Guide.

User sessions persisted by default

Keycloak 25 introduced the feature persistent-user-sessions. With this feature enabled all user sessions are persisted in the database as opposed to the previous behavior where only offline sessions were persisted. In Keycloak 26, this feature is enabled by default. This means that all user sessions are persisted in the database by default.

It is possible to revert this behavior to the previous state by disabling the feature. Follow the Volatile user sessions section in Configuring distributed caches guide for more details.

For information on how to upgrade, see the Upgrading Guide.

New default login theme

There is now a new version (v2) of the keycloak login theme, which provides an improved look and feel, including support for switching automatically to a dark theme based on user preferences.

The previous version (v1) is now deprecated, and will be removed in a future release.

For all new realms, keycloak.v2 will be the default login theme. Also, any existing realm that never explicitly set a login theme will be switched to keycloak.v2.

Highly available multi-site deployments

Keycloak 26 introduces significant improvements to the recommended HA multi-site architecture, most notably:

  • Keycloak deployments are now able to handle user requests simultaneously in both sites.

  • Active monitoring of the connectivity between the sites is now required to update the replication between the sites in case of a failure.

  • The loadbalancer blueprint has been updated to use the AWS Global Accelerator as this avoids prolonged fail-over times caused by DNS caching by clients.

  • Persistent user sessions are now a requirement of the architecture. Consequently, user sessions will be kept on Keycloak or Infinispan upgrades.

For information on how to migrate, see the Upgrading Guide.

Admin Bootstrapping and Recovery

In the past, regaining access to a Keycloak instance when all admin users were locked out was a challenging and complex process. Recognizing these challenges and aiming to significantly enhance the user experience, Keycloak now offers several straightforward methods to bootstrap a temporary admin account and recover lost admin access.

It is now possible to run the start or start-dev commands with specific options to create a temporary admin account. Additionally, a new dedicated command has been introduced, which allows users to regain admin access without hassle.

For detailed instructions and more information on this topic, refer to the Admin Bootstrap and Recovery guide.

OpenTelemetry Tracing preview

The underlying Quarkus support for OpenTelemetry Tracing has been exposed to Keycloak and allows obtaining application traces for better observability. It helps to find performance bottlenecks, determine the cause of application failures, trace a request through the distributed system, and much more. The support is in preview mode, and we would be happy to obtain any feedback.

For more information, see the Enabling Tracing guide.

OpenID for Verifiable Credential Issuance

The OpenID for Verifiable Credential Issuance (OID4VCI) is still an experimental feature in Keycloak, but it was greatly improved in this release. You will find significant development and discussions in the Keycloak OAuth SIG. Anyone from the Keycloak community is welcome to join.

Many thanks to all members of the OAuth SIG group for the participation on the development and discussions about this feature. Especially thanks to the Francis Pouatcha, Pascal Knüppel, Takashi Norimatsu, Ingrid Kamga, Stefan Wiedemann and Thomas Darimont

DPoP improvements

The DPoP (OAuth 2.0 Demonstrating Proof-of-Possession) preview feature has improvements. The DPoP is now supported for all grant types. With previous releases, this feature was supported only for the authorization_code grant type. Support also exists for the DPoP token type on the UserInfo endpoint.

Many thanks to Pascal Knüppel for the contribution.

Removal of GELF logging handler

GELF support has been deprecated for a while now, and with this release it has been finally removed from Keycloak. Other log handlers are available and fully supported to be used as a replacement of GELF, for example Syslog. For details see the Logging guide.

Lightweight access tokens for Admin REST API

Lightweight access tokens can now be used on the admin REST API. The security-admin-console and admin-cli clients are now using lightweight access tokens by default, so “Always Use Lightweight Access Token” and “Full Scope Allowed” are now enabled on these two clients. However, the behavior in the admin console should effectively remain the same. Be cautious if you have made changes to these two clients and if you are using them for other purposes.

Keycloak JavaScript adapter now standalone

Keycloak JavaScript adapter is now a standalone library and is therefore no longer served statically from the Keycloak server. The goal is to de-couple the library from the Keycloak server, so that it can be refactored independently, simplifying the code and making it easier to maintain in the future. Additionally, the library is now free of third-party dependencies, which makes it more lightweight and easier to use in different environments.

For a complete breakdown of the changes consult the Upgrading Guide.

Hostname v1 feature removed

The deprecated hostname v1 feature was removed. This feature was deprecated in Keycloak 25 and replaced by hostname v2. If you are still using this feature, you must migrate to hostname v2. For more details, see the Configuring the hostname (v2) and the initial migration guide.

Automatic redirect from root to relative path

User is automatically redirected to the path where Keycloak is hosted when the http-relative-path property is specified. It means when the relative path is set to /auth, and the user access localhost:8080/, the page is redirected to localhost:8080/auth.

The same applies to the management interface when the http-management-relative-path or http-relative-path property is specified.

It improves user experience as users no longer need to set the relative path to the URL explicitly.

Persisting revoked access tokens across restarts

In this release, revoked access tokens are written to the database and reloaded when the cluster is restarted by default when using the embedded caches.

For information on how to migrate, see the Upgrading Guide.

Client Attribute condition in Client Policies

The condition based on the client-attribute was added into Client Policies. You can use condition to specify for the clients with the specified client attribute having a specified value. It is possible to use either an AND or OR condition when evaluating this condition as mentioned in the documentation for client policies.

Many thanks to Yoshiyuki Tabata for the contribution.

Specify different log levels for log handlers

It is possible to specify log levels for all available log handlers, such as console, file, or syslog. The more fine-grained approach provides the ability to control logging over the whole application and be tailored to your needs.

For more information, see the Logging guide.

Proxy option removed

The deprecated proxy option was removed. This option was deprecated in Keycloak 24 and replaced by the proxy-headers option in combination with hostname options as needed. For more details, see using a reverse proxy and the initial migration guide.

Option proxy-trusted-addresses added

The proxy-trusted-addresses can be used when the proxy-headers option is set to specify a allowlist of trusted proxy addresses. If the proxy address for a given request is not trusted, then the respective proxy header values will not be used.

Option proxy-protocol-enabled added

The proxy-protocol-enabled option controls whether the server should use the HA PROXY protocol when serving requests from behind a proxy. When set to true, the remote address returned will be the one from the actual connecting client.

Option to reload trust and key material added

The https-certificates-reload-period option can be set to define the reloading period of key store, trust store, and certificate files referenced by https-* options. Use -1 to disable reloading. Defaults to 1h (one hour).

Options to configure cache max-count added

The --cache-embedded-${CACHE_NAME}-max-count= can be set to define an upper bound on the number of cache entries in the specified cache.

The https-trust-store-* options have been undeprecated

Based on the community feedback, we decided to undeprecate https-trust-store-* options to allow better granularity in trusted certificates.

The java-keystore key provider supports more algorithms and vault secrets

The java-keystore key provider, which allows loading a realm key from an external java keystore file, has been modified to manage all Keycloak algorithms. Besides, the keystore and key secrets, needed to retrieve the actual key from the store, can be configured using the vault. Therefore a Keycloak realm can externalize any key to the encrypted file without sensitive data stored in the database.

For more information about this subject, see Configuring realm keys.

Adding support for ECDH-ES encryption key management algorithms

Now Keycloak allows configuring ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW or ECDH-ES+A256KW as the encryption key management algorithm for clients. The Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) specification introduces three new header parameters for the JWT: epk, apu and apv. Currently Keycloak implementation only manages the compulsory epk while the other two (which are optional) are never added to the header. For more information about those algorithms please refer to the JSON Web Algorithms (JWA).

Also, a new key provider, ecdh-generated, is available to generate realm keys and support for ECDH algorithms is added into the Java KeyStore provider.

Many thanks to Justin Tay for the contribution.

Support for multiple instances of a social broker in a realm

It is now possible to have multiple instances of the same social broker in a realm.

Most of the time a realm does not need multiple instances of the same social broker. But due to the introduction of the organization feature, it should be possible to link different instances of the same social broker to different organizations.

When creating a social broker, you should now provide an Alias and optionally a Display name just like any other broker.

New generalized event types for credentials

There are now generalized events for updating (UPDATE_CREDENTIAL) and removing (REMOVE_CREDENTIAL) a credential. The credential type is described in the credential_type attribute of the events. The new event types are supported by the Email Event Listener.

The following event types are now deprecated and will be removed in a future version: UPDATE_PASSWORD, UPDATE_PASSWORD_ERROR, UPDATE_TOTP, UPDATE_TOTP_ERROR, REMOVE_TOTP, REMOVE_TOTP_ERROR

The template.ftl file in the base/login and the keycloak.v2/login theme now allows to customize the footer of the login box. This can be used to show common links or include custom scripts at the end of the page.

The new footer.ftl template provides a content macro that is rendered at the bottom of the "login box".

Keycloak CR supports standard scheduling options

The Keycloak CR now exposes first class properties for controlling the scheduling of your Keycloak Pods.

For more details, see the Operator Advanced Configuration.

KeycloakRealmImport CR supports placeholder replacement

The KeycloakRealmImport CR now exposes spec.placeholders to create environment variables for placeholder replacement in the import.

For more details, see the Operator Realm Import.

Configuring the LDAP Connection Pool

In this release, the LDAP connection pool configuration relies solely on system properties.

For more details, see Configuring the connection pool.

Infinispan marshalling changes to Infinispan Protostream

Marshalling is the process of converting Java objects into bytes to send them across the network between Keycloak servers. With Keycloak 26, we changed the marshalling format from JBoss Marshalling to Infinispan Protostream.

Warning
JBoss Marshalling and Infinispan Protostream are not compatible with each other and incorrect usage may lead to data loss. Consequently, all caches are cleared when upgrading to this version.

Infinispan Protostream is based on Protocol Buffers (proto 3), which has the advantage of backwards/forwards compatibility.

Removal of OSGi metadata

Since all of the Java adapters that used OSGi metadata have been removed we have stopped generating OSGi metadata for our jars.

With the goal of improving the scalability of groups, they are now removed directly from the database when removing a realm. As a consequence, group-related events like the GroupRemovedEvent are no longer fired when removing a realm.

For information on how to migrate, see the Upgrading Guide.

Identity Providers no longer available from the realm representation

As part of the improvements around the scalability of realms and organizations when they have many identity providers, the realm representation no longer holds the list of identity providers. However, they are still available from the realm representation when exporting a realm.

For information on how to migrate, see the Upgrading Guide.

Securing Applications documentation converted into the guide format

The Securing Applications and Services documentation was converted into the new format similar to the Server Installation and Configuration documentation converted in the previous releases. The documentation is now available under Keycloak Guides.

Removal of legacy cookies

Keycloak no longer sends _LEGACY cookies, which where introduced as a work-around to older browsers not supporting the SameSite flag on cookies.

The _LEGACY cookies also served another purpose, which was to allow login from an insecure context. Although, this is not recommended at all in production deployments of Keycloak, it is fairly frequent to access Keycloak over http outside of localhost. As an alternative to the _LEGACY cookies Keycloak now doesn&#​8217;t set the secure flag and sets SameSite=Lax instead of SameSite=None when it detects an insecure context is used.

Property origin in the UserRepresentation is deprecated

The origin property in the UserRepresentation is deprecated and planned to be removed in future releases.

Instead, prefer using the federationLink property to obtain the provider to which a user is linked with.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Deprecated features

  • #​600 De-couple quickstarts from statically served Keycloak JS quickstarts

New features

  • #​20342 Duplicate groups in the admin console of Keycloak admin/ui
  • #​26178 Support dark mode, at least for the login pages login/ui
  • #​29324 Bootstrapping an admin user using a dedicated command dist/quarkus
  • #​29755 Support AES and HMAC Key-Imports for the JavaKeystoreKeyProvider
  • #​30002 Bootstrapping an admin service account using a dedicated command dist/quarkus
  • #​30009 Warnings for temporary admin user and service account core
  • #​30011 Document admin bootstrapping and recovery docs
  • #​30682 Group assignment: Display disabled information from user admin/ui
  • #​30795 Initiate create events if ClientScopes are created
  • #​31421 Add Events for Organization Creation and Member Assignment organizations
  • #​31642 Include organization attributes and information in ID and access tokens organizations
  • #​31643 Implement invitation-only self-registration for realm users organizations
  • #​32030 Retry remote cache operations with back off
  • #​32135 Option to specify trusted proxies dist/quarkus
  • #​32553 Expose Password Policies in FreeMarker Context for Login Themes

Enhancements

  • #​583 Update dependency on keycloak-client in main branch to 999.0.0-SNAPSHOT quickstarts
  • #​10114 Specific events for webauthn register authentication/webauthn
  • #​10492 Support proxy_protocol
  • #​14073 SAML 2.0 HTTP-Artifact binding
  • #​15769 update or replace base64-js and js-sha256 adapter/javascript
  • #​16750 Google login - add prompt=select_account option core
  • #​19564 response_type none is oidc spec but ignored in the current implementation. oidc
  • #​19750 Use a proper FreeMarker template for the new consoles account/ui
  • #​21072 Make sure identity providers are not send in realm GET requests and PUT requests used in "Realm settings"
  • #​21261 Identity providers: Pagination in account console (and account REST API)
  • #​21342 Upgrade login theme to PatternFly 5 login/ui
  • #​23179 kcadm should have a command to verify connection admin/cli
  • #​23596 Support generated ECDH realm keys oidc
  • #​23597 Support ECDH-ES JWE algorithms oidc
  • #​23771 Automatically hot reload TLS certificates when https-certificate-file or https-certificate-key-file changes on disk dist/quarkus
  • #​24815 Hostname config check on welcome page
  • #​25391 Improve auto behavior with operator and --optimized
  • #​25541 Add an option for a custom welcome page to disable bootstrapping of admin account welcome/ui
  • #​26262 Remove need to update Quarkus tests when profile features change dist/quarkus
  • #​26470 Add a field to the RealmImportSpec to toggle replacing ENV variable placeholders
  • #​27040 [keycloak-js] Expose didInitialize as a public method/property adapter/javascript
  • #​27298 Validate spi options wrt build / run time dist/quarkus
  • #​27432 Document how to specify CPU and memory limits/requests for the Operator operator
  • #​27884 Automatic update of bcfips versions in the docs docs
  • #​27947 Rename Dockerfile to Containerfile in the docs docs
  • #​28017 Un-friendly error message for Fail Import option in keycloak GUI import-export
  • #​28140 External Infinispan as cache - Part 1
  • #​28311 Detect clients which refresh their access tokens too early
  • #​28581 Support OpenTelemetry tracing
  • #​28648 External Infinispan as cache - Part 2
  • #​28754 External Infinispan as cache - Part 3 / login failures cache
  • #​28755 External Infinispan as cache - Part 4 / user + client sessions online + offline
  • #​29200 Clarify import/export usage of options
  • #​29258 Support pod affinity settings in the Keycloak Operator operator
  • #​29303 Active/Active XSite fencing
  • #​29394 Infinispan Protostream
  • #​29480 GET users endpoint is making lots of requests to the database storage
  • #​29665 Please clarify in the docs that the replacement of KC_PROXY=edge is not just KC_PROXY_HEADERS, but one MUST set KC_HTTP_ENABLED=true.
  • #​29698 Improve SAML2 Metadata Validation Exception messages saml
  • #​29725 VC issuance in Authz Code flow with considering “scope” parameter oid4vc
  • #​29974 Add support of RTL UI in login pages login/ui
  • #​29986 private AuthzClient.createPatSupplier
  • #​30003 Bootstrapping an admin user or service account at server startup dist/quarkus
  • #​30004 Bootstrapping an admin user or service account using the Operator operator
  • #​30010 Update the welcome page to create a temporary admin user dist/quarkus
  • #​30094 Do not inherit 'https-client-auth' property for the management interface
  • #​30118 Admin UI - Fixed save buttons on the bottom at the page
  • #​30165 Handle proxy related env vars in the Operator operator
  • #​30243 Protobuf schema compatibility check (maven plugin)
  • #​30267 Protect the disabling of the main keycloak account admin/api
  • #​30286 Add missing translation for oid4vc protocol
  • #​30337 Introduce packages for organization tests organizations
  • #​30338 Refactor organization tests organizations
  • #​30346 Enhance masking around config-keystore dist/quarkus
  • #​30419 Credential Issuer Metadata: Support Optional ```claims``` Object in ```credential_configurations_supported``` in ```openid-credential-issuer``` endpoint oid4vc
  • #​30445 Batch cluster events
  • #​30454 Server crash when using kc.sh with -Dkeycloak.profile=experimental dist/quarkus
  • #​30525 Enhance Verifiable Credential Signing Service Flexibility and Key Rotation oid4vc
  • #​30537 Document how Admin REST API endpoints work with Hostname config docs
  • #​30542 Use correct scope within maven-plugin core
  • #​30623 Make sure not possible to import jakarta classes in admin-client-jee admin/client-java
  • #​30629 Cleanup dependencies of keycloak-client-registration-api to not have dependency on server admin/client-java
  • #​30707 prevent removing the flow when used by client flow overrides authentication
  • #​30743 Make sure users created through a registration link are managed members organizations
  • #​30746 Allow auto-redirect existing users federated from organization broker when using the username organizations
  • #​30747 Support for members joining multiple organizations organizations
  • #​30829 Print keycloak's server response when using keycloak-admin-client admin/client-js
  • #​30855 Make persistent user sessions and external Infinispan co-exist
  • #​30856 Remove inclusive language foreword docs
  • #​30873 Exchange VC Format class for String constantns oid4vc
  • #​30880 Add vault support to JavaKeystoreKeyProvider core
  • #​30907 Implement advanced verification of SD-JWT in Keycloak oid4vc
  • #​30918 VerifiableCredential: Exchange java.util.Date for java.time.Instant oid4vc
  • #​30924 Keycloak Operator should use the port name and not the port number for the ingress operator
  • #​30931 Enable ProtoStream encoding for External Infinispan feature
  • #​30934 Drop `AuthenticatedClientSessionStore` from user sessions
  • #​30995 Document LDAP connection pool configuration
  • #​30999 Make ProofType for CredentialRequest a string instead of enum oid4vc
  • #​31005 Override of begin transaction in AbstractKeycloakTransaction
  • #​31006 Conditionally redirect existing users to a broker based on their credentials organizations
  • #​31029 Refactor HA guide
  • #​31046 ConditionalRemove interface for External Infinispan feature
  • #​31056 Avoid iterating and updating all group policies when removing groups authorization-services
  • #​31064 Add simple cache to cache-local.xml
  • #​31076 Oauth2GrantType.Context requires getter-methods oidc
  • #​31086 Manipulate redirect on OpenID redirect with custom implementation oidc
  • #​31183 Show Display Name (if available) and Realm Id on Realm Dropdown Button admin/ui
  • #​31226 Release notes for JavaKeystoreProvider updates docs
  • #​31343 Can we remove distribution/feature-packs directory? adapter/jee
  • #​31388 [Organizations] Add a count() method to the OrganizationMembersResource core
  • #​31390 Allow custom login themes to define a footer ftl fragment login/ui
  • #​31438 Support for authenticating and issuing tokens in the context of a organization organizations
  • #​31489 Remove keycloak-undertow-adapter-spi adapter/saml
  • #​31491 Add a deprecation warning when old `KEYCLOAK_ADMIN`, `KEYCLOAK_ADMIN_PASSWORD` env vars are used dist/quarkus
  • #​31513 Support lightweight access tokens for Admin REST API oidc
  • #​31514 Allow Embedded Cache sizes to be configured via the CLI
  • #​31547 Use correct error code in error response in token exchange token-exchange
  • #​31548 Add issued_token_type to token-exchange response token-exchange
  • #​31581 Allow optional inclusion of Issue At TIme (iat) and Not Before (nbf) claim to a verifiable credential oid4vc
  • #​31625 import placeholders should be converted to an option
  • #​31648 Change default name of bootstrap service account dist/quarkus
  • #​31670 Make sure the storage provider ID is always available from `UserModel.getFederationLink`
  • #​31676 Upgrade to Quarkus 3.13.2 dist/quarkus
  • #​31681 Add x5c and jwk header to JWSBuilder oidc
  • #​31699 Optimize Remote Infinispan performance on removal of entry
  • #​31701 Optimize CPU cycles for persistent sessions
  • #​31725 Revoked tokens table is missing an index
  • #​31766 Client Policy - Condition : Client - Client Attribute oidc
  • #​31786 The console takes a very long time to display group members with LDAP provider ldap
  • #​31807 Simplify enabling MULTI_SITE setup in KC26
  • #​31816 Class CertificateUtils should support creation of EC certificates oidc
  • #​31845 JavaScript build should not cache Keycloak Java artifacts and should rotate PNPM cache
  • #​31876 Non clustered Keycloak with External Infinispan feature
  • #​31894 Redirect after cancelling a required action should contain kc_action parameter authentication
  • #​31908 Add docs for the OpenTelemetry tracing docs
  • #​31932 Upgrade to next Quarkus LTS dist/quarkus
  • #​31963 Upgrade to Infinispan 15.0.7.Final
  • #​32023 Add ECDH-ES encyption algorithms to the java keystore key provider core
  • #​32033 References to removed artifacts and obsolete properties in root pom.xml
  • #​32056 OTEL: Service name isn't configurable and doesn't comply with conventions
  • #​32095 OTEL: Dynamic service name for tracing in K8s environment operator
  • #​32131 Remove session related caches from external Infinispan in HA guide
  • #​32158 Add an endpoint to the `organizations` endpoint to return the organizations for a given user organizations
  • #​32188 Quarkus IDE Debugging should set JVM options like kc.sh
  • #​32198 error message "Address already in use" should state which address/port in particular
  • #​32231 OTEL: Profile Feature dist/quarkus
  • #​32265 Enable persistent sessions by default
  • #​32273 Optimize Persistent Sessions SQL for session list
  • #​32312 Relocate Quarkus resteasy-reactive dependencies to REST
  • #​32314 Syslog: add necessary options to cover the major usability dist/quarkus
  • #​32328 Upgrade to Infinispan 15.0.8
  • #​32343 Upgrade Keycloak's sizing guide for KC26 and persistent sessions
  • #​32387 Documentation for persistent sessions enabled by default
  • #​32388 Make update IdentityProvider admin REST API more efficient.
  • #​32389 Upgrade to Quarkus 3.13.3 dist/quarkus
  • #​32416 Skip creating sessions cache when Persistent Sessions is enabled
  • #​32428 Performance optimization when checking secure context
  • #​32517 Upgrade to Quarkus 3.14.2 dist/quarkus
  • #​32525 Document Syslog app-name option
  • #​32579 Set autocomplete="one-time-code" in OTP login form login/ui
  • #​32582 Remove tables `user_session`, `user_session_note` and `client_session`
  • #​32583 Review the number indexes for offline session tables
  • #​32586 Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 dependencies
  • #​32588 Search Identity Providers by alias or display name
  • #​32590 Remove `version()` projection from Ickle Queries
  • #​32596 Rename `remote-cache` Feature
  • #​32619 Possibility to separately specify log levels for log handlers
  • #​32683 Optimize LogoutEndpoint.backchannelLogout endpoint identity-brokering
  • #​32717 Make it explicit which options are needed when using optimized image with the Operator operator
  • #​32745 Review the RTO and RPO in the multi-site docs after the A/A failure and recovery tests
  • #​32746 Add organization id to the organization claim of the access token
  • #​32803 Update the HA guide with fencing lambda taking Infinispan caches offline
  • #​32804 Remove `org.keycloak.utils.ProxyClassLoader`
  • #​32845 Add client side password policy checks
  • #​32852 Prevent deadlocks on concurrent user updates
  • #​32863 Redirect to relative-path from the root path dist/quarkus
  • #​32906 Reduce the cost of updating user attributes in JPA store core
  • #​32968 [OID4VCI] Show OpenID4VCI Credential Issuer Metadata link in admin ui oid4vc
  • #​32970 Upgrade to Quarkus 3.14.4 dist/quarkus
  • #​33010 Bootstrap admin client should use lightweight access tokens dist/quarkus
  • #​33015 FolderThemeProvider should select theme from available themes core
  • #​33040 Provide more information when there is an error to possibly debug
  • #​33143 Add the Troubleshooting and Health checks guide to Keycloak
  • #​33163 Use INFO Log Level for status in Migration Logic in DefaultMigrationManager
  • #​33201 [Organizations] Allow orgs to define the redirect URI after user registers or accepts invitation link organizations
  • #​33203 Explicitly document that the Operator does not create an Ingress for Admin URL operator
  • #​33325 Refactor loading resources from themes
  • #​33384 Document supported configurations and limitations for multi-site
  • #​33405 Use feature versions for admin3, account3, and login2
  • #​33426 Minor tweaks in SAML documentation adapter/saml
  • #​33515 Use `crypto.randomUUID()` to generate UUIDs for Keycloak JS adapter/javascript

Bugs

Copy link

@renovate renovate bot closed this Oct 12, 2024
@renovate renovate bot deleted the renovate/keycloak-js-26.x branch October 12, 2024 02:25
Copy link

codecov bot commented Oct 12, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.04%. Comparing base (e396f6a) to head (1d14369).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4005   +/-   ##
=======================================
  Coverage   80.04%   80.04%           
=======================================
  Files         302      302           
  Lines       11477    11477           
  Branches      549      549           
=======================================
  Hits         9187     9187           
  Misses       2105     2105           
  Partials      185      185           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@bcgov-wps
Copy link
Collaborator Author

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 26.x releases. But if you manually upgrade to 26.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants