Keycloak

This release focuses heavily on security fixes, addressing several CVEs related to token grants and authorization checks. It also includes numerous bug fixes addressing memory consumption, client token refreshing, and CI/testing stability.

This release focuses heavily on security fixes, addressing several CVEs related to request smuggling, thread exhaustion, and unauthorized token issuance. It also includes numerous bug fixes across core components like Infinispan, OIDC, and database migrations.

This release focuses on numerous bug fixes across the Admin UI, authentication, SAML, and database upgrades. Key enhancements include performance improvements and expanded realm management capabilities from the master realm.

This release introduces preview features like Workflows and JWT Authorization Grants, enhances administration with organization invitation management, and adds OpenTelemetry support. It also provides documentation updates and security standard compliance improvements.

This release focuses on bug fixes for SAML initialization and group permission handling, alongside an upgrade to Quarkus 3.27.1 and documentation enhancements.

This release introduces a security enhancement by filtering LDAP referrals by default and resolves numerous bugs across security, infinispan, UI, and CI components.

This release focuses on resolving numerous bugs across various components, including flaky tests, database migration issues, user profile handling, and administrative UI regressions.

This release introduces several enhancements, including workflow role authorization and email verification rate limiting, alongside numerous bug fixes addressing issues in UI, LDAP handling, session management, and fine-grained permissions (FGAP).

This release includes enhancements such as SPIFFE support for OIDC JWK endpoints and resolves several bugs across CI, authentication, identity brokering, UI, and core server functionality.

This release introduces security enhancements, notably disabling Secure Client-Initiated Renegotiation by default in Quarkus distributions, and resolves numerous bugs across authentication, token exchange, UI, and persistence layers.

This release introduces significant security and standards enhancements, including Passkeys, full DPoP support, and FAPI 2 Final compliance. It also adds integration improvements like Federated Client Authentication (preview) and automatic certificate management for SAML clients.

This release upgrades Keycloak to Quarkus 3.20.3 LTS and removes the explicit MariaDB connector dependency. Several security vulnerabilities related to Netty were also addressed.

This release focuses on stability and security by resolving numerous bugs across core functionality, authentication, and the admin UI. Key enhancements include upgrading to Quarkus 3.20.2.2 and improving multithreading safety.

This release focuses on stability, upgrading core dependencies like Quarkus and Infinispan, and resolving numerous bugs across LDAP synchronization, OIDC flows, cluster stability, and documentation errors. Several template and API backward incompatibilities were introduced or fixed.

This release introduces a new option for OIDC IDP authentication and includes numerous bug fixes, dependency upgrades (including Infinispan 15.0.18.Final), and CI stability improvements.

This release includes an upgrade to Infinispan 15.0.16.Final and addresses several bugs related to realm importing, concurrent group loading, TLS configuration, and login failures when web-authn is disabled.

This release introduces major stability and performance improvements, including making 2FA recovery codes a supported feature and optimizing import/export performance. Key enhancements focus on developer experience through streamlined WebAuthn/Passkey registration and broader identity brokering capabilities.

This release focuses heavily on bug fixes across various components including UI, API, documentation, and performance improvements related to session handling in Infinispan. It also addresses several documentation inconsistencies and CI issues.

This release includes several bug fixes addressing issues in UI performance, token refresh, database constraints, and networking configurations. It also clarifies documentation regarding podman usage.

This release introduces the ability to log details and representation to the jboss-logging listener and resolves numerous bugs across UI, core, and various components like LDAP and OIDC flows.

This release introduces configuration for the distribution startup timeout and resolves several critical bugs, including security vulnerabilities related to 2FA bypass and hostname verification.

This release focuses primarily on bug fixes across various components including fine-grained permissions, operator stability, storage migration, and documentation clarity. Enhancements include better documentation for the operator's Auto update strategy.

This release introduces major features including support for Standard token exchange and Fine-grained admin permissions V2, alongside significant security and operational enhancements like zero-configuration secure cluster communication and ECS log format support.

This release upgrades Keycloak to Quarkus 3.15.4 and includes numerous bug fixes across UI, core, OTel configuration, and authentication flows. Users should review the migration guide before upgrading.

This release includes an upgrade to Infinispan 15.0.14 and several bug fixes across the admin UI, API, storage, and distribution layers. Admins can now disable automatic refresh of event views.

This release introduces a security enhancement to force federated users to re-login after resetting credentials by defaulting the 'force-login' option to 'only-federated' in the reset email authenticator. It also resolves numerous bugs across UI, authentication, storage, and addresses several CVEs.

This release drops support for end-of-life Node.js versions and includes several bug fixes related to connection termination, CI status, JDBC ping, latency, client registration, and pod unresponsiveness after upgrades.

This release introduces new configuration options for the X.509 authenticator regarding CRL validation and forcing login after credential reset. It also includes numerous bug fixes across UI, documentation, LDAP integration, and CI stability.

This release defaults cluster discovery to the more cloud-friendly \`jdbc-ping\` transport stack and fully supports OpenTelemetry Tracing. It also introduces Virtual Threads support on OpenJDK 21 and adds OIDC standard support for initiating user registration via \`prompt=create\`.

This release introduces enhancements like showing User Events on a dedicated tab and supporting autocomplete on the Username Form. It also resolves numerous bugs across various components, including database migrations, UI issues, and security vulnerabilities (CVEs).