Change8

26.1.1

📦 keycloakView on GitHub →
2 features🐛 26 fixes🔧 7 symbols

Summary

This release introduces new configuration options for the X.509 authenticator regarding CRL validation and forcing login after credential reset. It also includes numerous bug fixes across UI, documentation, LDAP integration, and CI stability.

Migration Steps

  1. Refer to the migration guide at file:/home/runner/work/keycloak-rel/keycloak-rel/target/web/docs/latest/upgrading/index.html#migration-changes for a complete list of changes before upgrading.

✨ New Features

  • Added a new option `x509-cert-auth-crl-abort-if-non-updated` (CRL abort if non updated) to the X.509 authenticator to abort login if the Certificate Revocation List (CRL) is outdated based on its next update field.
  • The `reset-credential-email` authenticator now includes a new option `force-login` (Force login after reset) which, when set to true, terminates the session and forces a new login after the user resets their credentials.

🐛 Bug Fixes

  • Cleaned up old release code from Node.js adapter repository (#552).
  • CreatedResponseUtil.getCreatedId now exposes the actual error message from the server (#34343).
  • Removed Node.js adapter documentation from the main repository (#36440).
  • Clarified IPv6 JGroups requirements in Keycloak documentation (#36456).
  • Added detail on dependencyManagement section for POM files (#36798).
  • Fixed issue where draft nightly untagged release was created by "Release nightly" GH action (#558).
  • Corrected {project_versionNpm} expression resolution in documentation (#562).
  • Fixed translation error in messages_fr.properties (#32766).
  • Resolved issue where LDAP groups were not showing members in Groups when using memberOf attribute (#33477).
  • Fixed issue where Realm was not found even though it exists and works when entered directly in the URL (#36159).
  • Fixed deployment artifacts for Quarkus extensions not being in the deployment directory (#36460).
  • Corrected wrong link for tracing in 26.1.0 release notes (#36483).
  • Fixed issue where the organization claim did not appear if the Organization Membership Mapper was added via a custom client scope (#36514).
  • Fixed WebAuthN and dark mode issue where device icons were hardly readable (#36531).
  • Fixed issue where keycloak.v2 forms were too small for mobile view (#36559).
  • Fixed issue where all IDPs were shown when reloading the login page (#36629).
  • Resolved issue where login_hint did not prefill the email field on the identity-first login page when the organizations feature was enabled (#36649).
  • Fixed issue where --spi-connections-liquibase-default-index-creation-threshold did not work (#36669).
  • Corrected links error for https://jwt.io in documentation (#36675).
  • Fixed logging errors on DB transaction retries (#36728).
  • Resolved conflict when Keycloak uses an OpenShift cluster ingress certificate (#36745).
  • Fixed flaky CI tests related to WebAuthn transport locale and security keys (#36781, #36782, #36902).
  • Fixed issue where organization claim did not appear when Organization Membership Mapper was added through a custom client scope (#36514).
  • Fixed bad escape apostrophe character in messages_fr.properties (#36945).
  • Corrected typos in English email message templates (#36988).
  • Fixed failing UI tests (#36998).

Affected Symbols

X.509 authenticatorreset-credential-emailCreatedResponseUtil.getCreatedIdLDAP groupsWebAuthNkeycloak.v2 forms--spi-connections-liquibase-default-index-creation-threshold