26.2.0

✨ New Features

• Added support for Standard token exchange, initially limited to exchanging Internal token to internal token compliant with RFC 8693.
• Introduced support for Fine-grained admin permissions Version 2 (V2), allowing centralized management via a new "Permissions" section in the Admin Console.
• V2 Fine-grained admin permissions support resource-specific and global permissions, and explicit operation scoping.
• Fine-Grained Admin Permissions can now be enabled on a per-realm basis.
• Observability guides now include a guide on displaying Keycloak metrics in Grafana, featuring troubleshooting and capacity planning dashboards.
• Cluster communication between nodes for all TCP-based transport stacks is now encrypted with TLS and secured using automatically generated ephemeral keys and certificates (Zero-configuration secure cluster communication).
• Keycloak Operator now supports rolling updates for optimized or customized images if the old and new images contain the same Keycloak version, provided the "Auto" update strategy is enabled.
• The Update Compatibility Tool is available on the Keycloak command line to check rolling update compatibility.
• Admin Events API now supports filtering using Epoch timestamps in addition to yyyy-MM-dd format.
• Admin Events API added a "direction" query parameter (asc or desc) to control the order of returned events.
• Admin Events API now includes the unique event identifier ("id") in the returned representations.
• All available log handlers now support ECS (Elastic Common Schema) JSON format.
• A new Infinispan cache named "crl" has been introduced to cache Certificate Revocation Lists (CRLs) used by the X.509 authenticator, improving validation performance.