Change8

26.5.1

📦 keycloakView on GitHub →
3 features🐛 14 fixes🔧 3 symbols

Summary

This release focuses on numerous bug fixes across the Admin UI, authentication, SAML, and database upgrades. Key enhancements include performance improvements and expanded realm management capabilities from the master realm.

Migration Steps

  1. Refer to the migration guide for a complete list of changes: https://www.keycloak.org/docs/latest/upgrading/#migration-changes

✨ New Features

  • #44863: Added x-robots HTTP header for static Keycloak resources and REST endpoint responses.
  • #45009: Performance improvement via missing indexes added to BROKER_LINK table columns.
  • #45182: Allows full management of realms from the master realm without requiring the global admin role.

🐛 Bug Fixes

  • #43975: Fixed Maven execution failure in Test Framework when reading scripts/default-policy.js.
  • #44371: Resolved 403 Forbidden error when assigning realm-management client roles despite FGAP being disabled (regression in 26.4.0+).
  • #44417: Fixed security issue in Organization feature that exposed and automatically filled the account name in the user/password form.
  • #44783: Fixed missing Create Realm button for users possessing the create-realm role in the Admin UI.
  • #44860: Improved slow response time when listing the second page of users in the Admin UI.
  • #45003: Fixed NullPointerException (NPE) bug in JWTClientAuthenticator and JWTClientSecretAuthenticator.
  • #45093: Enabled visibility of the Role Mapping tab for users who only have the view-users role in the Admin UI.
  • #45107: Corrected invalid SQL statements generated during manual database upgrade for version 26.4.7.
  • #45116: Fixed Admin Console rendering failure for realm-level administrators since version 26.3.0.
  • #45185: Fixed ExternalLinkTest failure due to missing _adding_context_for_log_messages anchor.
  • #45226: Resolved failure when decrypting SAML Response since version 26.5.0.
  • #45239: Fixed failure during upgrade to 26.5.0 caused by FK_ORG_INVITATION_ORG constraint.
  • #45257: Fixed failure when creating an IdentityProvider using the latest Java admin-client against Keycloak server 26.4 or older.
  • #45307: Fixed broken WebAuthn passkey list display in the keycloak v2 theme.

Affected Symbols

BROKER_LINKJWTClientAuthenticatorJWTClientSecretAuthenticator