keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-04-11 12:06:31 -04:00

Author	SHA1	Message	Date
Marek Posolda	f29249f3d7	Improve performance of scope processing in TokenManager. Limit for maximum length of OIDC parameters in Token endpoint (#478 ) (#47799 ) closes #47716 Closes CVE-2026-4634 (cherry picked from commit `b455ee4f28`) Signed-off-by: mposolda <mposolda@gmail.com>	2026-04-07 11:17:17 +02:00
Rahul Ramkumar	799699a808	Add KCRAW_ prefix for environment variables to preserve literal values (#47197 ) Closes #46657 Signed-off-by: Rahul Ramkumar <rahulram226@gmail.com>	2026-04-07 10:12:18 +02:00
Alexander Schwartz	dee672728a	Fixing link as it has changed and is redirecting (#47793 ) Closes #47792 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-04-07 09:52:45 +02:00
Alexander Schwartz	97fce120ac	Finalizing release notes and migration guide for 26.6 (#47791 ) Closes #47790 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-04-07 09:44:13 +02:00
Steven Hawkins	51b6f9b291	fix: promotes keycloak and realm import to v2beta1 (#45840 ) closes: #45795 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2026-04-04 16:46:28 +02:00
Giuseppe Graziano	46d1c4fa5a	Sender constrained tokens for token exchange Closes #46092 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-04-01 10:23:51 +02:00
Alexander Schwartz	ec07458cd5	Disable async startup when health probe is not enabled Closes #47416 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-03-26 10:11:07 -03:00
Arman Taheri	9dbdde84d6	fix typo in documents (#47420 ) Closes #47412	2026-03-25 08:01:25 +00:00
Martin Bartoš	6db7608697	Missing release notes entry for OpenTelemetry span attributes location change (#47333 ) Closes #47332 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-03-21 20:44:03 +01:00
Ricardo Martin	b93695eb90	Add versioning to identity brokering api feature (#47281 ) Closes #47254 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-20 16:55:56 +01:00
Steven Hawkins	29d00b07f3	fix: use `to` values ahead of keycloak defaults (#46871 ) * fix: use `to` values ahead of keycloak defaults closes: #46728 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/documentation/upgrading/topics/changes/changes-26_6_0.adoc Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * Apply suggestion from @shawkins Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-03-20 14:42:49 +01:00
Pedro Ruivo	c93b6a7e6c	Asynchronous server initialization Closes #47187 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com>	2026-03-19 21:23:46 +01:00
Ruchika Jha	37c9fd4de0	Added implementation for CLI option for database connection timeout and provide it into quarkus.datasource.jdbc.login-timeout Closes #47140 Signed-off-by: Ruchika <ruchika.jha1@ibm.com>	2026-03-19 21:04:35 +01:00
Peter Skopek	d11136f671	Separate password and OTP brute force protection to prevent OTP bypass attacks by default Closes #46164 Signed-off-by: Peter Skopek <peter.skopek@ibm.com> Update model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/remote/updater/loginfailures/LoginFailuresUpdater.java Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com> Signed-off-by: Peter Skopek <peter.skopek@ibm.com> Add recovery codes to the list of brute force checked authenticators. Closes #46164 Signed-off-by: Peter Skopek <peter.skopek@ibm.com>	2026-03-17 18:57:37 +01:00
Ricardo Martin	3c7582f318	Broker token API for saml (#47087 ) Closes #46589 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-17 18:29:48 +01:00
Alexander Schwartz	ac89a8c5e5	Move migration changes to already published release Closes #47217 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-03-17 15:01:13 +01:00
Ricardo Martin	a712d01234	Change links from issues.redhat.com to redhat.atlassian.net (#47181 ) Closes #47179 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-16 14:58:08 +01:00
Pedro Ruivo	94fb77b821	Update release notes with DB TLS options Closes #47105 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2026-03-13 11:04:23 +01:00
Ruchika Jha	efa2df641c	Added implementation for setting a default connection timeout for all databases types Closes #46809 Signed-off-by: Ruchika <ruchika.jha1@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-03-12 14:45:38 +01:00
Ryan Emerson	942fe0dfb2	Infinispan 16.0.8 Closes #47008 Signed-off-by: Ryan Emerson <remerson@ibm.com>	2026-03-10 14:43:44 +01:00
Martin Kanis	a6b31e879f	SCIM Track the last time a resource was modified Closes #46223 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2026-03-10 14:41:07 +01:00
Václav Muzikář	5c062a9e59	Downgrade server container image back to OpenJDK 21 (#46813 ) * Downgrade server container image back to OpenJDK 21 Closes #46812 Signed-off-by: Václav Muzikář <vmuzikar@ibm.com> * Remove JDK downgrade note, rename attribute Signed-off-by: Václav Muzikář <vmuzikar@ibm.com> --------- Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>	2026-03-10 14:26:11 +01:00
Pedro Igor	14a3bc00ad	Stricter access control for managing permission tickets Closes #46723 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-03-08 12:45:34 +01:00
Sebastian Łaskawiec	35d725fe1b	Moved adding Kubernetes/OpenShift CAs to the server (#44506 ) * Kubernetes Truststore moved to the server Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com> * Update quarkus/config-api/src/main/java/org/keycloak/config/TruststoreOptions.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * addressing review comments and updating upgrade instructions Signed-off-by: Steve Hawkins <shawkins@redhat.com> * updating help command output Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/guides/server/keycloak-truststore.adoc Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com> * Comments addressed Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com> * lint errors fix Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com> * Update docs/documentation/upgrading/topics/changes/changes-26_6_0.adoc Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2026-03-04 16:39:10 +01:00
Ruchika Jha	8fc6af9b77	Changes for MSSQL Server, set sendStringParametersAsUnicode to false by default Closes #46556 Signed-off-by: Ruchika <ruchika.jha1@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>	2026-03-03 14:51:14 +00:00
Pedro Igor	9d5a42cc7f	Stricter access control for listing realm and client roles Closes #45653 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-03-03 13:58:41 +00:00
Pedro Igor	f4cbc6f075	Stricter access control when fetching user profile configuration and metadata Closes #45493 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-03-03 13:35:37 +01:00
Pedro Ruivo	e5535d218b	Map transaction timeout to database lock timeout Closes #46671 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-03-03 12:30:30 +01:00
rmartinc	7e9212bb76	Do not select disabled IdPs in the DefaultAlternativeLookupProvider Closes #46309 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-03 09:41:29 +01:00
Pedro Ruivo	33ff9f1b71	Check the Unicode setup of the database on startup Closes #46557 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-03-01 14:15:44 +01:00
Pedro Ruivo	9430a3f928	Add CLI option for tx and migration timeout Closes #19453 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2026-02-27 16:11:18 +00:00
Marie Daly	193a423571	invalid_grant errors now return HTTP 400 (#46528 ) Closes #45812 Signed-off-by: Marie Daly <marie.daly1@ibm.com> Signed-off-by: Marie Daly <mdaly@redhat.com> Co-authored-by: Ricardo Martin <rmartinc@redhat.com>	2026-02-25 18:03:36 +01:00
Pedro Ruivo	be175346cd	Aggregate client-id field for improved Infinispan query Closes #46471 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2026-02-23 16:43:23 +01:00
Ricardo Martin	4f90ef67f6	Limit the inflating size for the SAML redirect binding Closes #46372 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-17 18:40:11 +00:00
Michal Vavřík	8e816f749c	feat: Update container images to use OpenJDK 25 (#46386 ) This PR is mostly based on `303446b465`. Additionally, I made few tweaks to documentation and introduce a doc variable for the recommended Java version so limit required changing when migrating the recommended JDK version. * Closes: https://github.com/keycloak/keycloak/issues/45830 Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>	2026-02-17 15:35:46 +01:00
Pedro Ruivo	d04d833ec5	Update external Infinispan metrics documentation Closes #46390 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-02-17 10:34:17 +00:00
Ruchika Jha	f92c27e26d	Make rolling updates for patch releases fully supported and Updated docs, release notes and upgrading guide for zero-downtime patch releases Closes #45381 Closes #45756 Signed-off-by: Ruchika <ruchika.jha1@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-02-16 15:11:16 +00:00
Ruchika Jha	e82e107b85	Enable graceful HTTP shutdown and document default behavior Closes #43589 Signed-off-by: Ruchika <ruchika.jha1@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-02-13 14:28:49 +00:00
Ricardo Martin	bef8f7f0fd	Move upgrading note for the serverinfo to 26.5.4 Closes #46267 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-12 14:50:45 +01:00
Marie Daly	7d6108d4b9	Redirect Wildcard changes and more https checks to secure-client-executor (#46082 ) Closes #45587 Signed-off-by: Marie Daly <marie.daly1@ibm.com>	2026-02-10 13:00:06 +01:00
rmartinc	d701329f49	Move upgrading note for SAML to 26.5.4 Closes #46150 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-10 11:01:45 +01:00
Ricardo Martin	f0381f8482	Check SubjectConfirmationData element for bearer type Closes #45646 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-10 08:20:17 +01:00
Pedro Ruivo	02c6499d96	Deprecate unused methods in UserSessionProvider Closes #45823 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2026-02-06 19:04:19 +01:00
rmartinc	69fabcf902	Documentation changes to deprecate Token Exchange V1 Closes #45792 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-05 17:32:04 +01:00
Martin Bartoš	3e568fc81b	OTEL: Use suggested 'code.function.name' for span attributes Closes #45944 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2026-02-03 15:56:48 +01:00
rmartinc	d4e9b16ea9	Include version in system-info for manage-realm and restrict view-system mapping Closes #45776 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-02 12:40:57 +01:00
Pedro Ruivo	bae3963d25	Refactor SessionsResource for better memory usage and performance Closes #45727 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-29 11:38:54 +01:00
Pedro Igor	b9243a7270	Only enable JS policies if the scripts feature is enabled Closes #44132 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-28 12:28:32 +01:00
Steven Hawkins	38b5466093	fix: aligns our dev http-host default behavior with that of quarkus (#45691 ) closes: #42876 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com>	2026-01-27 16:51:47 +01:00
Steven Hawkins	77704a91b6	fix: adding support for xforwarded prefix (#45699 ) closes: #35298 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2026-01-26 18:14:54 +01:00

1 2 3 4 5 ...

456 commits