Skip to content

ramshazar/keycloak-private-jira-issues

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

List of Keycloak CVEs

nvd.nist.gov

Private JIRA Issues

15.0.2

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-19038 KEYCLOAK-19038 Reload user after being updated https://issues.redhat.com/browse/KEYCLOAK-19038
KEYCLOAK-19039 KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper https://issues.redhat.com/browse/KEYCLOAK-19039

15.0.1

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-18949 KEYCLOAK-18949 DirectGrant login should fail if authenticationSession contains some required actions https://issues.redhat.com/browse/KEYCLOAK-18949
KEYCLOAK-18964 KEYCLOAK-18964 MetricsRestServiceTest contains wrong health check message https://issues.redhat.com/browse/KEYCLOAK-18964

15.0.0

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-18597 KEYCLOAK-18597 Product distribution ZIP does not include rh-sso-7.5 folder https://issues.redhat.com/browse/KEYCLOAK-18597
KEYCLOAK-7724 KEYCLOAK-7724 User Profile default validations https://issues.redhat.com/browse/KEYCLOAK-7724
KEYCLOAK-16996 KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients https://issues.redhat.com/browse/KEYCLOAK-16996
KEYCLOAK-18893 KEYCLOAK-18893 Adapters tests for EAP6 are failing https://issues.redhat.com/browse/KEYCLOAK-18893
KEYCLOAK-18685 KEYCLOAK-18685 Style in RH-SSO login screen is broken https://issues.redhat.com/browse/KEYCLOAK-18685
KEYCLOAK-16534 KEYCLOAK-16534 -> New quickstarts scripts folder. https://issues.redhat.com/browse/KEYCLOAK-16534
KEYCLOAK-18699 KEYCLOAK-18699 Brand logo is not found for admin console (#8255) https://issues.redhat.com/browse/KEYCLOAK-18699
KEYCLOAK-18391 KEYCLOAK-18391 CIBATest failures https://issues.redhat.com/browse/KEYCLOAK-18391
KEYCLOAK-18560 KEYCLOAK-18560 NoClassDefFoundError: Could not initialize class org.keycloak.util.JWKSUtils https://issues.redhat.com/browse/KEYCLOAK-18560
KEYCLOAK-18505 KEYCLOAK-18505 ConfigMigrationTest failures https://issues.redhat.com/browse/KEYCLOAK-18505

14.0.0

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-18464 [KEYCLOAK-18464] - Failures when running without tls and remote https://issues.redhat.com/browse/KEYCLOAK-18464
KEYCLOAK-18102 KEYCLOAK-18102 - set specific jpa schema. https://issues.redhat.com/browse/KEYCLOAK-18102
KEYCLOAK-18406 KEYCLOAK-18406 SAMLServletAdapterTest failures https://issues.redhat.com/browse/KEYCLOAK-18406
KEYCLOAK-18393 KEYCLOAK-18393 SAMLAdapterCrossDCTest failures https://issues.redhat.com/browse/KEYCLOAK-18393
KEYCLOAK-18442 KEYCLOAK-18442 LifespanAdapterTest - duplicate resources https://issues.redhat.com/browse/KEYCLOAK-18442
KEYCLOAK-18391 KEYCLOAK-18391 CIBATest failure https://issues.redhat.com/browse/KEYCLOAK-18391
KEYCLOAK-18368 KEYCLOAK-18368 Invalidate client session after refresh token re-use https://issues.redhat.com/browse/KEYCLOAK-18368
KEYCLOAK-18260 KEYCLOAK-18260 ClientSearchTest.testQuerySearch failure on MSSQL2019 - removed Central European characters from the test https://issues.redhat.com/browse/KEYCLOAK-18260
KEYCLOAK-18249 KEYCLOAK-18249 WelcomePageTest fails on MSSQL 2019 - removed reference to FK_P56CTINXXB9GSK57FO49F9TAC from the DropAllServlet https://issues.redhat.com/browse/KEYCLOAK-18249
KEYCLOAK-14540 KEYCLOAK-14540 Determine project/product name https://issues.redhat.com/browse/KEYCLOAK-14540
KEYCLOAK-13757 KEYCLOAK-13757 fix for KEYCLOAK-18267_KEYCLOAK-17254 https://issues.redhat.com/browse/KEYCLOAK-13757
KEYCLOAK-13757 KEYCLOAK-13757 update JDG version to 8.1 - testsuite updates https://issues.redhat.com/browse/KEYCLOAK-13757
KEYCLOAK-17254 [KEYCLOAK-17254] Adaptively add the default modular JVM options to the "javaVmArguments" to start the cache server container with, if the JVM used to run the cache server is modular (JDK 9+) https://issues.redhat.com/browse/KEYCLOAK-17254
KEYCLOAK-18267 [KEYCLOAK-18267] Fix 'java.lang.NoClassDefFoundError: Could not initialize class org.jboss.marshalling.river.RiverMarshaller' error for: https://issues.redhat.com/browse/KEYCLOAK-18267
KEYCLOAK-18337 KEYCLOAK-18337 FAPI1Test fails in pipeline with auth-server-undertow-non-tls https://issues.redhat.com/browse/KEYCLOAK-18337
KEYCLOAK-14515 KEYCLOAK-14515 ModAuthMellonTest fails https://issues.redhat.com/browse/KEYCLOAK-14515
KEYCLOAK-17796 KEYCLOAK-17796 Add options to http-builder to enable expect-continue, and to disable re-use of connections https://issues.redhat.com/browse/KEYCLOAK-17796
KEYCLOAK-18112 KEYCLOAK-18112 Token introspection of the revoked refresh token https://issues.redhat.com/browse/KEYCLOAK-18112
KEYCLOAK-18250 [KEYCLOAK-18250] LDAPSyncTest.test09MembershipUsingDifferentAttributes fails on MySQL 8 and MariaDB 10.3 https://issues.redhat.com/browse/KEYCLOAK-18250
KEYCLOAK-18264 KEYCLOAK-18264 Fix SamlLogoutTest with different consumer and provider url https://issues.redhat.com/browse/KEYCLOAK-18264
KEYCLOAK-16450 KEYCLOAK-16450 X509 Direct Grant Auth does not verify certificate timestamp validity https://issues.redhat.com/browse/KEYCLOAK-16450
KEYCLOAK-18056 KEYCLOAK-18056 exclude test for remote testsuite. https://issues.redhat.com/browse/KEYCLOAK-18056
KEYCLOAK-17683 KEYCLOAK-17683 Use dedicated tmp directory even in unit tests https://issues.redhat.com/browse/KEYCLOAK-17683
KEYCLOAK-17495 KEYCLOAK-17495 Do not include principal in the reference to broker sessionId https://issues.redhat.com/browse/KEYCLOAK-17495
KEYCLOAK-18030 [KEYCLOAK-18030] Upgrade Freemarker https://issues.redhat.com/browse/KEYCLOAK-18030
KEYCLOAK-17322 KEYCLOAK-17322 Align tested databases with EAP 7.4 support matrix https://issues.redhat.com/browse/KEYCLOAK-17322
KEYCLOAK-18059 [KEYCLOAK-18059] Upgrade dev dependencies for the new Account Console (#8020) https://issues.redhat.com/browse/KEYCLOAK-18059
KEYCLOAK-18060 [KEYCLOAK-18060] Upgrade commons-io https://issues.redhat.com/browse/KEYCLOAK-18060
KEYCLOAK-17997 [KEYCLOAK-17997] Upgrade Spring Security https://issues.redhat.com/browse/KEYCLOAK-17997
KEYCLOAK-18001 [KEYCLOAK-18001] Upgrade Apache Ant dependency https://issues.redhat.com/browse/KEYCLOAK-18001

13.0.1

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-17495 KEYCLOAK-17495 Do not include principal in the reference to broker sessionId https://issues.redhat.com/browse/KEYCLOAK-17495

13.0.0

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-17998 [KEYCLOAK-17998] Upgrade PostgreSQL JDBC Driver https://issues.redhat.com/browse/KEYCLOAK-17998
KEYCLOAK-15170 KEYCLOAK-15170 Reset password link is not invalidated if email address is changed https://issues.redhat.com/browse/KEYCLOAK-15170
KEYCLOAK-17989 [KEYCLOAK-17989] Update Jetty to the latest version https://issues.redhat.com/browse/KEYCLOAK-17989
KEYCLOAK-17734 KEYCLOAK-17734 LifespanAdapterTest fails due to header check https://issues.redhat.com/browse/KEYCLOAK-17734
KEYCLOAK-17835 KEYCLOAK-17835 Account Permanent Lockout and login error messages https://issues.redhat.com/browse/KEYCLOAK-17835
KEYCLOAK-17873 KEYCLOAK-17873 FuseUtils - No bundles found for Fuse 7.x https://issues.redhat.com/browse/KEYCLOAK-17873
KEYCLOAK-17457 KEYCLOAK-17457 Failed OfflineServletsAdapterTest https://issues.redhat.com/browse/KEYCLOAK-17457
KEYCLOAK-16913 KEYCLOAK-16913 Fix failed FuseAdapterTest https://issues.redhat.com/browse/KEYCLOAK-16913
KEYCLOAK-17311 KEYCLOAK-17311 - exclude for Remote testsuite https://issues.redhat.com/browse/KEYCLOAK-17311
KEYCLOAK-17302 KEYCLOAK-17302 - exclude for Remote testsuite https://issues.redhat.com/browse/KEYCLOAK-17302
KEYCLOAK-17310. KEYCLOAK-17310. Disabled test in remote environment. (#7898) https://issues.redhat.com/browse/KEYCLOAK-17310.
KEYCLOAK-17215 KEYCLOAK-17215 Slowness issue while hitting /auth/admin/realms/$REALM/clients?viewableOnly=true after DELETE a role https://issues.redhat.com/browse/KEYCLOAK-17215
KEYCLOAK-17100 [KEYCLOAK-17100] Testsuite Wildfly initialization error on Windows [KEYCLOAK-17392] Java CLASSPATH is wrongly parsed on Windows https://issues.redhat.com/browse/KEYCLOAK-17100
KEYCLOAK-16890 KEYCLOAK-16890: Stored XSS attack on new acct console (#7867) https://issues.redhat.com/browse/KEYCLOAK-16890
KEYCLOAK-17033 KEYCLOAK-17033: Reflected XSS attack with referrer in new account console https://issues.redhat.com/browse/KEYCLOAK-17033
KEYCLOAK-16356 KEYCLOAK-16356 update JUnit to the latest version https://issues.redhat.com/browse/KEYCLOAK-16356
KEYCLOAK-16212 KEYCLOAK-16212 - Exclude Remote execution for the LDAPVaultCredentialsTest, fixed broken exclude Remote execution for the LDAPUserLoginTest. https://issues.redhat.com/browse/KEYCLOAK-16212
KEYCLOAK-17301 KEYCLOAK-17301 - fix -> added org.infinispan.commons module into jboss-deployment-structure.xml https://issues.redhat.com/browse/KEYCLOAK-17301
KEYCLOAK-14913 [KEYCLOAK-14913] GitLab Identity Provider shouldn't request for 'api' scope https://issues.redhat.com/browse/KEYCLOAK-14913
KEYCLOAK-14766 KEYCLOAK-14766 - Removed setting default password for LDAPRule configuration https://issues.redhat.com/browse/KEYCLOAK-14766
KEYCLOAK-14483 KEYCLOAK-14483 Broker state param fix https://issues.redhat.com/browse/KEYCLOAK-14483
KEYCLOAK-17125 KEYCLOAK-17125 Update Arquillian drone version to 2.5.2 https://issues.redhat.com/browse/KEYCLOAK-17125
KEYCLOAK-15239 KEYCLOAK-15239 Reset Password Success Message not shown when Kerberos is Enabled https://issues.redhat.com/browse/KEYCLOAK-15239
KEYCLOAK-16517 KEYCLOAK-16517 Make sure that just real clients with standardFlow or implicitFlow enabled are considered for redirectUri during logout https://issues.redhat.com/browse/KEYCLOAK-16517
KEYCLOAK-15849 KEYCLOAK-15849 : auth-remote-server exclude -> removed duplicated annotation, fixed @Test(timeout) bug -> replaced by lambda expression. https://issues.redhat.com/browse/KEYCLOAK-15849
KEYCLOAK-16521 [KEYCLOAK-16521] - Fixing secret for non-confidential clients https://issues.redhat.com/browse/KEYCLOAK-16521
KEYCLOAK-16329 KEYCLOAK-16329 CVE-2020-1695 resteasy: Improper validation of response header https://issues.redhat.com/browse/KEYCLOAK-16329
KEYCLOAK-14366 [KEYCLOAK-14366] - Missing check for iss claim in JWT validation on Client Authentication (Token Endpoint) https://issues.redhat.com/browse/KEYCLOAK-14366
KEYCLOAK-16939 KEYCLOAK-16939 : Performance testsuite -> new gc charts, sar profiles, new datasets, crossdc profile https://issues.redhat.com/browse/KEYCLOAK-16939
KEYCLOAK-16468 KEYCLOAK-16468 Support for deny list of metadata attributes not updateable by account REST and admin REST https://issues.redhat.com/browse/KEYCLOAK-16468
KEYCLOAK-14019 KEYCLOAK-14019 Improvements for request_uri parameter https://issues.redhat.com/browse/KEYCLOAK-14019
KEYCLOAK-14856 KEYCLOAK-14856 fix migration, add ssl for migration server https://issues.redhat.com/browse/KEYCLOAK-14856
KEYCLOAK-15390 KEYCLOAK-15390 fix ClientMappersOIDCTest https://issues.redhat.com/browse/KEYCLOAK-15390

12.0.4

Changelog

Ticket-ID Commit Issue-ID

12.0.3

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-16890 KEYCLOAK-16890: Stored XSS attack on new acct console https://issues.redhat.com/browse/KEYCLOAK-16890
KEYCLOAK-17033 KEYCLOAK-17033: Reflected XSS attack with referrer in new account console https://issues.redhat.com/browse/KEYCLOAK-17033

12.0.2

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-16468 KEYCLOAK-16468 Support for deny list of metadata attributes not updateable by account REST and admin REST https://issues.redhat.com/browse/KEYCLOAK-16468
KEYCLOAK-14019 KEYCLOAK-14019 Improvements for request_uri parameter https://issues.redhat.com/browse/KEYCLOAK-14019

12.0.1

Changelog

Ticket-ID Commit Issue-ID

12.0.0

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-16354 KEYCLOAK-16354: Update serialize-javascript dependency https://issues.redhat.com/browse/KEYCLOAK-16354
KEYCLOAK-14352 [KEYCLOAK-14352] JavaScript injection vulnerability of Realm registration REST API https://issues.redhat.com/browse/KEYCLOAK-14352
KEYCLOAK-14306 KEYCLOAK-14306 OIDC redirect_uri allows dangerous schemes resulting in potential XSS https://issues.redhat.com/browse/KEYCLOAK-14306
KEYCLOAK-15012 KEYCLOAK-15012 Fix issue with folder theme provider https://issues.redhat.com/browse/KEYCLOAK-15012
KEYCLOAK-15295 KEYCLOAK-15295 User can manage resources with just "view-profile" role using new Account Console https://issues.redhat.com/browse/KEYCLOAK-15295
KEYCLOAK-15735 KEYCLOAK-15735 Fix LDAPSamlIdPInitiatedVaryingLetterCaseTest failures on few DBs https://issues.redhat.com/browse/KEYCLOAK-15735
KEYCLOAK-15921 KEYCLOAK-15921 Fix auth server URL https://issues.redhat.com/browse/KEYCLOAK-15921
KEYCLOAK-15892 KEYCLOAK-15892 Can not install 7.4.3.CR1 Fuse adapter https://issues.redhat.com/browse/KEYCLOAK-15892
KEYCLOAK-15830 KEYCLOAK-15830 Remove authentication session after failed directGrant authentication https://issues.redhat.com/browse/KEYCLOAK-15830
KEYCLOAK-15734 KEYCLOAK-15734 Exclude tests with testingClient in remote environment https://issues.redhat.com/browse/KEYCLOAK-15734
KEYCLOAK-14828 KEYCLOAK-14828 Disable DTD for SAML XML parser https://issues.redhat.com/browse/KEYCLOAK-14828
KEYCLOAK-14232 KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak https://issues.redhat.com/browse/KEYCLOAK-14232
KEYCLOAK-15270 KEYCLOAK-15270 Account REST API doesn't verify audience https://issues.redhat.com/browse/KEYCLOAK-15270
KEYCLOAK-15395. KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints. https://issues.redhat.com/browse/KEYCLOAK-15395.
KEYCLOAK-14510 KEYCLOAK-14510 Properly close Response object https://issues.redhat.com/browse/KEYCLOAK-14510
KEYCLOAK-14826 KEYCLOAK-14826 Fix non-ssl auth-server tests failures https://issues.redhat.com/browse/KEYCLOAK-14826

11.0.3

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-15585 KEYCLOAK-15585 OIDC redirect_uri allows dangerous schemes resulting in potential XSS https://issues.redhat.com/browse/KEYCLOAK-15585
KEYCLOAK-14969 KEYCLOAK-14969 Whitelist RefreshableKeycloakSecurityContext for KeycloakPrincipal serialization https://issues.redhat.com/browse/KEYCLOAK-14969
KEYCLOAK-15590 KEYCLOAK-15590 Javascript adapter init() is throwing a promise error after upgrade to 11 https://issues.redhat.com/browse/KEYCLOAK-15590
KEYCLOAK-15722 KEYCLOAK-15722 KeycloakPromise sometimes doesn't work https://issues.redhat.com/browse/KEYCLOAK-15722
KEYCLOAK-15584 KEYCLOAK-15584 User can manage resources with just "view-profile" role using new Account Console https://issues.redhat.com/browse/KEYCLOAK-15584
KEYCLOAK-15012 KEYCLOAK-15012 Fix issue with folder theme provider https://issues.redhat.com/browse/KEYCLOAK-15012

11.0.2

Changelog

Ticket-ID Commit Issue-ID

11.0.1

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-14872 KEYCLOAK-14872 CL DoS - read-timetout of the HTTP listener set to 30000 ms - read-timetout of the HTTPS listener set to 30000 ms - max-pool-size of the KeycloakDS datasource set to 100 connections https://issues.redhat.com/browse/KEYCLOAK-14872
KEYCLOAK-15217 KEYCLOAK-15217 Revert accidentally removed changes from KEYCLOAK-14107 https://issues.redhat.com/browse/KEYCLOAK-15217
KEYCLOAK-14352 [KEYCLOAK-14352] JavaScript injection vulnerability of Realm registration REST API https://issues.redhat.com/browse/KEYCLOAK-14352
KEYCLOAK-14232 KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak https://issues.redhat.com/browse/KEYCLOAK-14232
KEYCLOAK-14828 KEYCLOAK-14828 Disable DTD for SAML XML parser https://issues.redhat.com/browse/KEYCLOAK-14828

11.0.0

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-14778 KEYCLOAK-14778 Springboot tests fails with compilation error https://issues.redhat.com/browse/KEYCLOAK-14778
KEYCLOAK-14508 KEYCLOAK-14508 - Exclude SessionNotOnOrAfterTest from remote tests https://issues.redhat.com/browse/KEYCLOAK-14508
KEYCLOAK-14474 KEYCLOAK-14474 ConsentsTest fails intermittently on auth-server-undertow https://issues.redhat.com/browse/KEYCLOAK-14474
KEYCLOAK-14574 KEYCLOAK-14574: Update angularjs to 1.8.0 https://issues.redhat.com/browse/KEYCLOAK-14574
KEYCLOAK-14546 KEYCLOAK-14546 Springboot tests fails with compilation error https://issues.redhat.com/browse/KEYCLOAK-14546
KEYCLOAK-14516 KEYCLOAK-14516 app-server-eap6 tests fails due to compilation error https://issues.redhat.com/browse/KEYCLOAK-14516
KEYCLOAK-14087 KEYCLOAK-14087 migration from 9.0.3 https://issues.redhat.com/browse/KEYCLOAK-14087
KEYCLOAK-10162 KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types https://issues.redhat.com/browse/KEYCLOAK-10162
KEYCLOAK-12305 [KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid login(s) using various authentication methods, bind credential types, and connection encryption mechanisms https://issues.redhat.com/browse/KEYCLOAK-12305
KEYCLOAK-13748 KEYCLOAK-13748 Create automated test for scenario with alternative subflow for credential reset https://issues.redhat.com/browse/KEYCLOAK-13748
KEYCLOAK-13047 KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP https://issues.redhat.com/browse/KEYCLOAK-13047
KEYCLOAK-14062 KEYCLOAK-14062 Add postgres10 https://issues.redhat.com/browse/KEYCLOAK-14062
KEYCLOAK-14086 KEYCLOAK-14086 Outdated wildfly deprecated version https://issues.redhat.com/browse/KEYCLOAK-14086

10.0.2

Changelog

Ticket-ID Commit Issue-ID

10.0.1

Changelog

Ticket-ID Commit Issue-ID

10.0.0

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-13636 KEYCLOAK-13636 Missing wildfly-dist in EAP 7.4.0.CD19 build https://issues.redhat.com/browse/KEYCLOAK-13636
KEYCLOAK-13656 [KEYCLOAK-13656] - Deny request if requested scope is not associated to resource or any typed resources https://issues.redhat.com/browse/KEYCLOAK-13656
KEYCLOAK-13852 KEYCLOAK-13852 reset time at the end of testTokenConcurrentRefresh test https://issues.redhat.com/browse/KEYCLOAK-13852
KEYCLOAK-13306 KEYCLOAK-13306 Model fixes for check realm when lookup by ID https://issues.redhat.com/browse/KEYCLOAK-13306
KEYCLOAK-13285 KEYCLOAK-13285 Enable check identity for email https://issues.redhat.com/browse/KEYCLOAK-13285
KEYCLOAK-7450 [KEYCLOAK-7450] - Match subject when validating id_token returned from external OP https://issues.redhat.com/browse/KEYCLOAK-7450
KEYCLOAK-13660 KEYCLOAK-13660 Patch installation is not performed with -Dauth.server.patch.zips https://issues.redhat.com/browse/KEYCLOAK-13660
KEYCLOAK-13383 KEYCLOAK-13383 WebAuthnRegisterAndLoginTest fails with -Dproduct with auth-server-eap https://issues.redhat.com/browse/KEYCLOAK-13383
KEYCLOAK-13384 KEYCLOAK-13384 exclude IdentityProviderTest.failCreateInvalidUrl from remote-tests https://issues.redhat.com/browse/KEYCLOAK-13384
KEYCLOAK-13571 KEYCLOAK-13571 KcinitTest fails with -Dproduct due to skipped maven plugin exacution https://issues.redhat.com/browse/KEYCLOAK-13571
KEYCLOAK-12972 KEYCLOAK-12972 Fix fuse tests https://issues.redhat.com/browse/KEYCLOAK-12972

9.0.3

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-13383 KEYCLOAK-13383 WebAuthnRegisterAndLoginTest fails with -Dproduct with auth-server-eap https://issues.redhat.com/browse/KEYCLOAK-13383
KEYCLOAK-13384 KEYCLOAK-13384 exclude IdentityProviderTest.failCreateInvalidUrl from remote-tests https://issues.redhat.com/browse/KEYCLOAK-13384
KEYCLOAK-13571 KEYCLOAK-13571 KcinitTest fails with -Dproduct due to skipped maven plugin exacution https://issues.redhat.com/browse/KEYCLOAK-13571
KEYCLOAK-12972 KEYCLOAK-12972 Fix fuse tests https://issues.redhat.com/browse/KEYCLOAK-12972
KEYCLOAK-13285 KEYCLOAK-13285 Enable check identity for email https://issues.redhat.com/browse/KEYCLOAK-13285

9.0.2

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-13259 KEYCLOAK-13259 https://issues.redhat.com/browse/KEYCLOAK-13259
KEYCLOAK-12986 KEYCLOAK-12986 BruteForceProtector does not log failures when login failure in PostBroker flow https://issues.redhat.com/browse/KEYCLOAK-12986
KEYCLOAK-12156 KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint https://issues.redhat.com/browse/KEYCLOAK-12156
KEYCLOAK-13393 [KEYCLOAK-13393] Account2 marked as experimental https://issues.redhat.com/browse/KEYCLOAK-13393
KEYCLOAK-13380 KEYCLOAK-13380 Validate alignment https://issues.redhat.com/browse/KEYCLOAK-13380
KEYCLOAK-13390 KEYCLOAK-13390 license file update before 9.0.1 release https://issues.redhat.com/browse/KEYCLOAK-13390
KEYCLOAK-13388 KEYCLOAK-13388 Trailing comma in tsconfig.json https://issues.redhat.com/browse/KEYCLOAK-13388
KEYCLOAK-13386 [KEYCLOAK-13386] - SslRequired.EXTERNAL doesn't work for identity broker validations https://issues.redhat.com/browse/KEYCLOAK-13386
KEYCLOAK-13379 KEYCLOAK-13379 added now excluded project files https://issues.redhat.com/browse/KEYCLOAK-13379
KEYCLOAK-13369 KEYCLOAK-13369 Not possible to move groups in admin console https://issues.redhat.com/browse/KEYCLOAK-13369
KEYCLOAK-13368 KEYCLOAK-13368 TestClassProvider undertow server not stopped after testsuite https://issues.redhat.com/browse/KEYCLOAK-13368
KEYCLOAK-8372 KEYCLOAK-8372 - User Federation tests - fixing for different vendors (#6909) https://issues.redhat.com/browse/KEYCLOAK-8372
KEYCLOAK-12870 KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking (#6828) https://issues.redhat.com/browse/KEYCLOAK-12870
KEYCLOAK-13273 [KEYCLOAK-13273] - Remove group policy when group is removed https://issues.redhat.com/browse/KEYCLOAK-13273
KEYCLOAK-13356 KEYCLOAK-13356 Update licenses for kerby-asn1 https://issues.redhat.com/browse/KEYCLOAK-13356
KEYCLOAK-13348 KEYCLOAK-13348 license files updates - due to broken product build https://issues.redhat.com/browse/KEYCLOAK-13348
KEYCLOAK-4923 KEYCLOAK-4923: Client Service Account Roles are not exported https://issues.redhat.com/browse/KEYCLOAK-4923
KEYCLOAK-12696 KEYCLOAK-12696 license files updates https://issues.redhat.com/browse/KEYCLOAK-12696
KEYCLOAK-13007 KEYCLOAK-13007 Add LDAPAccountTest https://issues.redhat.com/browse/KEYCLOAK-13007
KEYCLOAK-12696 KEYCLOAK-12696 Upgrade to webauthn4j 0.10.2.RELEASE https://issues.redhat.com/browse/KEYCLOAK-12696
KEYCLOAK-13249 KEYCLOAK-13249 jpa-changelog-8.0.0.xml contains whitespace character https://issues.redhat.com/browse/KEYCLOAK-13249
KEYCLOAK-12768 KEYCLOAK-12768: Prevent reserved characters in URLs https://issues.redhat.com/browse/KEYCLOAK-12768
KEYCLOAK-12844 KEYCLOAK-12844: keycloak.d.ts does not belong in new account console https://issues.redhat.com/browse/KEYCLOAK-12844
KEYCLOAK-13257 KEYCLOAK-13257 Fix WelcomeScreenTest.accountSecurityTest https://issues.redhat.com/browse/KEYCLOAK-13257
KEYCLOAK-13256 KEYCLOAK-13256 Fix WebAuthn in new Account Console tests https://issues.redhat.com/browse/KEYCLOAK-13256
KEYCLOAK-13036 [KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK - credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores https://issues.redhat.com/browse/KEYCLOAK-13036
KEYCLOAK-5162 KEYCLOAK-5162 Add index to even table https://issues.redhat.com/browse/KEYCLOAK-5162
KEYCLOAK-11282 [KEYCLOAK-11282] - Properly resolve config resolver https://issues.redhat.com/browse/KEYCLOAK-11282
KEYCLOAK-11412 KEYCLOAK-11412 Display more nice error message when creating top level group with same name https://issues.redhat.com/browse/KEYCLOAK-11412
KEYCLOAK-12869 KEYCLOAK-12869 REST sends credential type when no credential exists and credential disabled https://issues.redhat.com/browse/KEYCLOAK-12869
KEYCLOAK-9782 KEYCLOAK-9782: Do not allow duplicate group name when updating https://issues.redhat.com/browse/KEYCLOAK-9782
KEYCLOAK-12881 KEYCLOAK-12881 KEYCLOAK-13099 Update FederatedIdentities and Groups on POST https://issues.redhat.com/browse/KEYCLOAK-12881
KEYCLOAK-12344 KEYCLOAK-12344 Update examples version https://issues.redhat.com/browse/KEYCLOAK-12344
KEYCLOAK-13174 KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage https://issues.redhat.com/browse/KEYCLOAK-13174
KEYCLOAK-12876 KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage https://issues.redhat.com/browse/KEYCLOAK-12876
KEYCLOAK-13186 KEYCLOAK-13186 Remove role information from RefreshTokens https://issues.redhat.com/browse/KEYCLOAK-13186
KEYCLOAK-12579 KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups https://issues.redhat.com/browse/KEYCLOAK-12579
KEYCLOAK-10029 KEYCLOAK-10029 Offline token migration fix. Always test offline-token migration when run MigrationTest https://issues.redhat.com/browse/KEYCLOAK-10029
KEYCLOAK-13237 KEYCLOAK-13237 Allow look ahead window set to 0 for otp policy https://issues.redhat.com/browse/KEYCLOAK-13237
KEYCLOAK-11345 [KEYCLOAK-11345] - Test basic features of Keycloak.X with current tetsuite https://issues.redhat.com/browse/KEYCLOAK-11345
KEYCLOAK-13233 KEYCLOAK-13233 Fix missing text-security files https://issues.redhat.com/browse/KEYCLOAK-13233
KEYCLOAK-13253 KEYCLOAK-13253 read rpId from policy in WebAuthnAuthenticator https://issues.redhat.com/browse/KEYCLOAK-13253
KEYCLOAK-11808 KEYCLOAK-11808 update testsuite to use current jdbc driver version for migration testing https://issues.redhat.com/browse/KEYCLOAK-11808
KEYCLOAK-13163 KEYCLOAK-13163 Fixed searching for user with fine-grained permissions https://issues.redhat.com/browse/KEYCLOAK-13163
KEYCLOAK-13069 KEYCLOAK-13069 Fix failing RH-SSO base tests https://issues.redhat.com/browse/KEYCLOAK-13069
KEYCLOAK-13260 KEYCLOAK-13260 Fix "Test authentication" button for LDAP User Federation https://issues.redhat.com/browse/KEYCLOAK-13260
KEYCLOAK-11424 KEYCLOAK-11424 DBAllocatorUnavailableException https://issues.redhat.com/browse/KEYCLOAK-11424
KEYCLOAK-13074 KEYCLOAK-13074 Don't return LDAP group members if under IMPORT mode https://issues.redhat.com/browse/KEYCLOAK-13074
KEYCLOAK-9851 KEYCLOAK-9851 Removed properties from realm json attributes that are included as fields https://issues.redhat.com/browse/KEYCLOAK-9851
KEYCLOAK-13026 KEYCLOAK-13026 Set path of OAuth_Token_Request_State cookie to / https://issues.redhat.com/browse/KEYCLOAK-13026
KEYCLOAK-12799 KEYCLOAK-12799 Missing Cancel button on The WebAuthn setup screen when using AIA https://issues.redhat.com/browse/KEYCLOAK-12799
KEYCLOAK-10330 KEYCLOAK-10330 Force Jackson2 provider to be used by Keycloak admin client, to prevent json-b provider taking over https://issues.redhat.com/browse/KEYCLOAK-10330
KEYCLOAK-12885 KEYCLOAK-12885 Make sure empty protocol in client scope doesn't result in NPE in well-known endpoint https://issues.redhat.com/browse/KEYCLOAK-12885
KEYCLOAK-13056 [KEYCLOAK-13056] - Searching clients with reduced permissions results in 403 https://issues.redhat.com/browse/KEYCLOAK-13056
KEYCLOAK-13175 [KEYCLOAK-13175] - Setting the enforcement mode when fetching lazily fetching resources https://issues.redhat.com/browse/KEYCLOAK-13175
KEYCLOAK-10967 KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods. https://issues.redhat.com/browse/KEYCLOAK-10967
KEYCLOAK-13102 KEYCLOAK-13102 Remove error log message on invalid response_type https://issues.redhat.com/browse/KEYCLOAK-13102
KEYCLOAK-12968 KEYCLOAK-12968 fix ClientTest.getAllClientsSearchAndPagination for postgresql https://issues.redhat.com/browse/KEYCLOAK-12968
KEYCLOAK-12192 [KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs https://issues.redhat.com/browse/KEYCLOAK-12192
KEYCLOAK-13181 KEYCLOAK-13181 Fix NPE in EAP 6 adapter https://issues.redhat.com/browse/KEYCLOAK-13181
KEYCLOAK-9346 KEYCLOAK-9346 Add new KeycloakPromise to support native promises https://issues.redhat.com/browse/KEYCLOAK-9346
KEYCLOAK-13116 KEYCLOAK-13116 Fix backwards compatilbity changes in LocaleSelectorSPI https://issues.redhat.com/browse/KEYCLOAK-13116
KEYCLOAK-12749 KEYCLOAK-12749 single worker/IO thread, use OAUTH2 constants https://issues.redhat.com/browse/KEYCLOAK-12749
KEYCLOAK-12749 KEYCLOAK-12749 fix "invalid state" error due to IE requesting favicon https://issues.redhat.com/browse/KEYCLOAK-12749
KEYCLOAK-12285 KEYCLOAK-12285 Add support for RestEasy 4 to admin client https://issues.redhat.com/browse/KEYCLOAK-12285
KEYCLOAK-12980 [KEYCLOAK-12980] Username not updated when "Email as username" is enabled https://issues.redhat.com/browse/KEYCLOAK-12980
KEYCLOAK-13119 KEYCLOAK-13119 Fixing migration to Keycloak 2.2.0+ to correctly preserve default identity provider https://issues.redhat.com/browse/KEYCLOAK-13119
KEYCLOAK-11804 [KEYCLOAK-11804] - Block service accounts to authenticate or manage credentials https://issues.redhat.com/browse/KEYCLOAK-11804
KEYCLOAK-12612 [KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs - no longer compare them to the server absolutePath; instead use the base URI to build the validation URL https://issues.redhat.com/browse/KEYCLOAK-12612
KEYCLOAK-11903 KEYCLOAK-11903 Test for XSW attacks https://issues.redhat.com/browse/KEYCLOAK-11903
KEYCLOAK-13167 KEYCLOAK-13167 - JDBC resource leak in custom migrations https://issues.redhat.com/browse/KEYCLOAK-13167
KEYCLOAK-12695 KEYCLOAK-12695 Upgrade to openshift-restclient-java 8.0.0.Final https://issues.redhat.com/browse/KEYCLOAK-12695
KEYCLOAK-12606 KEYCLOAK-12606 Add test https://issues.redhat.com/browse/KEYCLOAK-12606
KEYCLOAK-13085 KEYCLOAK-13085 minor fixes https://issues.redhat.com/browse/KEYCLOAK-13085
KEYCLOAK-13085 KEYCLOAK-13085 pt_BR messages for login and email https://issues.redhat.com/browse/KEYCLOAK-13085
KEYCLOAK-12450 KEYCLOAK-12450 Revert em.clear() call https://issues.redhat.com/browse/KEYCLOAK-12450
KEYCLOAK-10898 KEYCLOAK-10898 WildFly Adapter CLI based installation scripts https://issues.redhat.com/browse/KEYCLOAK-10898
KEYCLOAK-13161 KEYCLOAK-13161 Use iterator instead of for-each loop in ClientCredentialsProviderUtils https://issues.redhat.com/browse/KEYCLOAK-13161
KEYCLOAK-12884 KEYCLOAK-12884 Add more tests for SameSite https://issues.redhat.com/browse/KEYCLOAK-12884
KEYCLOAK-13113 KEYCLOAK-13113 Exclude tests for Tomcat https://issues.redhat.com/browse/KEYCLOAK-13113
KEYCLOAK-12817 KEYCLOAK-12817: Password form is stretched if IdP is configured https://issues.redhat.com/browse/KEYCLOAK-12817
KEYCLOAK-13070 KEYCLOAK-13070 UserConsentWithUserStorageModelTest failing with ModelDuplicateException https://issues.redhat.com/browse/KEYCLOAK-13070
KEYCLOAK-12816 KEYCLOAK-12816 Fix representation to model conversion https://issues.redhat.com/browse/KEYCLOAK-12816
KEYCLOAK-12640 [KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import https://issues.redhat.com/browse/KEYCLOAK-12640
KEYCLOAK-13111 KEYCLOAK-13111 Move execution of db-allocator-plugin to jpa profile https://issues.redhat.com/browse/KEYCLOAK-13111
KEYCLOAK-13096 KEYCLOAK-13096 Add compile scope hamcrest dependency to springboot tests https://issues.redhat.com/browse/KEYCLOAK-13096
KEYCLOAK-12979 KEYCLOAK-12979 Fix group-attribute parsing https://issues.redhat.com/browse/KEYCLOAK-12979
KEYCLOAK-13097 KEYCLOAK-13097 fix UserStorageTest - add cleanup after test https://issues.redhat.com/browse/KEYCLOAK-13097
KEYCLOAK-10673 KEYCLOAK-10673 updated text-security to 2.0 https://issues.redhat.com/browse/KEYCLOAK-10673
KEYCLOAK-13060 KEYCLOAK-13060 - Use CDI transaction manager https://issues.redhat.com/browse/KEYCLOAK-13060
KEYCLOAK-11335 KEYCLOAK-11335 - Use Agroal DataSource https://issues.redhat.com/browse/KEYCLOAK-11335
KEYCLOAK-12794 [KEYCLOAK-12794] - Missing id token checks in oidc broker https://issues.redhat.com/browse/KEYCLOAK-12794
KEYCLOAK-11155 KEYCLOAK-11155 split on first '=' instead of all https://issues.redhat.com/browse/KEYCLOAK-11155
KEYCLOAK-11129 KEYCLOAK-11129 coalesce possible null values https://issues.redhat.com/browse/KEYCLOAK-11129
KEYCLOAK-10953 KEYCLOAK-10953 Avoid NPE when Updating Clients via Admin REST API https://issues.redhat.com/browse/KEYCLOAK-10953
KEYCLOAK-7961 KEYCLOAK-7961 Avoid sending back-channel logout requests to disabled clients https://issues.redhat.com/browse/KEYCLOAK-7961
KEYCLOAK-12689 KEYCLOAK-12689 - (tests) https://issues.redhat.com/browse/KEYCLOAK-12689
KEYCLOAK-12689 KEYCLOAK-12689 - Improvements for camelCase config properties https://issues.redhat.com/browse/KEYCLOAK-12689
KEYCLOAK-13068 KEYCLOAK-13068 - Upgrade to Quarkus 1.2.1.Final https://issues.redhat.com/browse/KEYCLOAK-13068
KEYCLOAK-11576 [KEYCLOAK-11576] - Properly handling redirect_uri parser errors https://issues.redhat.com/browse/KEYCLOAK-11576
KEYCLOAK-13054 KEYCLOAK-13054 Unblock temporarily disabled user on password reset, and remove invalid error message https://issues.redhat.com/browse/KEYCLOAK-13054
KEYCLOAK-12635 KEYCLOAK-12635 KEYCLOAK-12935 KEYCLOAK-13023 UI test fixes https://issues.redhat.com/browse/KEYCLOAK-12635
KEYCLOAK-12958 KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780) https://issues.redhat.com/browse/KEYCLOAK-12958
KEYCLOAK-12962 KEYCLOAK-12962 Enforce 3.6.0 maven version for deploy phase https://issues.redhat.com/browse/KEYCLOAK-12962
KEYCLOAK-12899 KEYCLOAK-12899 Fix incorrect exception message in JWE https://issues.redhat.com/browse/KEYCLOAK-12899
KEYCLOAK-13041 KEYCLOAK-13041 Upgrade to EAP 7.3.0.CR4 https://issues.redhat.com/browse/KEYCLOAK-13041
KEYCLOAK-12826 KEYCLOAK-12826 WebAuthn fails to login user when their security key supports "user handle" https://issues.redhat.com/browse/KEYCLOAK-12826
KEYCLOAK-8044 KEYCLOAK-8044 Clear theme caches on hot-deploy https://issues.redhat.com/browse/KEYCLOAK-8044
KEYCLOAK-12268 KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm https://issues.redhat.com/browse/KEYCLOAK-12268
KEYCLOAK-11700 KEYCLOAK-11700 Lower-case passwords before checking with password blacklist https://issues.redhat.com/browse/KEYCLOAK-11700
KEYCLOAK-13032 KEYCLOAK-13032 Add no cache headers to account form service https://issues.redhat.com/browse/KEYCLOAK-13032
KEYCLOAK-12597 KEYCLOAK-12597 Fix admin console with base theme https://issues.redhat.com/browse/KEYCLOAK-12597
KEYCLOAK-12960 KEYCLOAK-12960 Use Long for time based values in JsonWebToken https://issues.redhat.com/browse/KEYCLOAK-12960
KEYCLOAK-12969 KEYCLOAK-12969 Don't use GenericFilter in server-authz test application https://issues.redhat.com/browse/KEYCLOAK-12969
KEYCLOAK-12612 [KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs - no longer compare them to the server absolutePath; instead use the base URI to build the validation URL https://issues.redhat.com/browse/KEYCLOAK-12612
KEYCLOAK-12858 KEYCLOAK-12858 Authenticator is sometimes required even when configured as alternative https://issues.redhat.com/browse/KEYCLOAK-12858
KEYCLOAK-12926 KEYCLOAK-12926 Improve Locale based message lookup https://issues.redhat.com/browse/KEYCLOAK-12926
KEYCLOAK-13003 KEYCLOAK-13003 Remove a mention about providers directory https://issues.redhat.com/browse/KEYCLOAK-13003

9.0.1

There is no 9.0.1 tag (anymore).

9.0.0

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-10420 KEYCLOAK-10420 Broker tests don't work with RH-SSO https://issues.redhat.com/browse/KEYCLOAK-10420
KEYCLOAK-12065 KEYCLOAK-12065 UserSessionInitializerTest is failing https://issues.redhat.com/browse/KEYCLOAK-12065
KEYCLOAK-12964 KEYCLOAK-12964 Fix adapter remote tests execution deciding https://issues.redhat.com/browse/KEYCLOAK-12964
KEYCLOAK-12963 KEYCLOAK-12963 Exclude testNoPortInDestination test for remote container https://issues.redhat.com/browse/KEYCLOAK-12963
KEYCLOAK-12237 KEYCLOAK-12237 Fix WelcomePageTest on Postgresql https://issues.redhat.com/browse/KEYCLOAK-12237
KEYCLOAK-11930 KEYCLOAK-11930 removal of xstream license references as this dependency has been removed https://issues.redhat.com/browse/KEYCLOAK-11930
KEYCLOAK-12228 KEYCLOAK-12228 Sensitive Data Exposure from patch of hiba haddad haddadhiba0@gmail.com https://issues.redhat.com/browse/KEYCLOAK-12228
KEYCLOAK-12821 KEYCLOAK-12821 Check if action is disabled in realm before executing https://issues.redhat.com/browse/KEYCLOAK-12821
KEYCLOAK-9563 KEYCLOAK-9563 Improve access token checks for userinfo endpoint https://issues.redhat.com/browse/KEYCLOAK-9563
KEYCLOAK-12638 KEYCLOAK-12638 Remove Request parameters from exception message https://issues.redhat.com/browse/KEYCLOAK-12638
KEYCLOAK-12764 KEYCLOAK-12764 Fix shrinkwrap issue by updating arquillian bom version https://issues.redhat.com/browse/KEYCLOAK-12764
KEYCLOAK-12193 KEYCLOAK-12193 Internal error message returned in error response https://issues.redhat.com/browse/KEYCLOAK-12193
KEYCLOAK-12190 KEYCLOAK-12190 Fix PartialImportTest for client validation https://issues.redhat.com/browse/KEYCLOAK-12190
KEYCLOAK-12190 KEYCLOAK-12190 Add validation for client root and base URLs https://issues.redhat.com/browse/KEYCLOAK-12190
KEYCLOAK-12792 [KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering https://issues.redhat.com/browse/KEYCLOAK-12792
KEYCLOAK-12240 KEYCLOAK-12240 MigrationModelTest fails in pipeline https://issues.redhat.com/browse/KEYCLOAK-12240
KEYCLOAK-12744 [KEYCLOAK-12744] rh-sso-preview theme for product build https://issues.redhat.com/browse/KEYCLOAK-12744
KEYCLOAK-12236 KEYCLOAK-12236 NumberFormatException when starting container (#6689) https://issues.redhat.com/browse/KEYCLOAK-12236
KEYCLOAK-12724 KEYCLOAK-12724 - workaround hibernate bug - set explicitly dialect for oracle version greater than 12 https://issues.redhat.com/browse/KEYCLOAK-12724
KEYCLOAK-12462 KEYCLOAK-12462 Align to EAP 7.3.0.CR3 https://issues.redhat.com/browse/KEYCLOAK-12462
KEYCLOAK-12462 KEYCLOAK-12462 Align to EAP 7.3.0.GA https://issues.redhat.com/browse/KEYCLOAK-12462
KEYCLOAK-12242 KEYCLOAK-12242 KEYCLOAK-12280 https://issues.redhat.com/browse/KEYCLOAK-12242
KEYCLOAK-11863 KEYCLOAK-11863 ConfigMigrationTest wrong assertion for Standalone configuration https://issues.redhat.com/browse/KEYCLOAK-11863
KEYCLOAK-12062 KEYCLOAK-12062 AccountLinkSpringBootTest is failing https://issues.redhat.com/browse/KEYCLOAK-12062
KEYCLOAK-12117 KEYCLOAK-12117 X509BrowserLoginTest failing in pipeline https://issues.redhat.com/browse/KEYCLOAK-12117
KEYCLOAK-12072 KEYCLOAK-12072 Missing version for spring-boot-legacy-container-bundle in product https://issues.redhat.com/browse/KEYCLOAK-12072
KEYCLOAK-12070 KEYCLOAK-12070 Split properties for sun.xml.ws and sun.xml.bind https://issues.redhat.com/browse/KEYCLOAK-12070
KEYCLOAK-12070 KEYCLOAK-12070 Alignment clash for sun.jaxb.version https://issues.redhat.com/browse/KEYCLOAK-12070

8.0.2

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-12877 KEYCLOAK-12877 Fix ModelVersion for testing pipeline https://issues.redhat.com/browse/KEYCLOAK-12877
KEYCLOAK-12648 KEYCLOAK-12648 Introduce SameSite attribute in cookies https://issues.redhat.com/browse/KEYCLOAK-12648
KEYCLOAK-12439 KEYCLOAK-12439 Update node_modules folder https://issues.redhat.com/browse/KEYCLOAK-12439
KEYCLOAK-12439 [KEYCLOAK-12439] Update to Angular 1.7.9 https://issues.redhat.com/browse/KEYCLOAK-12439
KEYCLOAK-12190 KEYCLOAK-12190 Add validation for client root and base URLs https://issues.redhat.com/browse/KEYCLOAK-12190
KEYCLOAK-12278 KEYCLOAK-12278 Default first broker login flow is broken after migration (#252) https://issues.redhat.com/browse/KEYCLOAK-12278
KEYCLOAK-9563 KEYCLOAK-9563 Improve access token checks for userinfo endpoint https://issues.redhat.com/browse/KEYCLOAK-9563
KEYCLOAK-12571 KEYCLOAK-12571 upgrading xstream to newer version https://issues.redhat.com/browse/KEYCLOAK-12571
KEYCLOAK-12228 KEYCLOAK-12228 Sensitive Data Exposure from patch of hiba haddad haddadhiba0@gmail.com https://issues.redhat.com/browse/KEYCLOAK-12228
KEYCLOAK-12193 KEYCLOAK-12193 Internal error message returned in error response https://issues.redhat.com/browse/KEYCLOAK-12193

8.0.1

Changelog

Ticket-ID Commit Issue-ID
KEYCLOAK-12242 KEYCLOAK-12242 KEYCLOAK-12280 https://issues.redhat.com/browse/KEYCLOAK-12242
KEYCLOAK-12239 KEYCLOAK-12239 [REL] Upgrade to WildFly 18.0.1 https://issues.redhat.com/browse/KEYCLOAK-12239

Misq

Why?

The Keycloak maintainers do not announce security fixes (Like for every rule there are exceptions). So to identify the criticality of an update you have to check all the changes in the git repository and try to find out which of them a security fixes. But the Keycloak team makes their JIRA issues private, if they are about security issues. That allows us to correlate git commits with JIRA issues that are private. I miss this list on every Keycloak update. So I decided to do this myself. My goal is to enable others to better decide if they need to update their Keycloak instances.

Is every private issue a security issue?

I do not think so. There could also be other reasons to make an issue private. But I do not know. I am not able to check that. I expect that there will be private issues that are not security issues.

Are there security issues that are public?

I think so. One could argue that for example every Wildfly update is a security fix in some way. There also might other issues that fixes vulnerabilities, but that are public.

So which updates should I apply?

All of them. But test them properly. The .0 releases are huge sometimes and the .1 releases often contain fixes for the previous ones.

This is irresponsible!

As so often there is a problem with the dual-use security dilemma. But I do not publish new research or exploits. In the end I only gather some public information. This can be done by anyone with beginner level bash, git and curl skills. As someone responsible for Keycloak instances I rate the value for me higher than for attackers.

Are there any further informations about security and Keycloak?

First there is the Threat Model Mitigation part of the official Keycloak docs. This is their "Hardening Guide". Then there is the Keycloak - CNCF Security SIG - Self Assessment. While the submissin process is stuck for a while now the document definitely is worth a read. Third there is the report of a security assessment of Keycloak version 8.0.0 executed by Cure53 funded by REWE digital (Disclaimer: I have been involved in the assessment).

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

15.0.2 Latest
Aug 20, 2021

Packages

No packages published