Keycloak Files

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

• #10388](https://github.com/href="https://github.com/keycloak/keycloak/issues/10388">/issues/10388) Allow to hide client scopes from scopes_supported in discovery endpoint
• #43076](https://github.com/href="https://github.com/keycloak/keycloak/issues/43076">/issues/43076) Add rate limiter for sending verification emails in context of update email
• #43509](https://github.com/href="https://github.com/keycloak/keycloak/issues/43509">/issues/43509) Role authorization for workflows. admin/api

Bugs

• #41270](https://github.com/href="https://github.com/keycloak/keycloak/issues/41270">/issues/41270) Cannot save new attribute group admin/ui
• #41271](https://github.com/href="https://github.com/keycloak/keycloak/issues/41271">/issues/41271) Changing user profile attribute results in an error everytime admin/ui
• #43082](https://github.com/href="https://github.com/keycloak/keycloak/issues/43082">/issues/43082) ExternalLinksTest is broken due to missing path parameters docs
• #43091](https://github.com/href="https://github.com/keycloak/keycloak/issues/43091">/issues/43091) Duplicate Email Fields on Temporarily Locked Out Sign In With Organization Identity-First Login login/ui
• #43160](https://github.com/href="https://github.com/keycloak/keycloak/issues/43160">/issues/43160) Regression in DEBUG_PORT handling since 26.4.0 – host binding (*:port / 0.0.0.0:port) no longer works dist/quarkus
• #43460](https://github.com/href="https://github.com/keycloak/keycloak/issues/43460">/issues/43460) FGAP/UI: `reset-password` succeeds but UI shows 403 without Users:manage admin/fine-grained-permissions
• #43505](https://github.com/href="https://github.com/keycloak/keycloak/issues/43505">/issues/43505) DPoP proof replay check doesn't consider clock skew oidc
• #43516](https://github.com/href="https://github.com/keycloak/keycloak/issues/43516">/issues/43516) Deleting Client is slow and fails when a lot of client sessions exist core
• #43578](https://github.com/href="https://github.com/keycloak/keycloak/issues/43578">/issues/43578) "admin" client role now requires server admin user admin/api
• #43579](https://github.com/href="https://github.com/keycloak/keycloak/issues/43579">/issues/43579) 403 Forbidden when assigning realm-management client roles with realm-admin despite FGAP disabled (regression in 26.4.0+) admin/fine-grained-permissions
• #43596](https://github.com/href="https://github.com/keycloak/keycloak/issues/43596">/issues/43596) FGAP: user can no longer open account management page, broken by `reset-password` admin/fine-grained-permissions
• #43621](https://github.com/href="https://github.com/keycloak/keycloak/issues/43621">/issues/43621) Version 26.4.1 breaks existing ldap users with capital letters in username ldap
• #43682](https://github.com/href="https://github.com/keycloak/keycloak/issues/43682">/issues/43682) When syncing roles, the database layer can see deadlocks
• #43698](https://github.com/href="https://github.com/keycloak/keycloak/issues/43698">/issues/43698) Role Mapper is updating the user every time on login identity-brokering
• #43723](https://github.com/href="https://github.com/keycloak/keycloak/issues/43723">/issues/43723) Only add the none verifier when attestation conveyance preference is none (or default) authentication/webauthn
• #43734](https://github.com/href="https://github.com/keycloak/keycloak/issues/43734">/issues/43734) Refresh token allowed for offline session even the related scope is removed
• #43736](https://github.com/href="https://github.com/keycloak/keycloak/issues/43736">/issues/43736) FGAP V2: reset-password scope error when viewing users with Group permissions only core
• #43744](https://github.com/href="https://github.com/keycloak/keycloak/issues/43744">/issues/43744) Increased memory usage due to leaking KeycloakSession instances admin/api
• #43759](https://github.com/href="https://github.com/keycloak/keycloak/issues/43759">/issues/43759) QuarkusKeycloakSession not garbage collected when running Liquibase dist/quarkus
• #43761](https://github.com/href="https://github.com/keycloak/keycloak/issues/43761">/issues/43761) QuarkusKeycloakSession kept in memory for each timer core
• #43763](https://github.com/href="https://github.com/keycloak/keycloak/issues/43763">/issues/43763) Normalizing of Keycloak URLs not documented dist/quarkus
• #43774](https://github.com/href="https://github.com/keycloak/keycloak/issues/43774">/issues/43774) Under OLMv1 service monitor check uses wrong namespace operator
• #43785](https://github.com/href="https://github.com/keycloak/keycloak/issues/43785">/issues/43785) QuarkusKeycloakSession leak in DeclarativeUserProfileProvider user-profile
• #43853](https://github.com/href="https://github.com/keycloak/keycloak/issues/43853">/issues/43853) Ensure the logout endpoint removes the authentication session oidc
• #43863](https://github.com/href="https://github.com/keycloak/keycloak/issues/43863">/issues/43863) JS CI failing after normalization testsuite