Keycloak 24.0.2 released

March 25 2024

To download the release go to Keycloak downloads.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

• #25057 Inconsistent behaviour on getting user permissions using authorization authorization-services
• #27433 Clarify format of keys in `additionalOptions` field in the Keycloak CR docs
• #27481 Edit High Availability guide
• #27484 Edit 23.0 changes part of Upgrading Guide
• #27632 Integrate downstream Upgrading Guide changes into upstream
• #27696 Upgrade to Quarkus 3.8.2 dist/quarkus
• #27867 Corrections to Securing Apps Guide
• #27871 Upgrade to Infinispan 14.0.26 core
• #27953 Address feedback to Keycloak Server guide docs
• #27955 Address term Keycloak in Server Administration Guide docs
• #28009 Address edits to the Operator Guide
• #28033 Upgrade Infinispan to 14.0.27.Final
• #28084 Upgrade to Quarkus 3.8.3 dist/quarkus

Bugs

• #14501 Getting failed to initialize js message if consent is rejected by user account/ui
• #15403 No email send on TOTP/Authenticator app removal core
• #20637 Reset password flow fails with "Page has expired" error when Kerberos authentication is enabled in the browser flow authentication
• #22644 Flaky test: org.keycloak.testsuite.forms.BrowserFlowTest#testAlternativeNonInteractiveExecutorInSubflow core
• #23701 Attribute search does not work with federated users with ldap. admin/ui
• #23980 Keycloak Operator fails to install realm authentication flow because "flow is null" import-export
• #25490 Partial export/import is not mentioned in Keycloak's Server Administration Guide docs
• #25687 A java.lang.NullPointerException occurs when sending a Multipart/form-data request to any file upload interface. admin/api
• #26396 How do you update a custom user storage provider jar that includes a version number? dist/quarkus
• #27117 user sessions not accessible in all cluster nodes infinispan
• #27180 Grant type "urn:ietf:params:oauth:grant-type:uma-ticket" openid-connect/token service endpoint is returning refresh token with invalid Expiration authorization-services
• #27228 Lowercased "terms_and_conditions" is not migrated in fed_user_required_action table core
• #27245 Account console does not correctly treat link / unlink account account/ui
• #27269 mvnw clean install -Pdistribution on Windows deletes necessary files during clean of org.keycloak:keycloak-admin-ui admin/ui
• #27275 Invalidating offline token is not working from client sessions tab authentication
• #27366 Social login - test failures with unexpected status code testsuite
• #27483 Authz-client AuthorizationResource.getPermissions() ClassCastException authorization-services
• #27504 Cpu and memory sizing typo docs
• #27529 LegacyUserCredentialManager class not found storage
• #27540 URL change for liquibase docs docs
• #27548 Custom Browser Flow not working anymore admin/ui
• #27573 Release notes from 24.0.0 miss that multi-site active-passive deployments are supported docs
• #27597 dropping KC_PROXY=edge causes startup error core
• #27611 Cannot modify realm email settings since keycloak 24 user-profile
• #27653 Admin tests: Flaky realm_settings_user_profile_enabled test admin/ui
• #27701 MTLS Cache options should be runtime options, not build time options dist/quarkus
• #27719 Wrong Welcome page image in the documentation docs
• #27745 Registration template in login2 is broken login/ui
• #27761 Snyk workflow failure ci
• #27779 Broken Migration "MigrateTo24_0_0" core
• #27780 Fixing downstream documentation build docs
• #27797 User profile fields cannot be set empty once they have a non-empty value (in Login Theme) user-profile
• #27820 Account console confusing with WebAuthn account/ui
• #27841 ES translation causes FreeMarker rendering issues translations
• #27852 VerifyUserProfile invalidates user cache on every login core
• #27878 Error when executing refresh grant, with scope param, without offline_access scope specified oidc
• #27882 Incorrect version of bctls-fips in the docs docs
• #27892 Truststore handling for the Operator is not documented operator
• #27894 Multi datasource configuration does not work in Keycloak 24.0.1 dist/quarkus
• #27900 Performance impact in changed hashing measured wrong authentication
• #27925 Keycloak docs state that there are http metrics, but they are disabled docs
• #27954 Hibernate Dialect detection does not work anymore for Oracle DBs storage
• #27966 🍺 instead of dot: Attributes in account UI are not loaded user-profile
• #27967 ORA-01450 when updating keycloak 23 -> 24 storage
• #27981 User Profile: Inconsistent ordering of attributes between account and login themes user-profile
• #28001 MySQL connector artifact should be ignored dist/quarkus
• #28012 Keycloak CR Truststore should not have a name operator
• #28113 WebAuthN registration broken after upgrading to 24.0.1 authentication/webauthn