Keycloak 25.0.6 released
September 19 2024
To download the release go to Keycloak downloads.
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
All resolved issues
Bugs
- #30604 Network response was not OK. saml
- #31165 Re-enabling a temporarily locked user (brute-force) deletes all user properties and attributes admin/ui
- #32100 Remember Me with External Infinispan is not works properly infinispan
- #32578 WebAuthn Flows Broken in login.v2 login/ui
- #32643 Dots are not allowed in the path in Hostname v2 dist/quarkus
- #32731 KeyCloak Admin Client uses non-standard `@NoCache` annotation which is an issue for Quarkus admin/client-java
- #32799 Realm import fails when client configures default_acr values import-export
- #32870 Increased DB activity due to changes in LDAPStorageManager.searchForUserByUserAttributeStream ldap
- #33115 CVE-2024-8883 Vulnerable Redirect URI Validation Results in Open Redirect
- #33116 CVE-2024-8698 Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak