Keycloak 25.0.6 released

September 19 2024

To download the release go to Keycloak downloads.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Bugs

• #30604 Network response was not OK. saml
• #31165 Re-enabling a temporarily locked user (brute-force) deletes all user properties and attributes admin/ui
• #32100 Remember Me with External Infinispan is not works properly infinispan
• #32578 WebAuthn Flows Broken in login.v2 login/ui
• #32643 Dots are not allowed in the path in Hostname v2 dist/quarkus
• #32731 KeyCloak Admin Client uses non-standard `@NoCache` annotation which is an issue for Quarkus admin/client-java
• #32799 Realm import fails when client configures default_acr values import-export
• #32870 Increased DB activity due to changes in LDAPStorageManager.searchForUserByUserAttributeStream ldap
• #33115 CVE-2024-8883 Vulnerable Redirect URI Validation Results in Open Redirect
• #33116 CVE-2024-8698 Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak