Keycloak 26.0.8 released

January 13 2025

To download the release go to Keycloak downloads.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

• #33569 Show User Events on dedicated tab on Client-/User-Details
• #34091 Username Form should support autocomplete login/ui

Bugs

• #34072 The Realm Selection Dropdown Breaks After 50 Realms In Database admin/ui
• #34207 logout with client_id and/or post_logout_redirect_uri results in bad request on logout confirmation page oidc
• #34402 [Keycloak 26.0.2] Getting "Forbidden, permission needed: query-clients" as temp-admin admin/ui
• #34675 Keys tab showing disabled and inactive keys as active admin/ui
• #34995 MySQL database migration issue core
• #35048 Filter events by user id and client not working admin/ui
• #35052 `organizationEnabled` and `verifiableCredentialsEnabled` attributes are present as attributes in an export
• #35273 Edit Help Mode descriptor for Roles in policy form admin/ui
• #35290 Database migration fails after upgrading operator to v26.0.6 core
• #35317 Token issuer is null in executeActionsEmail and sendVerifyEmail if no clientId is passed admin/api
• #35324 Strange Random behavior - Intermittent missing organization claim in Keycloak JWT token organizations
• #35410 SAML Adapter Galleon Pack for EAP8 cannot use new metadata options for layers adapter/saml
• #35416 Mis-formatted definition list of hashing algorithms
• #35421 Showing LDAP error message when failing to reset password ldap
• #35475 Delete user confirm title is wrong admin/ui
• #35481 Events: Wrong text for user id search admin/ui
• #35488 [Jekins Keycloak CI] - RH-SSO EAP adapters remote saml tests ci
• #35526 Initial keycloak bootstrap suggestion is not correct. dist/quarkus
• #35544 Upgrading guide 26.0.6 is missing in the built document docs
• #35634 Temporary password toggle in set password dialog is cut off in admin-console admin/ui
• #35675 New install doesn't allow admin user creation dist/quarkus
• #35822 Exact searches should be the default when querying user by attributes admin/api
• #36394 CVE-2024-11736 Unrestricted admin use of system and environment variables
• #36395 CVE-2024-11734 Denial of Service in Keycloak Server via Security Headers