Keycloak 25.0.6 released
September 19 2024
This post is more than one year old. The content within the blog post is likely to be out of date.
To download the release go to Keycloak downloads.
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
All resolved issues
Bugs
- #30604 Network response was not OK. saml
- #31165 Re-enabling a temporarily locked user (brute-force) deletes all user properties and attributes admin/ui
- #32100 Remember Me with External Infinispan is not works properly infinispan
- #32578 WebAuthn Flows Broken in login.v2 login/ui
- #32643 Dots are not allowed in the path in Hostname v2 dist/quarkus
- #32731 KeyCloak Admin Client uses non-standard `@NoCache` annotation which is an issue for Quarkus admin/client-java
- #32799 Realm import fails when client configures default_acr values import-export
- #32870 Increased DB activity due to changes in LDAPStorageManager.searchForUserByUserAttributeStream ldap
- #33115 CVE-2024-8883 Vulnerable Redirect URI Validation Results in Open Redirect
- #33116 CVE-2024-8698 Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak