Keycloak 26.2.5 released
May 28 2025
This post is more than one year old. The content within the blog post is likely to be out of date.
To download the release go to Keycloak downloads.
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
All resolved issues
Enhancements
- #39469 Fix Securing Apps links to adapters docs
- #39486 Email server credentials can be harvested through host/port manipulation admin/api
- #39541 Fix doc link to FGAP v1 docs
- #39543 Apply edits to Operators Guide docs
- #39572 Edit Observability Guide docs
- #39590 Fix callouts in Operator guide docs
- #39638 Sessions from Infinispan should be mapped lazily for the Admin UI
- #39651 Speed up Infinispan list of all sessions be more eagerly remove old client sessions
- #39665 When logging in, all client sessions are loaded which is slow oidc
Bugs
- #39130 Authorization Code Flow Fails Scope Validation After Credential Definition Migration to Realm Level oid4vc
- #39157 [quarkus-next] TestEngine with ID 'junit-jupiter' failed to discover tests dist/quarkus
- #39264 [OID4VCI] Documentation Errors docs
- #39358 Aggregated policy: Cannot select policies that do not appear in the drop-down list admin/ui
- #39450 quarkus runtime options are treated as buildtime options dist/quarkus
- #39496 [26.2.3/26.1.5] Regression: empty ClientList in UI for Custom UserStorageProvider admin/ui
- #39499 UI does not show user's attributes after reentering the Attributes TAB admin/ui
- #39502 Refreshed tokens are not persisted for IDP token exchange token-exchange
- #39509 UI does not show organization's attributes after reentering the Attributes TAB account/ui
- #39538 Autocomplete in Mapper type of user federation broken admin/ui
- #39540 Forms IT tests breaks with Chrome 136.0.7103.59 ci
- #39612 Unable to change the OTP hash algorithm admin/ui
- #39614 Keycloak not using custom Infinispan config infinispan
- #39663 Duplicate validation message “Please specify username.” shown on login form login/ui
- #39693 Clicking on the jump links removes the localization of the UI admin/ui
- #39697 Authorization documentation shows the wrong view authorization-services
- #39710 Recreate update is not scaling down the statefulset to zero operator
- #39724 Hibernate LazyInitializationException when deleting client with CompositeRoles core
- #39753 POST realm API returns 400 on conflict instead of 409 in version 26.2.4 admin/api
- #39798 Documentation has outdated link to the "latest" branch of quickstarts docs
- #39800 [KEYCLOAK CI] - AuroraDB IT - Create EC2 runner instance ci