Keycloak 26.3.2 released

July 24 2025

To download the release go to Keycloak downloads.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

New features

• #40237 Add option "Requires short state parameter" to OIDC IDP authentication

Enhancements

• #40970 Run clustering compatibility tests on release/x.y branches
• #41034 Improve logging for client sessions load
• #41257 Upgrade to Infinispan 15.0.18.Final infinispan

Bugs

• #39091 Flaky test: org.keycloak.testsuite.cluster.JGroupsCertificateRotationClusterTest#testCoordinatorHasScheduleTask ci
• #39634 Update MariaDB connector to 3.5.3 dist/quarkus
• #39854 Flaky test: org.keycloak.testsuite.cluster.PermissionTicketInvalidationClusterTest#crudWithFailover ci
• #40553 Upgrade org.postgresql:postgresql to version 42.7.7 to address CVE-2025-49146 dependencies
• #40736 CVE-2025-49574 - Exposure of Resource to Wrong Sphere vulnerability in io.vertx:vertx-core dependencies
• #40782 Flaky test: org.keycloak.testsuite.cluster.RealmInvalidationClusterTest#crudWithFailover ci
• #40784 Default jdbc-ping cluster setup for distributed caches fails in Oracle infinispan
• #40977 Loglevel recorded from build phase dist/quarkus
• #40980 Can't update security-admin-console via admin UI with volatile sessions infinispan
• #40995 LDAP / ModelException: At least one condition should be provided to OR query core
• #41018 Flaky test: org.keycloak.testsuite.cluster.ClientInvalidationClusterTest#crudWithFailover ci
• #41038 FIPS errors in CI
• #41082 Multiple primary key defined when attempting to upgrade after 26.3.0 core
• #41103 Service Account users now showing in the User List admin/ui
• #41105 Unknown relation when removing realm role with --db-schema configured storage
• #41152 Docs use em-dashes instead of double dashes for SPI options in regular text docs
• #41204 UpdateTest CI failures ci
• #41370 [26.3] MariaDB connector dependency is not properly overriden dist/quarkus