🎉 欢迎访问本站,如有问题欢迎 留言
Docs
Cncf
Project
Keycloak
Keycloak 26.3.3 Release Note

来源: https://github.com/keycloak/keycloak/releases/tag/26.3.3

keycloak/keycloak 26.3.3 Release Notes

Published at: 2025-08-20T10:12:51Z

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #41558 Ensure cache configuration has correct number of owners
  • #41934 Infinispan 15.0.19.Final
  • #41963 Upgrade to Quarkus 3.20.2.1 dist/quarkus

Bugs

  • #39562 Breaking template change: Unknown `locale` input field added to user-profile registration page user-profile
  • #40984 Backchannel logout token with an unexpected signature algorithm key oidc
  • #41023 Can't send e-mails to international e-mail addresses: bad UTF-8 syntax core
  • #41098 Locked out after upgrade to 26.3.1 due to missing sub in lightweight access token core
  • #41268 `--optimized` flag and providers jar are incompatible when used with tools changing `last-modify-date` dist/quarkus
  • #41290 Concurrent starts with JDBC_PING lead to a split cluster infinispan
  • #41390 JDBC_PING2 doesn't merge split clusters after a while infinispan
  • #41421 Broken link securing-cache-communication in caching docs docs
  • #41423 Duplicate IDs in generated all configuration docs docs
  • #41469 Uncaught exception cases unclosed spans in tracing dist/quarkus
  • #41488 Synchronize Maven surefire plugin with Quarkus dist/quarkus
  • #41491 ExternalLinks are broken in documentation docs
  • #41520 LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and KERBEROS_PRINCIPAL was null on creation ldap
  • #41532 LDAP Sync all users takes unexpectedly long in 26.3 (> 30 min) ldap
  • #41537 Getting error 405 "Method Not Allowed" when calling the "certs" endpoint with HEAD method oidc
  • #41643 Test SMTP connection fails when no port is specified admin/api
  • #41663 Typo in the caching doc docs
  • #41677 Provider default regression dist/quarkus
  • #41808 CVE-2025-7962 In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages core
  • #41842 memberOf attribute empty or values with a DN that does not match the role base DN fetches all roles ldap
  • #41906 Backwards incompatible changes to 26.3.0 cause NullPoointerException when requesting /certificates/jwt.credential/generate-and-download authentication
  • #41945 After upgrade to 26.3: Not possible to use Credentials having not-unique label login/ui
Keycloak 26.3.2 Release NoteKeycloak 26.3.4 Release Note