🎉 欢迎访问本站,如有问题欢迎 留言
Docs
Cncf
Project
Keycloak
Keycloak 26.4.1 Release Note

来源: https://github.com/keycloak/keycloak/releases/tag/26.4.1

keycloak/keycloak 26.4.1 Release Notes

Published at: 2025-10-16T07:21:53Z

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

New features

  • #43020 Secure Client-Initiated Renegotiation - disable by default dist/quarkus

Enhancements

  • #42990 Hide read-only email attribute in update profile context with update email enabled user-profile
  • #43357 JDBC_PING should publish its physical address on startup

Bugs

  • #40965 Group permission denies to view user admin/fine-grained-permissions
  • #41292 openid-connect flow is missing response type on language change authentication
  • #42565 Standard Token Exchange: chain of exchanges eventually fails token-exchange
  • #42676 Security Defenses realm settings lost when switching between Headers and Brute Force Detection tabs (v25+) admin/ui
  • #42907 Race condition in authorization service leads to NullPointerException when evaluating permissions during concurrent resource deletion authorization-services
  • #43042 Avoid NPE in FederatedJWTClientAuthenticator when checking for supported assertion types core
  • #43070 Update email page with pending verification email messages prefilled with old email user-profile
  • #43096 keycloak-operator 26.4.0 missing clusterrole permissions docs
  • #43104 Release notes fix for update email docs
  • #43161 Restarting an user session broken for persistent sessions infinispan
  • #43164 Keycloak docs state that only TLSv1.3 is used docs
  • #43218 Cannot revoke access token generated by Standard Token Exchange oidc
  • #43254 Make sure username and email attributes are lower cased when fetching their values from LDAP object ldap
  • #43269 Keycloak 26.4 returns a different error response on a token request without Client Assertion (private_key_jwt client authentication) from Keycloak 26.3 does oidc
  • #43270 Keycloak 26.4 returns a different error response on a CIBA backchannel authentication request without Client Assertion (private_key_jwt client authentication) from Keycloak 26.3 does oidc
  • #43286 Broken links on DB server configuration guide docs
  • #43304 SAML Client - Encrypt assertions toggle shows wrong dialog text (Client signature required) saml
  • #43328 "Remember me" user sessions remain valid after "remember me" realm setting is disabled authentication
  • #43335 First JDBC_PING initialization happens in the JTA transaction context infinispan
  • #43349 Client session may be lost during session restart infinispan
  • #43394 SPIFFE client authentication does not work when JWT SVID includes `iss` claim
  • #43459 Invalid YAML in advanced Operator configurations docs
Keycloak 26.4.0 Release NoteKeycloak 26.4.2 Release Note