keycloak

Upgrading Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Security fixes #44994 CVE-2025-67735 - netty-codec-http: Request Smuggling via CRLF Injection dependencies

Enhancements #43443 Keycloak should warn when ISPN or JGROUPS is running in debug level logging #45498 Ignore OpenAPI artifacts when disabled dist/quarkus

Bugs #44785 Can not get through SSO login if using a custom attribute with default value user-profile #45015 Deadlock in Infinispan virtual threads infinispan #45250 IDToken contains duplicate address claims oidc #45333 User admin events don't show role, group mapping, reset password like events admin/ui #45396 Database Migration fails when updating to 26.5.0 on MS SQL core #45415 cache-remote-host becomes mandatory at build time when using clusterless feature infinispan #45417 Unmanaged Attributes Type (Only administrators can view) allows admin API to set Unmanaged Attributes user-profile #45474 Admin REST API document is not up to date docs #45526 Regression (26.5.1): Organizations domain resolution fails on MariaDB/MySQL due to ORG/ORG_DOMAIN collation mismatch organizations #45533 Keycloak should not allow matrix parameters in URLs as we don't use them dist/quarkus #45570 CVE-2025-66560 - io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability #45584 Keycloak supported specs should list DPoP as supported oidc #45590 OIDCIdentityProviderConfig issuer configuration token-exchange #45597 Possible mismatch of charset/collation between columns on mysql/mariadb organizations #45651 CVE-2025-14559 keycloak-services: Keycloak keycloak-services: Business logic flaw allows unauthorized token issuance for disabled users

keycloak

Related Projects

mapbox-navigation-android

ToastFish

barcodelib

haze

26.5.2

Upgrading

All resolved issues

Security fixes

Enhancements

Bugs

Related Projects

mapbox-navigation-android

ToastFish

barcodelib

haze