Update version.keycloak to v24.0.5 - autoclosed #5

Merged
Denys Konovalov merged 1 commits from renovate/version.keycloak into main 2024-06-15 15:51:13 +02:00

This PR contains the following updates:

Package Type Update Change
org.keycloak:keycloak-services (source) provided patch 24.0.2 -> 24.0.5
org.keycloak:keycloak-server-spi-private (source) provided patch 24.0.2 -> 24.0.5
org.keycloak:keycloak-model-legacy (source) provided patch 24.0.2 -> 24.0.5
org.keycloak:keycloak-server-spi (source) provided patch 24.0.2 -> 24.0.5
org.keycloak:keycloak-core (source) provided patch 24.0.2 -> 24.0.5

Release Notes

keycloak/keycloak (org.keycloak:keycloak-services)

v24.0.5

Compare Source

Highlights

Security issue with PAR clients using client_secret_post based authentication

This release contains the fix of the important security issue affecting some OIDC confidential clients using PAR (Pushed authorization request). In case you use OIDC confidential clients together with PAR and you use client authentication based on client_id and client_secret sent as parameters in the HTTP request body (method client_secret_post specified in the OIDC specification), it is highly encouraged to rotate the client secrets of your clients after upgrading to this version.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #​29073 Use cache.compute() method to improve the replace retry loop
  • #​29280 Update Create Realm in Keycloak 24 Getting Started

Bugs

  • #​29129 JGroups creates log messages as it switched internally to "trace" dist/quarkus
  • #​29206 LDAP user creation reports error but user is created ldap
  • #​29314 Clicking the "save" button multiple times in the Saml IDP configuration page corrupts the value of "AuthnContext ClassRefs" admin/ui
  • #​29458 Empty CSP header value breaks security filter authentication
  • #​29471 Cypress tests store videos even for passing tests ci
  • #​29525 Maven clean build doesn't clean admin client generated files ci
  • #​29554 Cypress failing on video recording ci
  • #​29625 Database driver install examples can lead to permission errors in some circumstances docs

v24.0.4

Compare Source

Highlights

Partial update to user attributes when updating users through the Admin User API is no longer supported

When updating user attributes through the Admin User API, you cannot execute partial updates when updating the user attributes, including the root attributes like username, email, firstName, and lastName.

For more details, see the Upgrading Guide.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #​27508 Use new remote-store options in HA guides
  • #​28429 Add details to error messages, especially around refresh tokens
  • #​28729 Emphasize the need for setting container limit docs
  • #​28880 Upgrade to Quarkus 3.8.4 dist/quarkus
  • #​29183 Minor corrections to High Availability Guide docs

Bugs

  • #​16345 Unable to delete realm names with invalid URL characters admin/api
  • #​22617 kc export fails when using User Federation (LDAP) with file-based Vault enabled import-export
  • #​24568 iframe for frontend logout gets blocked if a custom CSP header is used core
  • #​24878 NoClassDefFoundError for Apache XML and EAP8 adapter/jee-saml
  • #​27021 Workflow failure: Fuse adapter tests ci
  • #​27080 Workflow failure: Operator CI - KeycloakTruststoresTests#testTrustroreExists ci
  • #​27514 Uncaught server error: java.lang.IllegalArgumentException: Path parameter not provided oidc
  • #​28079 Group search does not work in user view admin/ui
  • #​28187 Admin UI drag & drop in flow config seems to delete actions admin/ui
  • #​28220 Admin API: User PUT operation clears firstname, lastname email fields admin/api
  • #​28303 WARN - Event object wasn't available in remote cache after event was received infinispan
  • #​28377 Broken lists in import/export server guide docs
  • #​28431 Dedicated client scopes always show up when searching admin/ui
  • #​28514 Message for searchClientRegistration is missing admin/ui
  • #​28666 Accessing a transient (lightweight) user through client session fails in admin-api/-ui admin/ui
  • #​28684 "Extend to children" button in authorization group policies is wrongly disabled admin/ui
  • #​28911 clients_saml_test.spec.ts fails in main admin/ui
  • #​29072 Startup probe should check for existence of an Admin user before returning 200 dist/quarkus
  • #​29094 Fix the client name help grammatical error admin/ui
  • #​29133 DuplicateEmailValidator causes two DB queries on every login if a user has an email address core
  • #​29147 local user login not possible after LDAP connection problem ldap
  • #​29154 Update docs to distinguish between product names and CR names docs
  • #​29233 Broken link in documentation docs

v24.0.3

Compare Source

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #​26695 Keycloak and MSAD: enabling account in MSAD does not propagate to Keycloak ldap

Bugs

  • #​24201 Cannot disable LDAP-backed user if importEnabled=false ldap
  • #​28100 Failed authentication: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.UserModel.getFederationLink()" because "this.delegate" is null identity-brokering
  • #​28248 Update user makes User ID changes when federationLink and LDAP_ID is not set properly admin/api
  • #​28335 The false option of the pkceMethod init parameter for the JavaScript adapter is ignored adapter/javascript
  • #​28638 Missing permission to read configmaps in `keycloak-operator-role` operator

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.keycloak:keycloak-services](http://keycloak.org) ([source](https://github.com/keycloak/keycloak)) | provided | patch | `24.0.2` -> `24.0.5` | | [org.keycloak:keycloak-server-spi-private](http://keycloak.org) ([source](https://github.com/keycloak/keycloak)) | provided | patch | `24.0.2` -> `24.0.5` | | [org.keycloak:keycloak-model-legacy](http://keycloak.org) ([source](https://github.com/keycloak/keycloak)) | provided | patch | `24.0.2` -> `24.0.5` | | [org.keycloak:keycloak-server-spi](http://keycloak.org) ([source](https://github.com/keycloak/keycloak)) | provided | patch | `24.0.2` -> `24.0.5` | | [org.keycloak:keycloak-core](http://keycloak.org) ([source](https://github.com/keycloak/keycloak)) | provided | patch | `24.0.2` -> `24.0.5` | --- ### Release Notes <details> <summary>keycloak/keycloak (org.keycloak:keycloak-services)</summary> ### [`v24.0.5`](https://github.com/keycloak/keycloak/releases/tag/24.0.5) [Compare Source](https://github.com/keycloak/keycloak/compare/24.0.4...24.0.5) <div> <h2>Highlights</h2> <div class="sect2"> <h3 id="_security_issue_with_par_clients_using_client_secret_post_based_authentication">Security issue with PAR clients using client_secret_post based authentication</h3> <div class="paragraph"> <p>This release contains the fix of the important security issue affecting some OIDC confidential clients using PAR (Pushed authorization request). In case you use OIDC confidential clients together with PAR and you use client authentication based on <code>client_id</code> and <code>client_secret</code> sent as parameters in the HTTP request body (method <code>client_secret_post</code> specified in the OIDC specification), it is highly encouraged to rotate the client secrets of your clients after upgrading to this version.</p> </div> </div> <h2>Upgrading</h2> <p>Before upgrading refer to <a href="file:/home/runner/work/keycloak-rel/keycloak-rel/target/web/docs/latest/upgrading/index.html#migration-changes">the migration guide</a> for a complete list of changes.</p> <h2>All resolved issues</h2> <h3>Enhancements</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/29073">#&#8203;29073</a> Use cache.compute() method to improve the replace retry loop </li> <li><a href="https://github.com/keycloak/keycloak/issues/29280">#&#8203;29280</a> Update Create Realm in Keycloak 24 Getting Started </li> </ul> <h3>Bugs</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/29129">#&#8203;29129</a> JGroups creates log messages as it switched internally to "trace" <code>dist/quarkus</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29206">#&#8203;29206</a> LDAP user creation reports error but user is created <code>ldap</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29314">#&#8203;29314</a> Clicking the "save" button multiple times in the Saml IDP configuration page corrupts the value of "AuthnContext ClassRefs" <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29458">#&#8203;29458</a> Empty CSP header value breaks security filter <code>authentication</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29471">#&#8203;29471</a> Cypress tests store videos even for passing tests <code>ci</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29525">#&#8203;29525</a> Maven clean build doesn't clean admin client generated files <code>ci</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29554">#&#8203;29554</a> Cypress failing on video recording <code>ci</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29625">#&#8203;29625</a> Database driver install examples can lead to permission errors in some circumstances <code>docs</code></li> </ul> </div> ### [`v24.0.4`](https://github.com/keycloak/keycloak/releases/tag/24.0.4) [Compare Source](https://github.com/keycloak/keycloak/compare/24.0.3...24.0.4) <div> <h2>Highlights</h2> <div class="sect2"> <h3 id="_partial_update_to_user_attributes_when_updating_users_through_the_admin_user_api_is_no_longer_supported">Partial update to user attributes when updating users through the Admin User API is no longer supported</h3> <div class="paragraph"> <p>When updating user attributes through the Admin User API, you cannot execute partial updates when updating the user attributes, including the root attributes like <code>username</code>, <code>email</code>, <code>firstName</code>, and <code>lastName</code>.</p> </div> <div class="paragraph"> <p>For more details, see the <a href="https://www.keycloak.org/docs/24.0.4/upgrading/">Upgrading Guide</a>.</p> </div> </div> <h2>Upgrading</h2> <p>Before upgrading refer to <a href="file:/home/runner/work/keycloak-rel/keycloak-rel/target/web/docs/latest/upgrading/index.html#migration-changes">the migration guide</a> for a complete list of changes.</p> <h2>All resolved issues</h2> <h3>Enhancements</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/27508">#&#8203;27508</a> Use new remote-store options in HA guides </li> <li><a href="https://github.com/keycloak/keycloak/issues/28429">#&#8203;28429</a> Add details to error messages, especially around refresh tokens </li> <li><a href="https://github.com/keycloak/keycloak/issues/28729">#&#8203;28729</a> Emphasize the need for setting container limit <code>docs</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28880">#&#8203;28880</a> Upgrade to Quarkus 3.8.4 <code>dist/quarkus</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29183">#&#8203;29183</a> Minor corrections to High Availability Guide <code>docs</code></li> </ul> <h3>Bugs</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/16345">#&#8203;16345</a> Unable to delete realm names with invalid URL characters <code>admin/api</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/22617">#&#8203;22617</a> kc export fails when using User Federation (LDAP) with file-based Vault enabled <code>import-export</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/24568">#&#8203;24568</a> iframe for frontend logout gets blocked if a custom CSP header is used <code>core</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/24878">#&#8203;24878</a> NoClassDefFoundError for Apache XML and EAP8 <code>adapter/jee-saml</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/27021">#&#8203;27021</a> Workflow failure: Fuse adapter tests <code>ci</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/27080">#&#8203;27080</a> Workflow failure: Operator CI - KeycloakTruststoresTests#testTrustroreExists <code>ci</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/27514">#&#8203;27514</a> Uncaught server error: java.lang.IllegalArgumentException: Path parameter not provided <code>oidc</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28079">#&#8203;28079</a> Group search does not work in user view <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28187">#&#8203;28187</a> Admin UI drag & drop in flow config seems to delete actions <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28220">#&#8203;28220</a> Admin API: User PUT operation clears firstname, lastname email fields <code>admin/api</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28303">#&#8203;28303</a> WARN - Event object wasn't available in remote cache after event was received <code>infinispan</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28377">#&#8203;28377</a> Broken lists in import/export server guide <code>docs</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28431">#&#8203;28431</a> Dedicated client scopes always show up when searching <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28514">#&#8203;28514</a> Message for searchClientRegistration is missing <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28666">#&#8203;28666</a> Accessing a transient (lightweight) user through client session fails in admin-api/-ui <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28684">#&#8203;28684</a> "Extend to children" button in authorization group policies is wrongly disabled <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28911">#&#8203;28911</a> clients_saml_test.spec.ts fails in main <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29072">#&#8203;29072</a> Startup probe should check for existence of an Admin user before returning 200 <code>dist/quarkus</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29094">#&#8203;29094</a> Fix the client name help grammatical error <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29133">#&#8203;29133</a> DuplicateEmailValidator causes two DB queries on every login if a user has an email address <code>core</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29147">#&#8203;29147</a> local user login not possible after LDAP connection problem <code>ldap</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29154">#&#8203;29154</a> Update docs to distinguish between product names and CR names <code>docs</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/29233">#&#8203;29233</a> Broken link in documentation <code>docs</code></li> </ul> </div> ### [`v24.0.3`](https://github.com/keycloak/keycloak/releases/tag/24.0.3) [Compare Source](https://github.com/keycloak/keycloak/compare/24.0.2...24.0.3) <div> <h2>Upgrading</h2> <p>Before upgrading refer to <a href="file:/home/runner/work/keycloak-rel/keycloak-rel/target/web/docs/latest/upgrading/index.html#migration-changes">the migration guide</a> for a complete list of changes.</p> <h2>All resolved issues</h2> <h3>Enhancements</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/26695">#&#8203;26695</a> Keycloak and MSAD: enabling account in MSAD does not propagate to Keycloak <code>ldap</code></li> </ul> <h3>Bugs</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/24201">#&#8203;24201</a> Cannot disable LDAP-backed user if importEnabled=false <code>ldap</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28100">#&#8203;28100</a> Failed authentication: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.UserModel.getFederationLink()" because "this.delegate" is null <code>identity-brokering</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28248">#&#8203;28248</a> Update user makes User ID changes when federationLink and LDAP_ID is not set properly <code>admin/api</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28335">#&#8203;28335</a> The false option of the pkceMethod init parameter for the JavaScript adapter is ignored <code>adapter/javascript</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/28638">#&#8203;28638</a> Missing permission to read configmaps in `keycloak-operator-role` <code>operator</code></li> </ul> </div> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MDguMiIsInVwZGF0ZWRJblZlciI6IjM3LjQwOC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Renovate Bot (Automatisiert) added 1 commit 2024-06-15 15:34:36 +02:00
Denys Konovalov merged commit 2b5a1de2f4 into main 2024-06-15 15:51:13 +02:00
Denys Konovalov deleted branch renovate/version.keycloak 2024-06-15 15:51:13 +02:00
Renovate Bot (Automatisiert) changed title from Update version.keycloak to v24.0.5 to Update version.keycloak to v24.0.5 - autoclosed 2024-06-15 15:51:30 +02:00
Sign in to join this conversation.
No description provided.